Click to visit our sponsors!

homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam

  The Geek Culture Forums
  Ask a Geek!
  checking which originatin page called the script.

Post New Topic  Post A Reply
profile | register | preferences | faq | search

UBBFriend: Email This Page to Someone! next newest topic | next oldest topic
Author Topic:   checking which originatin page called the script.
mephisto
Highlie

Posts: 601
From:
Registered: Feb 2001

posted June 15, 2002 09:57     Click Here to See the Profile for mephisto   Click Here to Email mephisto     Edit/Delete Message   Reply w/Quote
i was thinking of using http_referrrer environment variable to check where a page was being requested from but it can be faked easily. i want to let only one page call the script. is there any way you guys know how to do it and can help me out?
its php code by the way.

IP: Logged

quantumfluff
Uber Geek

Posts: 844
From: under the mouse pad
Registered: Jun 2000

posted June 15, 2002 17:09     Click Here to See the Profile for quantumfluff   Click Here to Email quantumfluff     Edit/Delete Message   Reply w/Quote
Yes. referrer is easy to fake. I'm the author of a web page fetching tool which has that, along with browser impersonation, as one of it's options.

Do do this you have to resort to *much* more advanced methods. The usual way is to establish a session with the browser. You would have the entry page initiate the session, and have the protected page check for the session, but never create it. I don't do PHP, so I don't know what they have built in, but it make do it.

Sadly, this still doesn't win. Someone could still write a script which would visit the first page, start the session and immediatly go to the second page. Yahoo found this out with their free mail system. That's why they have the image which you have to read the word from. (If you don't know what I'm talking about, sign up for a yahoo mail account and see). Unless you resort to something that absolutely requires a human to read the page, someone will be able to script around it.

IP: Logged

mephisto
Highlie

Posts: 601
From:
Registered: Feb 2001

posted June 17, 2002 21:00     Click Here to See the Profile for mephisto   Click Here to Email mephisto     Edit/Delete Message   Reply w/Quote
code:

<?
$referers = array ('www.monkeys.com' , '216.XX2.XX8.XX');

if($referers)
{
if (count($referers))
{
$found = false;
$temp = explode("/",getenv("HTTP_REFERER"));
$referer = $temp[2];
for ($x=0; $x < count($referers); $x++)
{
if (ereg ($referers[$x], $referer))
{
$found = true;
}
}
if (!$found)
{
$error_no = 4;
}
}
else
{
return true; // not a good idea, if empty, it will allow it.
}
}
?>


does this look right people? i'm new to php.....just need help with this

IP: Logged

mephisto
Highlie

Posts: 601
From:
Registered: Feb 2001

posted June 18, 2002 10:40     Click Here to See the Profile for mephisto   Click Here to Email mephisto     Edit/Delete Message   Reply w/Quote
Its okay I'm using sessions now. thanks qf.....

IP: Logged

Super Flippy
Super Geek

Posts: 156
From: South Carolina
Registered: Jan 2002

posted June 18, 2002 19:53     Click Here to See the Profile for Super Flippy     Edit/Delete Message   Reply w/Quote
If I may, I'd like to point you towards a favorite site of mine that's a great place for asking these sorts of questions (not that Geek Culture isn't, this is just more specialized). www.hiveminds.info is where everyone from C|Net's Builder Buzz community went after the company more or less shut it off. The folks there are friendly web developers who know their stuff.

(I don't feel bad about semi-spamming this thread b/c I've also promoted GC to the Hiveminds community. This sort of thing got me in trouble in high school; why can't I leave well enough alone? )

IP: Logged

All times are Pacific Time

next newest topic | next oldest topic

Administrative Options: Close Topic | Archive/Move | Delete Topic
Post New Topic  Post A Reply
Hop to:

Contact Us | Geek Culture Home Page

© 2002 Geek Culture® All Rights Reserved.

Powered by Infopop www.infopop.com © 2000
Ultimate Bulletin Board 5.47e

homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam