The Geek Culture Forums
Ask a Geek! checking which originatin page called the script.
|
UBBFriend: Email This Page to Someone! | next newest topic | next oldest topic |
Author | Topic: checking which originatin page called the script. |
mephisto Highlie Posts: 601 |
posted June 15, 2002 09:57
i was thinking of using http_referrrer environment variable to check where a page was being requested from but it can be faked easily. i want to let only one page call the script. is there any way you guys know how to do it and can help me out? its php code by the way. IP: Logged |
quantumfluff Uber Geek Posts: 844 |
posted June 15, 2002 17:09
Yes. referrer is easy to fake. I'm the author of a web page fetching tool which has that, along with browser impersonation, as one of it's options. Do do this you have to resort to *much* more advanced methods. The usual way is to establish a session with the browser. You would have the entry page initiate the session, and have the protected page check for the session, but never create it. I don't do PHP, so I don't know what they have built in, but it make do it. Sadly, this still doesn't win. Someone could still write a script which would visit the first page, start the session and immediatly go to the second page. Yahoo found this out with their free mail system. That's why they have the image which you have to read the word from. (If you don't know what I'm talking about, sign up for a yahoo mail account and see). Unless you resort to something that absolutely requires a human to read the page, someone will be able to script around it. IP: Logged |
mephisto Highlie Posts: 601 |
posted June 17, 2002 21:00
code: does this look right people? i'm new to php.....just need help with this IP: Logged |
mephisto Highlie Posts: 601 |
posted June 18, 2002 10:40
Its okay I'm using sessions now. thanks qf..... IP: Logged |
Super Flippy Super Geek Posts: 156 |
posted June 18, 2002 19:53
If I may, I'd like to point you towards a favorite site of mine that's a great place for asking these sorts of questions (not that Geek Culture isn't, this is just more specialized). www.hiveminds.info is where everyone from C|Net's Builder Buzz community went after the company more or less shut it off. The folks there are friendly web developers who know their stuff. (I don't feel bad about semi-spamming this thread b/c I've also promoted GC to the Hiveminds community. This sort of thing got me in trouble in high school; why can't I leave well enough alone? ) IP: Logged |
All times are Pacific Time | next newest topic | next oldest topic |
� 2002 Geek Culture� All Rights Reserved.
Powered by Infopop www.infopop.com © 2000
Ultimate Bulletin Board 5.47e