Posted by Cabbar Duzayak on 08/06/05 01:58

Hi,

I have a web page (say page1) which refers to a php within javascript tag as:

<script type="text/javascript"
src="http://mysite.com/javascript_dump.php"></script>

As you can see, this calls a php file which dumps javascript. The
problem here is, within this php I couldn't get which page it is
called from.

Basically, if it comes from affiliate site 1, I will show some
content, and if it comes from affiliate site 2, I will show some other
content.

And, the thing is, within this javascript_dump.php, HTTP_REFERER shows
nothing, because it gives you the referer of the html page (page1)
that contains this <script> tag (which might be something irrelevant,
i.e. google), and remote_addr gives you the IP address of the user.

I know that I can add a simple query parameter to specify the source
web page such as: javascript_dump.php?siteid=xyz, but this can be
faked very easily, and anyone can introduce themselves as any
affiliate.

Is there a way of getting (within the php) the site this php was
called from in a reasonably secure way? Any ideas/suggestions?

Thanks..

[Back to original message]