Posted by MEI on 10/10/19 11:32

Hi, please excuse my ignorance but I have very limited PHP knowledge.. In
your sample script below would I include this at the top of the page I want
to protect?? Let's say the page I want the user to go to is called
denied.htm, where in the file would I place this??

Many thanks, I realize it's not bulletproof and easily hackable but it's
important we have this feature.


$validDomains = array('www.mydanaher.com', 'www.bar.com', 'www.baz.com');
$isOk = false;
foreach($validDomains as $domain) {
if(stripos($_SERVER['HTTP_REFERER'], $domain)) {
$isOk = true;
break;
}
}
if(!$isOk) {
//redirect to somewhere else
}



"ZeldorBlat" <zeldorblat@gmail.com> wrote in message
news:1132284377.212133.28550@g43g2000cwa.googlegroups.com...
> >I am trying to figure out how to use the referer variable to check what
>>domain the orignal request is coming from and if it's not from the domain
>>where I placed the link then to deny the user access.
>>I know this is not bulletproof security but it will make things a little
>>more difficult for the user.
>
> The only way it makes it more difficult for the user is that they have
> to copy/paste the link into the address bar and hit enter -- which
> typically doesn't (I think the spec even says it shouldn't) set the
> referer in the request.
>
> If you really wanted to do it, you could try this:
>
> $validDomains = array('www.foo.com', 'www.bar.com', 'www.baz.com');
> $isOk = false;
> foreach($validDomains as $domain) {
> if(stripos($_SERVER['HTTP_REFERER'], $domain)) {
> $isOk = true;
> break;
> }
> }
> if(!$isOk) {
> //redirect to somewhere else
> }
>
> That's untested and certainly not bulletproof.
>

[Back to original message]