Re: change referrer

Thread: Re: change referrer

Search this list only Search all lists
Re: change referrer
Iran, Islamic Republic of	2007-08-15 06:36:39
Hi RadioxRo Thanks But this code like old code not worked My question is: is it possible change SERVER["HTTP_REFERER"]; manually??? How do it? And how to detect it?? -----Original Message----- From: Professional-PHPgooglegroups.com [mailto:Professional-PHPgooglegroups.com] On Behalf Of RadioxRo Sent: Wednesday, August 15, 2007 1:12 PM To: Professional PHP Developers Subject: [Pro. PHP Dev.] Re: change referrer Hi Hamed, Maybe my code will help you: =========================================== $address = $_SERVER["HTTP_REFERER"]; $findme = 'domain1.com'; $pos = strpos($address, $findme); if ($pos === false) { echo "not allowed"; } else { header("Location: http://www.domain2.com&q uot;); exit(); } ================================================= On Aug 14, 1:23 pm, Hamed <zafarza...gmail.com> wrote: > Hi all > > <? > $referer = $_SERVER['HTTP_REFERER']; > if (strstr($referer, "domain1.com") !== false) { > echo "not allowed";} > > ?> > is it possible anyone click the link from domain2.com to domain1.com > and allow to visit page ???!!!!! > I use this code but anyone from domain2.com link to domain1.com and > allow to visit !!!!!!! > > how do it ???? --~--~---------~--~----~------------~-------~--~----~ This group is managed and maintained by the development staff at 360 PSG. An enterprise application development company utilizing open-source technologies for todays small-to-medium size businesses. For information or project assistance please visit : http://www.360psg.com You received this message because you are subscribed to the Google Groups "Professional PHP Developers" group. To post to this group, send email to Professional-PHPgooglegroups.com To unsubscribe from this group, send email to Professional-PHP-unsubscribegooglegroups.com For more options, visit this group at http: //groups.google.com/group/Professional-PHP -~----------~----~----~----~------~----~------~--~---

Re: change referrer
United States	2007-08-15 07:25:19
Sorry guys... Referer is useless. As is the user agent... you cant count on it. The referer is not always sent with a request (believe it is based on browsers to send the info to apache/php). The main reason though is that anyone can "curl" without it. If you are not familiar with curl it is used to access web services, build crawlers, and a ton more. It is like a mini-browser in a php call. The user can easily override the referer and user_agent and a ton more Here are all the curl options they can set... http://www.php.net/manual/en/function.curl-setopt.php So you cant build a system that uses any kind of security limitation based on these paramaters. I could hit your site tommorrow and appear to be using "MSIE 8.0" coming from "http://ceo.google.com&quo t; and you wouldnt know the difference. Sorry guys. Have to think through another security method. Joel On Aug 15, 7:36 am, "hamed" <zafarza...gmail.com> wrote: > Hi RadioxRo > Thanks But this code like old code not worked > My question is: is it possible change SERVER["HTTP_REFERER"]; manually??? > How do it? And how to detect it?? > > > > -----Original Message----- > From: Professional-PHPgooglegroups.com > [mailto:Professional-PHPgooglegroups.com] On Behalf Of RadioxRo > Sent: Wednesday, August 15, 2007 1:12 PM > To: Professional PHP Developers > Subject: [Pro. PHP Dev.] Re: change referrer > > Hi Hamed, > > Maybe my code will help you: > > =========================================== > $address = $_SERVER["HTTP_REFERER"]; > $findme = 'domain1.com'; > $pos = strpos($address, $findme); > > if ($pos === false) { > echo "not allowed"; > } > else { > header("Location:http://www.domain2.com&q uot;); > exit(); > } > > ================================================= > On Aug 14, 1:23 pm, Hamed <zafarza...gmail.com> wrote: > > Hi all > > > <? > > $referer = $_SERVER['HTTP_REFERER']; > > if (strstr($referer, "domain1.com") !== false) { > > echo "not allowed";} > > > ?> > > is it possible anyone click the link from domain2.com to domain1.com > > and allow to visit page ???!!!!! > > I use this code but anyone from domain2.com link to domain1.com and > > allow to visit !!!!!!! > > > how do it ????- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ This group is managed and maintained by the development staff at 360 PSG. An enterprise application development company utilizing open-source technologies for todays small-to-medium size businesses. For information or project assistance please visit : http://www.360psg.com You received this message because you are subscribed to the Google Groups "Professional PHP Developers" group. To post to this group, send email to Professional-PHPgooglegroups.com To unsubscribe from this group, send email to Professional-PHP-unsubscribegooglegroups.com For more options, visit this group at http: //groups.google.com/group/Professional-PHP -~----------~----~----~----~------~----~------~--~---

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )