First thing to do is figure out whether the problem is with the referrer
var or with your code. Try adding a logger to dump all environment vars
to a log file, then check it the next time one of these errors comes up.
good luck.
- Lucas
On Thu, 5 Feb 2004, Pablo Gosse wrote:
> Hi all. I've got a simple mailer script that I wrote a few years ago
> that has been acting up over the past week.
>
> The problem is with the following check I perform at the very top of the
> script:
>
> if (!stristr($_SERVER['HTTP_REFERER'],"unbc.ca")) {
> die("You can't access this script outside of our domain.");
> }
>
> The mailer is located in my personal webspace on the web.unbc.ca server
> and the calling forms are all located on www.unbc.ca.
>
> For some reason some people (apparently around 10 over the past week)
> are getting this error from two particular forms, but I know for certain
> that these forms are within our domain.
>
> Does anyone know why this would be happening other than someone making
> an illegal copy of the form and posting it on another domain (which I
> doubt is the case)?
>
> As I wrote earlier this script is about three years old, so at the time
> I didn't code using the $_SERVER and $_POST vars and just refered to
> them variable names explicitly. However, the PHP version on the machine
> hasn't changed for a long time (4.1.2) so I can't see why this would
> suddenly start happening now.
>
> To be safe I've just converted all the $_SERVER and $_POST vars in the
> script to use these references, so I'll be interested to see if the
> error goes away but I doubt it will.
>
> I was debating writing a simple regular expression to use instead of the
> stristr check but I don't really think it will make a difference as the
> only way the stristr check will fail is if the string 'unbc.ca' is NOT
> found in the referring page.
>
> Does anyone have any idea what could be causing this problem? Short of
> removing the check altogether I can't really see another way around it.
>
> Cheers and thanks much in advance,
>
> Pablo
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
