Re: [PHP] Verify script location...
On Tuesday, March 5, 2002, at 01:57 PM, Kevin Stone wrote: > It's not possible to include() a remote file so there may be little > point to this. However maybe you want to keep users on your system from > including the file in their scripts. In that case I suppose you could > set $PHP_SELF (of the main script) to a temporary variable for checking > in the included script. -Kevin Or set an Apache directive (in httpd.conf or .htaccess) that prevents any .inc files from being served by the server. I'm assuming you're using apache. Erik Erik Price Web Developer Temp Media Lab, H.H. Brown [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Verify script location...
A Mr. Sheets gave me this snippet to use... if ($_SERVER["SERVER_ADDR"] != 'ip address of server') { echo "You are attempted to use this file from an unauthorized host exit; } "Jas" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED].; > Essentially what I would like to do is to prevent this kind of thing from > happening to my own website, just to clear up my example. =) > Jas > > "Jas" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED].; > > Ok I think I am a little confused... with regards to include() and > > require(), if I knew the name of a file on say brownstone.com and that > file > > was called database.inc and it contained all the connection settings for > > brownstone.com's database. Say I run a website called hacktheplanet.com > and > > I wanted to include brownstones.com database.inc file in one of my own > > scripts so I could run searches on their inventory from my domain. Is > this > > or is this not possible? > > Thanks in advance, > > Jas > > > > "Kevin Stone" <[EMAIL PROTECTED]> wrote in message > > 000301c1c477$aaf1cc10$6801a8c0@kevin...">news:000301c1c477$aaf1cc10$6801a8c0@kevin...; > > > It's not possible to include() a remote file so there may be little > > > point to this. However maybe you want to keep users on your system from > > > including the file in their scripts. In that case I suppose you could > > > set $PHP_SELF (of the main script) to a temporary variable for checking > > > in the included script. -Kevin > > > > > > -Original Message- > > > From: jas [mailto:[EMAIL PROTECTED]] > > > Sent: Monday, March 04, 2002 11:50 PM > > > To: [EMAIL PROTECTED] > > > Subject: [PHP] Verify script location... > > > > > > Ok I have a question that i havent seen a tutorial on... How would I go > > > about making an included file check the host before executing? I want > > > to > > > make sure that any files I use as included in a php document verify the > > > request is coming from a valid script on the same server for instance.. > > > Is > > > this possible and if so could someone give me some more insight or a > > > tutorial on this? Thanks in advance... > > > Jas > > > > > > > > > > > > -- > > > PHP General Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Verify script location...
Essentially what I would like to do is to prevent this kind of thing from happening to my own website, just to clear up my example. =) Jas "Jas" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED].; > Ok I think I am a little confused... with regards to include() and > require(), if I knew the name of a file on say brownstone.com and that file > was called database.inc and it contained all the connection settings for > brownstone.com's database. Say I run a website called hacktheplanet.com and > I wanted to include brownstones.com database.inc file in one of my own > scripts so I could run searches on their inventory from my domain. Is this > or is this not possible? > Thanks in advance, > Jas > > "Kevin Stone" <[EMAIL PROTECTED]> wrote in message > 000301c1c477$aaf1cc10$6801a8c0@kevin...">news:000301c1c477$aaf1cc10$6801a8c0@kevin...; > > It's not possible to include() a remote file so there may be little > > point to this. However maybe you want to keep users on your system from > > including the file in their scripts. In that case I suppose you could > > set $PHP_SELF (of the main script) to a temporary variable for checking > > in the included script. -Kevin > > > > -Original Message----- > > From: jas [mailto:[EMAIL PROTECTED]] > > Sent: Monday, March 04, 2002 11:50 PM > > To: [EMAIL PROTECTED] > > Subject: [PHP] Verify script location... > > > > Ok I have a question that i havent seen a tutorial on... How would I go > > about making an included file check the host before executing? I want > > to > > make sure that any files I use as included in a php document verify the > > request is coming from a valid script on the same server for instance.. > > Is > > this possible and if so could someone give me some more insight or a > > tutorial on this? Thanks in advance... > > Jas > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Verify script location...
Ok I think I am a little confused... with regards to include() and require(), if I knew the name of a file on say brownstone.com and that file was called database.inc and it contained all the connection settings for brownstone.com's database. Say I run a website called hacktheplanet.com and I wanted to include brownstones.com database.inc file in one of my own scripts so I could run searches on their inventory from my domain. Is this or is this not possible? Thanks in advance, Jas "Kevin Stone" <[EMAIL PROTECTED]> wrote in message 000301c1c477$aaf1cc10$6801a8c0@kevin...">news:000301c1c477$aaf1cc10$6801a8c0@kevin...; > It's not possible to include() a remote file so there may be little > point to this. However maybe you want to keep users on your system from > including the file in their scripts. In that case I suppose you could > set $PHP_SELF (of the main script) to a temporary variable for checking > in the included script. -Kevin > > -Original Message- > From: jas [mailto:[EMAIL PROTECTED]] > Sent: Monday, March 04, 2002 11:50 PM > To: [EMAIL PROTECTED] > Subject: [PHP] Verify script location... > > Ok I have a question that i havent seen a tutorial on... How would I go > about making an included file check the host before executing? I want > to > make sure that any files I use as included in a php document verify the > request is coming from a valid script on the same server for instance.. > Is > this possible and if so could someone give me some more insight or a > tutorial on this? Thanks in advance... > Jas > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Verify script location...
It's not possible to include() a remote file so there may be little point to this. However maybe you want to keep users on your system from including the file in their scripts. In that case I suppose you could set $PHP_SELF (of the main script) to a temporary variable for checking in the included script. -Kevin -Original Message- From: jas [mailto:[EMAIL PROTECTED]] Sent: Monday, March 04, 2002 11:50 PM To: [EMAIL PROTECTED] Subject: [PHP] Verify script location... Ok I have a question that i havent seen a tutorial on... How would I go about making an included file check the host before executing? I want to make sure that any files I use as included in a php document verify the request is coming from a valid script on the same server for instance.. Is this possible and if so could someone give me some more insight or a tutorial on this? Thanks in advance... Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Verify script location...
http://www.php.net/manual/en/language.variables.predefined.php $HTTP_HOST Contents of the Host: header from the current request, if there is one. $HTTP_REFERER The address of the page (if any) which referred the browser to the current page. This is set by the user's browser; not all browsers will set this. -Original Message- From: jas [mailto:[EMAIL PROTECTED]] Sent: Monday, March 04, 2002 10:50 PM To: [EMAIL PROTECTED] Subject: [PHP] Verify script location... Ok I have a question that i havent seen a tutorial on... How would I go about making an included file check the host before executing? I want to make sure that any files I use as included in a php document verify the request is coming from a valid script on the same server for instance.. Is this possible and if so could someone give me some more insight or a tutorial on this? Thanks in advance... Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Verify script location...
Ok I have a question that i havent seen a tutorial on... How would I go about making an included file check the host before executing? I want to make sure that any files I use as included in a php document verify the request is coming from a valid script on the same server for instance.. Is this possible and if so could someone give me some more insight or a tutorial on this? Thanks in advance... Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php