RE: [PHP] Verify script location...
http://www.php.net/manual/en/language.variables.predefined.php $HTTP_HOST Contents of the Host: header from the current request, if there is one. $HTTP_REFERER The address of the page (if any) which referred the browser to the current page. This is set by the user's browser; not all browsers will set this. -Original Message- From: jas [mailto:[EMAIL PROTECTED]] Sent: Monday, March 04, 2002 10:50 PM To: [EMAIL PROTECTED] Subject: [PHP] Verify script location... Ok I have a question that i havent seen a tutorial on... How would I go about making an included file check the host before executing? I want to make sure that any files I use as included in a php document verify the request is coming from a valid script on the same server for instance.. Is this possible and if so could someone give me some more insight or a tutorial on this? Thanks in advance... Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Verify script location...
It's not possible to include() a remote file so there may be little point to this. However maybe you want to keep users on your system from including the file in their scripts. In that case I suppose you could set $PHP_SELF (of the main script) to a temporary variable for checking in the included script. -Kevin -Original Message- From: jas [mailto:[EMAIL PROTECTED]] Sent: Monday, March 04, 2002 11:50 PM To: [EMAIL PROTECTED] Subject: [PHP] Verify script location... Ok I have a question that i havent seen a tutorial on... How would I go about making an included file check the host before executing? I want to make sure that any files I use as included in a php document verify the request is coming from a valid script on the same server for instance.. Is this possible and if so could someone give me some more insight or a tutorial on this? Thanks in advance... Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Verify script location...
Ok I think I am a little confused... with regards to include() and require(), if I knew the name of a file on say brownstone.com and that file was called database.inc and it contained all the connection settings for brownstone.com's database. Say I run a website called hacktheplanet.com and I wanted to include brownstones.com database.inc file in one of my own scripts so I could run searches on their inventory from my domain. Is this or is this not possible? Thanks in advance, Jas Kevin Stone [EMAIL PROTECTED] wrote in message 000301c1c477$aaf1cc10$6801a8c0@kevin..">news:000301c1c477$aaf1cc10$6801a8c0@kevin..; It's not possible to include() a remote file so there may be little point to this. However maybe you want to keep users on your system from including the file in their scripts. In that case I suppose you could set $PHP_SELF (of the main script) to a temporary variable for checking in the included script. -Kevin -Original Message- From: jas [mailto:[EMAIL PROTECTED]] Sent: Monday, March 04, 2002 11:50 PM To: [EMAIL PROTECTED] Subject: [PHP] Verify script location... Ok I have a question that i havent seen a tutorial on... How would I go about making an included file check the host before executing? I want to make sure that any files I use as included in a php document verify the request is coming from a valid script on the same server for instance.. Is this possible and if so could someone give me some more insight or a tutorial on this? Thanks in advance... Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Verify script location...
Essentially what I would like to do is to prevent this kind of thing from happening to my own website, just to clear up my example. =) Jas Jas [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]; Ok I think I am a little confused... with regards to include() and require(), if I knew the name of a file on say brownstone.com and that file was called database.inc and it contained all the connection settings for brownstone.com's database. Say I run a website called hacktheplanet.com and I wanted to include brownstones.com database.inc file in one of my own scripts so I could run searches on their inventory from my domain. Is this or is this not possible? Thanks in advance, Jas Kevin Stone [EMAIL PROTECTED] wrote in message 000301c1c477$aaf1cc10$6801a8c0@kevin..">news:000301c1c477$aaf1cc10$6801a8c0@kevin..; It's not possible to include() a remote file so there may be little point to this. However maybe you want to keep users on your system from including the file in their scripts. In that case I suppose you could set $PHP_SELF (of the main script) to a temporary variable for checking in the included script. -Kevin -Original Message- From: jas [mailto:[EMAIL PROTECTED]] Sent: Monday, March 04, 2002 11:50 PM To: [EMAIL PROTECTED] Subject: [PHP] Verify script location... Ok I have a question that i havent seen a tutorial on... How would I go about making an included file check the host before executing? I want to make sure that any files I use as included in a php document verify the request is coming from a valid script on the same server for instance.. Is this possible and if so could someone give me some more insight or a tutorial on this? Thanks in advance... Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Verify script location...
A Mr. Sheets gave me this snippet to use...
if ($_SERVER[SERVER_ADDR] != 'ip address of server') {
echo You are attempted to use this file from an unauthorized host
exit;
}
Jas [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED];
Essentially what I would like to do is to prevent this kind of thing from
happening to my own website, just to clear up my example. =)
Jas
Jas [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED];
Ok I think I am a little confused... with regards to include() and
require(), if I knew the name of a file on say brownstone.com and that
file
was called database.inc and it contained all the connection settings for
brownstone.com's database. Say I run a website called hacktheplanet.com
and
I wanted to include brownstones.com database.inc file in one of my own
scripts so I could run searches on their inventory from my domain. Is
this
or is this not possible?
Thanks in advance,
Jas
Kevin Stone [EMAIL PROTECTED] wrote in message
000301c1c477$aaf1cc10$6801a8c0@kevin..">news:000301c1c477$aaf1cc10$6801a8c0@kevin..;
It's not possible to include() a remote file so there may be little
point to this. However maybe you want to keep users on your system
from
including the file in their scripts. In that case I suppose you could
set $PHP_SELF (of the main script) to a temporary variable for
checking
in the included script. -Kevin
-Original Message-
From: jas [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 04, 2002 11:50 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Verify script location...
Ok I have a question that i havent seen a tutorial on... How would I
go
about making an included file check the host before executing? I want
to
make sure that any files I use as included in a php document verify
the
request is coming from a valid script on the same server for
instance..
Is
this possible and if so could someone give me some more insight or a
tutorial on this? Thanks in advance...
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Verify script location...
On Tuesday, March 5, 2002, at 01:57 PM, Kevin Stone wrote: It's not possible to include() a remote file so there may be little point to this. However maybe you want to keep users on your system from including the file in their scripts. In that case I suppose you could set $PHP_SELF (of the main script) to a temporary variable for checking in the included script. -Kevin Or set an Apache directive (in httpd.conf or .htaccess) that prevents any .inc files from being served by the server. I'm assuming you're using apache. Erik Erik Price Web Developer Temp Media Lab, H.H. Brown [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
