Help with simple email script please
This is a discussion on Help with simple email script please within the PHP Language forums, part of the PHP Programming Forums category; Hi I have used the following script within a simple form email to prevent the form being used from an ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-10-2004
|
|||
|
|||
Help with simple email script please
Hi
I have used the following script within a simple form email to prevent the form being used from an external url. <?php $referer = $_SERVER['HTTP_REFERER']; // Get the URL of this page $myurl= "http://".$_SERVER['HTTP_HOST'].$_SERVER["REQUEST_URI"]; // If the referring URL and the URL of this page don't match then // display a message and don't send the email. if ($referer != $myurl) { echo "You do not have permission to use this script from another URL.</br>"; echo "Referer = $referer </br>"; echo "This url = $myurl</br>"; exit; } ?> I added the last 2 echo statements to see why there was always a mismatch and the email was never sent and found that: $referer = http://mydomain/myemailscript.php while $myurl = http://mydomain I can easily get round the problem by amending as follows: $myurl=$myurl . "/myemailscript.php" but is this correct? Is $_SERVER['HTTP_REFERER'] returning correctly? Regards Dynamo 
|
|
12-11-2004
|
|||
|
|||
|
Re: Help with simple email script please
I have found that $_SERVER[HTTP_REFERRER] is not very reliable. I also
came across a document or two that also stated the referrer variable is not reliable. $myurl could be more reliable if you use: if (!isset($_SERVER['REQUEST_URI'])) { $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING']; } $myurl = "http://".$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING']; A great resource: http://us2.php.net/reserved.variables This is one I use: $page = $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']; if (!eregi($page, $_SERVER['HTTP_REFERER'])){ echo "You are not authorized..."; } function eregi() helps to find the important "needle" in the string http://us2.php.net/manual/en/function.eregi.php
|
|
12-11-2004
|
|||
|
|||
|
Re: Help with simple email script please
I have found that $_SERVER[HTTP_REFERRER] is not very reliable. I also
came across a document or two that also stated the referrer variable is not reliable. $myurl could be more reliable if you use: if (!isset($_SERVER['REQUEST_URI'])) { $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING']; } $myurl = "http://".$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING']; A great resource: http://us2.php.net/reserved.variables This is one I use: $page = $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']; if (!eregi($page, $_SERVER['HTTP_REFERER'])){ echo "You are not authorized..."; } function eregi() helps to find the important "needle" in the string http://us2.php.net/manual/en/function.eregi.php
|
|
12-11-2004
|
|||
|
|||
|
Re: Help with simple email script please
In article <1102785588.908212.108970@z14g2000cwz.googlegroups .com>, iMedia wrote:
> I have found that $_SERVER[HTTP_REFERRER] is not very reliable. I also > came across a document or two that also stated the referrer variable is > not reliable. > > $myurl could be more reliable if you use: > > if (!isset($_SERVER['REQUEST_URI'])) { > $_SERVER['REQUEST_URI'] = > $_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING']; > } > following this group, i once saw this one: function geturl() { $ports = array('https' => 443, 'http' => 80); $prefix = empty($_SERVER['HTTPS']) ? 'http' : 'https'; $url = $prefix; $url .= $_SERVER['SERVER_PORT'] != $ports[$prefix] ? ':' . $_SERVER['SERVER_PORT'] : ''; $url .= '://'; $url .= $_SERVER['HTTP_HOST']; $url .= $_SERVER['REQUEST_URI']; return $url; ) -- Met vriendelijke groeten, Tim Van Wassenhove <http://www.timvw.info>
|
Linear Mode
