I just wanted to share some useful PHP functions that I have written while
developing an application. http://www.cybercomms.org/PHP/utils.inc
The .inc filename is just so it can be viewed, I use .php for include files
usually.
~~~~~~~~~~~~~~ utils.php ~~~~~~~~~~~~~~~~
<?php
function isValidPost()
{
if ( $_SERVER['REQUEST_METHOD'] == 'POST')
{
$referer = isset( $_SERVER['HTTP_REFERER']) ?
$_SERVER['HTTP_REFERER'] : "";
return (( parse_url( $referer, PHP_URL_HOST) ==
$_SERVER['HTTP_HOST']) &&
( parse_url( $referer, PHP_URL_PATH) ==
$_SERVER['PHP_SELF']));
}
else
return false;
}
function getReferer()
{
return $_SERVER["HTTP_REFERER"];
}
function getPost( $var)
{
return (isset( $_POST[ $var]) ? $_POST[ $var] : "");
}
//
function getParam( $param)
{
return (isset( $_GET[ $param]) ? $_GET[ $param] : "");
}
function getBaseDirectory()
{
return dirname( $_SERVER['SCRIPT_FILENAME']);
}
function getParamsFromURL( $url)
{
parse_str( parse_url( $url, PHP_URL_QUERY), $params);
return $params;
}
?> 7 1997
"Aaron Gray" <an********@gmail.comwrote in message
news:65*************@mid.individual.net...
>I just wanted to share some useful PHP functions that I have written while developing an application.
function getReferer()
{
return $_SERVER["HTTP_REFERER"];
}
Changed to :-
function getReferer()
{
return isset( $_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "";
}
Nothing like releasing something to find a bug or two :)
Aaron
..oO(Aaron Gray)
>I just wanted to share some useful PHP functions that I have written while developing an application.
http://www.cybercomms.org/PHP/utils.inc
The .inc filename is just so it can be viewed, I use .php for include files usually.
~~~~~~~~~~~~~~ utils.php ~~~~~~~~~~~~~~~~ <?php
function isValidPost() {
if ( $_SERVER['REQUEST_METHOD'] == 'POST')
{
$referer = isset( $_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "";
return (( parse_url( $referer, PHP_URL_HOST) == $_SERVER['HTTP_HOST']) &&
( parse_url( $referer, PHP_URL_PATH) == $_SERVER['PHP_SELF']));
}
else
return false; }
With this function I would never be able to post anything on your site.
The HTTP referrer is completely unreliable and should never be used for
things like above. Browsers don't have to send it and firewalls might
filter it out for security reasons.
Micha
"Michael Fesser" <ne*****@gmx.dewrote in message
news:1c********************************@4ax.com...
.oO(Aaron Gray)
>>I just wanted to share some useful PHP functions that I have written while developing an application.
http://www.cybercomms.org/PHP/utils.inc
The .inc filename is just so it can be viewed, I use .php for include files usually.
~~~~~~~~~~~~~~ utils.php ~~~~~~~~~~~~~~~~ <?php
function isValidPost() { if ( $_SERVER['REQUEST_METHOD'] == 'POST') { $referer = isset( $_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ""; return (( parse_url( $referer, PHP_URL_HOST) == $_SERVER['HTTP_HOST']) && ( parse_url( $referer, PHP_URL_PATH) == $_SERVER['PHP_SELF'])); } else return false; }
With this function I would never be able to post anything on your site.
Right, for the app I am working on I donot want first or third parties
posting to the app.
The HTTP referrer is completely unreliable and should never be used for
things like above. Browsers don't have to send it and firewalls might
filter it out for security reasons.
Okay, thanks, is there another method I can use to make sure it was my app
posting ?
Thanks Micha, good feedback.
Aaron
Aaron Gray wrote:
"Michael Fesser" <ne*****@gmx.dewrote in message
news:1c********************************@4ax.com...
>.oO(Aaron Gray)
>>I just wanted to share some useful PHP functions that I have written while developing an application.
http://www.cybercomms.org/PHP/utils.inc
The .inc filename is just so it can be viewed, I use .php for include files usually.
~~~~~~~~~~~~~~ utils.php ~~~~~~~~~~~~~~~~ <?php
function isValidPost() { if ( $_SERVER['REQUEST_METHOD'] == 'POST') { $referer = isset( $_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ""; return (( parse_url( $referer, PHP_URL_HOST) == $_SERVER['HTTP_HOST']) && ( parse_url( $referer, PHP_URL_PATH) == $_SERVER['PHP_SELF'])); } else return false; }
With this function I would never be able to post anything on your site.
Right, for the app I am working on I donot want first or third parties
posting to the app.
>The HTTP referrer is completely unreliable and should never be used for things like above. Browsers don't have to send it and firewalls might filter it out for security reasons.
Okay, thanks, is there another method I can use to make sure it was my app
posting ?
Thanks Micha, good feedback.
Aaron
Aaron,
Micha is correct. HTTP_REFERER is completely unreliable. Not only will
it cause many of your existing users problems, it can be very easily
faked and won't stop someone from posting via a third party app.
You could put a random string in a hidden field and in the session.
When the form is posted, compare the two numbers.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:-K******************************@comcast.com...
Aaron Gray wrote:
>"Michael Fesser" <ne*****@gmx.dewrote in message news:1c********************************@4ax.com.. .
>>.oO(Aaron Gray)
I just wanted to share some useful PHP functions that I have written while developing an application.
http://www.cybercomms.org/PHP/utils.inc
The .inc filename is just so it can be viewed, I use .php for include files usually.
~~~~~~~~~~~~~~ utils.php ~~~~~~~~~~~~~~~~ <?php
function isValidPost() { if ( $_SERVER['REQUEST_METHOD'] == 'POST') { $referer = isset( $_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ""; return (( parse_url( $referer, PHP_URL_HOST) == $_SERVER['HTTP_HOST']) && ( parse_url( $referer, PHP_URL_PATH) == $_SERVER['PHP_SELF'])); } else return false; } With this function I would never be able to post anything on your site.
Right, for the app I am working on I donot want first or third parties posting to the app.
>>The HTTP referrer is completely unreliable and should never be used for things like above. Browsers don't have to send it and firewalls might filter it out for security reasons.
Okay, thanks, is there another method I can use to make sure it was my app posting ?
Thanks Micha, good feedback.
Aaron
Aaron,
Micha is correct. HTTP_REFERER is completely unreliable. Not only will
it cause many of your existing users problems, it can be very easily faked
and won't stop someone from posting via a third party app.
Its HTTP teritory I see.
You could put a random string in a hidden field and in the session. When
the form is posted, compare the two numbers.
Okay, that would do the job nicely.
Many thanks,
Aaron
Greetings, Aaron Gray.
In reply to Your message dated Wednesday, April 2, 2008, 20:37:02,
function getReferer()
{
return isset( $_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "";
}
Nothing like releasing something to find a bug or two :)
Renaming functions is bad, you know?
Syntactic sugar is a VERY bad practice.
It never add anything to the code functionality and only confuse anyone who
will be supporting this code after you.
--
Sincerely Yours, AnrDaemon <an*******@freemail.ru>
AnrDaemon wrote:
Greetings, Aaron Gray.
In reply to Your message dated Wednesday, April 2, 2008, 20:37:02,
>function getReferer() { return isset( $_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ""; }
>Nothing like releasing something to find a bug or two :)
Renaming functions is bad, you know?
If you mean: you should have refactored it, you are right
Syntactic sugar is a VERY bad practice.
On the contrary. Legibility is everything. If a function has the wrong
name, make it have the right one. Most loops are just "syntactic sugar"
from other loops.
It never add anything to the code functionality and only confuse anyone who
will be supporting this code after you.
It adds legibility to the code, thereby _reducing_ confusion for anyone
who will be supporting the code after you. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: arm developer |
last post by:
in using ADS 1.2, does utils.h = Utils.h for example ... in windows XP
TIA.
|
by: venkatesh |
last post by:
Hi,
I am trying to use id-utils to browse a C++ source code (with .cpp
extensions for the filenames).
The problem I face is that mkid (which creates the ID database) doesn't
parse the .cpp...
|
by: Bryan Olson |
last post by:
The current Python standard library provides two cryptographic
hash functions: MD5 and SHA-1 . The authors of MD5 originally
stated:
It is conjectured that it is computationally infeasible to...
|
by: Samuel |
last post by:
Hello,
I am trying to convert a local time into UTC ISO8601, then parse it
back into local time. I tried the following:
----------------------
#!/usr/bin/python
import time
import datetime...
|
by: Tim ffitch |
last post by:
Hi
I have created a VB dll file that contains common functions I use
across various projects in VB, Access and Excel. Rather than have to
code the functions in each I decided to use the dll...
|
by: Mark Sapiro |
last post by:
email.Utils.parseaddr('Real Name ((comment)) <address@example.com>')
returns
('comment <address@example.com>', 'Real')
Granted the string above is invalid as RFC 2822 does not allow...
|
by: zeal elite |
last post by:
Hi,
I am looking for substring search python program without using the built in
funtions like find, or 'in'.
Appreciate it. Thanks in advance.
zeal
...
|
by: Jesse Aldridge |
last post by:
In an effort to experiment with open source, I put a couple of my
utility files up <a href="http://github.com/jessald/python_data_utils/
tree/master">here</a>. What do you think?
|
by: Roopesh |
last post by:
Hi,
I tried using parseaddr of email.utils, but it gave the following
result when the name had a comma inside.
('', 'K')
Thanks and Regards,
Roopesh
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |