By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,470 Members | 924 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,470 IT Pros & Developers. It's quick & easy.

Help with simple email script please

P: n/a
Hi

I have used the following script within a simple form email to prevent the form
being used from an external url.
<?php
$referer = $_SERVER['HTTP_REFERER'];
// Get the URL of this page
$myurl= "http://".$_SERVER['HTTP_HOST'].$_SERVER["REQUEST_URI"];
// If the referring URL and the URL of this page don't match then
// display a message and don't send the email.
if ($referer != $myurl) {
echo "You do not have permission to use this script from another URL.</br>";
echo "Referer = $referer </br>";
echo "This url = $myurl</br>";
exit;
}
?>
I added the last 2 echo statements to see why there was always a mismatch and
the email was never sent and found that:
$referer = http://mydomain/myemailscript.php
while
$myurl = http://mydomain

I can easily get round the problem by amending as follows:

$myurl=$myurl . "/myemailscript.php" but is this correct? Is
$_SERVER['HTTP_REFERER'] returning correctly?

Regards
Dynamo

Jul 17 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
I have found that $_SERVER[HTTP_REFERRER] is not very reliable. I also
came across a document or two that also stated the referrer variable is
not reliable.

$myurl could be more reliable if you use:

if (!isset($_SERVER['REQUEST_URI'])) {
$_SERVER['REQUEST_URI'] =
$_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING'];
}

$myurl =
"http://".$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING'];

A great resource:
http://us2.php.net/reserved.variables

This is one I use:
$page = $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
if (!eregi($page, $_SERVER['HTTP_REFERER'])){
echo "You are not authorized...";
}

function eregi() helps to find the important "needle" in the string
http://us2.php.net/manual/en/function.eregi.php

Jul 17 '05 #2

P: n/a
I have found that $_SERVER[HTTP_REFERRER] is not very reliable. I also
came across a document or two that also stated the referrer variable is
not reliable.

$myurl could be more reliable if you use:

if (!isset($_SERVER['REQUEST_URI'])) {
$_SERVER['REQUEST_URI'] =
$_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING'];
}

$myurl =
"http://".$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING'];

A great resource:
http://us2.php.net/reserved.variables

This is one I use:
$page = $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
if (!eregi($page, $_SERVER['HTTP_REFERER'])){
echo "You are not authorized...";
}

function eregi() helps to find the important "needle" in the string
http://us2.php.net/manual/en/function.eregi.php

Jul 17 '05 #3

P: n/a
In article <11**********************@z14g2000cwz.googlegroups .com>, iMedia wrote:
I have found that $_SERVER[HTTP_REFERRER] is not very reliable. I also
came across a document or two that also stated the referrer variable is
not reliable.

$myurl could be more reliable if you use:

if (!isset($_SERVER['REQUEST_URI'])) {
$_SERVER['REQUEST_URI'] =
$_SERVER['SCRIPT_NAME'].'?'.$_SERVER['QUERY_STRING'];
}


following this group, i once saw this one:

function geturl()
{
$ports = array('https' => 443, 'http' => 80);
$prefix = empty($_SERVER['HTTPS']) ? 'http' : 'https';
$url = $prefix;
$url .= $_SERVER['SERVER_PORT'] != $ports[$prefix] ? ':' . $_SERVER['SERVER_PORT'] : '';
$url .= '://';
$url .= $_SERVER['HTTP_HOST'];
$url .= $_SERVER['REQUEST_URI'];
return $url;
)
--
Met vriendelijke groeten,
Tim Van Wassenhove <http://www.timvw.info>
Jul 17 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.