Jump to content

Archived

This topic is now archived and is closed to further replies.

AdRock

problem updating database from other pc

Recommended Posts

I have a small script within my page that checks to make sure some other website is adding content to my database but it is causing problems.

I can update stuff and insert records no problem but when i try and do it on a different computer I get an error saying "You do not have permission to use this script from another URL" whcih is in the script.  It only works on my computer.

Is there anything I can do to allow another computer to update the database.  It's for an admin area and I don't want the hassle of updating the database all the time.

[code]// Stop the form being used from an external URL
    // Get the referring URL
    $referer = $_SERVER['HTTP_REFERER'];
    // Get the URL of this page
    $this_url = "http://".$_SERVER['HTTP_HOST'].$_SERVER["REQUEST_URI"];
    // If the referring URL and the URL of this page don't match then
    // display a message and don't send the email.
    if ($referer != $this_url) {
        echo "You do not have permission to use this script from another URL.";
        exit;
    }[/code]

Share this post


Link to post
Share on other sites
This code looks acurate to me, so what I would do is have my code print out $referer and $this_url on failture and see what those values are on another computer.

echo "referer: $referer<br />this_url: $this_url";

Share this post


Link to post
Share on other sites
I got the person with the problem computer to run a test and he got this message

"You do not have permission to use this script from another URL"
Referer was blank
this url "http://www.jackgodfrey.org.uk/admin/index.php?page=editnews&id=4" which is correct

He got someone else to send a message using the feedback form which uses exaclty the same code and i recieved a message so it's definitely his computer.

I added the code you mentioned and tested it myself to see what the output was and i got this

referer: http://www.jackgodfrey.org.uk/admin/index.php?page=editnews&id=6
this_url: http://www.jackgodfrey.org.uk/admin/index.php?page=editnews&id=6

whereas he didn't have the referer

Could it be to do with his browser settings?

Share this post


Link to post
Share on other sites
Some browsers do NOT pass on HTTP_REFERER!

see here [url=http://uk.php.net/manual/en/reserved.variables.php]http://uk.php.net/manual/en/reserved.variables.php[/url]

you will have to look at another route to control access.

Share this post


Link to post
Share on other sites
It works fine for me....just this other computer is causing problems.

Is there another alternative at what it's tryting to prevent.....would a captcha image work ok?

Share this post


Link to post
Share on other sites
yeah i am saying that the browser your friend has is NOT setting this value!

You already grabbed the host. Just have an array of url's that can access your admin area and if $_SERVER['HTTP_HOST'] is not in that array bump them.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.