Jump to content


Photo

problem updating database from other pc


  • Please log in to reply
5 replies to this topic

#1 AdRock

AdRock
  • Members
  • PipPipPip
  • Advanced Member
  • 911 posts

Posted 21 August 2006 - 11:10 PM

I have a small script within my page that checks to make sure some other website is adding content to my database but it is causing problems.

I can update stuff and insert records no problem but when i try and do it on a different computer I get an error saying "You do not have permission to use this script from another URL" whcih is in the script.  It only works on my computer.

Is there anything I can do to allow another computer to update the database.  It's for an admin area and I don't want the hassle of updating the database all the time.

// Stop the form being used from an external URL
    // Get the referring URL
    $referer = $_SERVER['HTTP_REFERER'];
    // Get the URL of this page
    $this_url = "http://".$_SERVER['HTTP_HOST'].$_SERVER["REQUEST_URI"];
    // If the referring URL and the URL of this page don't match then
    // display a message and don't send the email.
    if ($referer != $this_url) {
        echo "You do not have permission to use this script from another URL.";
        exit;
    }

If your topic has been solved, please mark the topic as SOLVED.

This helps others from identifying which topics need help still

#2 Goose

Goose
  • Members
  • PipPipPip
  • Advanced Member
  • 78 posts
  • LocationOregon

Posted 21 August 2006 - 11:25 PM

This code looks acurate to me, so what I would do is have my code print out $referer and $this_url on failture and see what those values are on another computer.

echo "referer: $referer<br />this_url: $this_url";

#3 AdRock

AdRock
  • Members
  • PipPipPip
  • Advanced Member
  • 911 posts

Posted 22 August 2006 - 12:04 AM

I got the person with the problem computer to run a test and he got this message

"You do not have permission to use this script from another URL"
Referer was blank
this url "http://www.jackgodfr...=editnews&id=4" which is correct

He got someone else to send a message using the feedback form which uses exaclty the same code and i recieved a message so it's definitely his computer.

I added the code you mentioned and tested it myself to see what the output was and i got this

referer: http://www.jackgodfr...e=editnews&id=6
this_url: http://www.jackgodfr...e=editnews&id=6

whereas he didn't have the referer

Could it be to do with his browser settings?
If your topic has been solved, please mark the topic as SOLVED.

This helps others from identifying which topics need help still

#4 ToonMariner

ToonMariner
  • Members
  • PipPipPip
  • Advanced Member
  • 3,342 posts
  • LocationNewcastle upon Tyne, UK

Posted 22 August 2006 - 12:16 AM

Some browsers do NOT pass on HTTP_REFERER!

see here http://uk.php.net/ma...d.variables.php

you will have to look at another route to control access.
follow me on twitter @PHPsycho

#5 AdRock

AdRock
  • Members
  • PipPipPip
  • Advanced Member
  • 911 posts

Posted 22 August 2006 - 12:27 AM

It works fine for me....just this other computer is causing problems.

Is there another alternative at what it's tryting to prevent.....would a captcha image work ok?
If your topic has been solved, please mark the topic as SOLVED.

This helps others from identifying which topics need help still

#6 ToonMariner

ToonMariner
  • Members
  • PipPipPip
  • Advanced Member
  • 3,342 posts
  • LocationNewcastle upon Tyne, UK

Posted 22 August 2006 - 12:35 AM

yeah i am saying that the browser your friend has is NOT setting this value!

You already grabbed the host. Just have an array of url's that can access your admin area and if $_SERVER['HTTP_HOST'] is not in that array bump them.
follow me on twitter @PHPsycho




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users