AdRock Posted August 21, 2006 Share Posted August 21, 2006 I have a small script within my page that checks to make sure some other website is adding content to my database but it is causing problems.I can update stuff and insert records no problem but when i try and do it on a different computer I get an error saying "You do not have permission to use this script from another URL" whcih is in the script. It only works on my computer.Is there anything I can do to allow another computer to update the database. It's for an admin area and I don't want the hassle of updating the database all the time.[code]// Stop the form being used from an external URL // Get the referring URL $referer = $_SERVER['HTTP_REFERER']; // Get the URL of this page $this_url = "http://".$_SERVER['HTTP_HOST'].$_SERVER["REQUEST_URI"]; // If the referring URL and the URL of this page don't match then // display a message and don't send the email. if ($referer != $this_url) { echo "You do not have permission to use this script from another URL."; exit; }[/code] Quote Link to comment Share on other sites More sharing options...
Goose Posted August 21, 2006 Share Posted August 21, 2006 This code looks acurate to me, so what I would do is have my code print out $referer and $this_url on failture and see what those values are on another computer.echo "referer: $referer<br />this_url: $this_url"; Quote Link to comment Share on other sites More sharing options...
AdRock Posted August 22, 2006 Author Share Posted August 22, 2006 I got the person with the problem computer to run a test and he got this message"You do not have permission to use this script from another URL"Referer was blankthis url "http://www.jackgodfrey.org.uk/admin/index.php?page=editnews&id=4" which is correctHe got someone else to send a message using the feedback form which uses exaclty the same code and i recieved a message so it's definitely his computer.I added the code you mentioned and tested it myself to see what the output was and i got thisreferer: http://www.jackgodfrey.org.uk/admin/index.php?page=editnews&id=6this_url: http://www.jackgodfrey.org.uk/admin/index.php?page=editnews&id=6whereas he didn't have the refererCould it be to do with his browser settings? Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted August 22, 2006 Share Posted August 22, 2006 Some browsers do NOT pass on HTTP_REFERER! see here [url=http://uk.php.net/manual/en/reserved.variables.php]http://uk.php.net/manual/en/reserved.variables.php[/url]you will have to look at another route to control access. Quote Link to comment Share on other sites More sharing options...
AdRock Posted August 22, 2006 Author Share Posted August 22, 2006 It works fine for me....just this other computer is causing problems.Is there another alternative at what it's tryting to prevent.....would a captcha image work ok? Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted August 22, 2006 Share Posted August 22, 2006 yeah i am saying that the browser your friend has is NOT setting this value!You already grabbed the host. Just have an array of url's that can access your admin area and if $_SERVER['HTTP_HOST'] is not in that array bump them. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.