Jump to content

Form POST Authentication NOT working from FIREFOX, suggestions please


nightkarnation

Recommended Posts

Hey guys!

I have a site in flash that talks to a PHP file...

the flash site has some forms and those variables are sent to php.

 

I am having some trouble with this security code I implemented on php:

 

// Host name from where the form is authorized 
// to be posted from:  
$authHosts = array("mysite.com"); 

// Where have we been posted from? 
$fromArray = parse_url(strtolower($_SERVER['HTTP_REFERER'])); 

// Test to see if the $fromArray used www to get here. 
$wwwUsed = strpos($fromArray['host'], "www."); 

// Make sure the form was posted from an approved host name. 
if(!in_array(($wwwUsed === false ? $fromArray['host'] : substr(stristr($fromArray['host'], '.'), 1)), $authHosts)){     
   //logBadRequest(); 
   header("HTTP/1.0 403 Forbidden"); 
       exit;     
} 

 

On IE and Google Chrome the site works fine! but on FireFox Flash pops up an error message telling me that the php file has a sequence error.

 

Any ideas or suggestions on how to fix this?

 

Thanks in advance!

Cheers.

Link to comment
Share on other sites

this probably has to do with flash more than anything. $_SERVER['HTTP_REFERER'] shouldn't be relied upon, since it can be spoofed by the browser. however, can you be more precise as to what flash means by sequence error? if it means that the headers have already been sent, then it means that there is output from the PHP file before the attempted header call, which is a very common error. the problem is, without knowing what your file structure is like (ie. what gets called by what file and when), it's difficult for us to track it down for you.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.