Form POST Authentication NOT working from FIREFOX, suggestions please

[nightkarnation]

Hey guys!

I have a site in flash that talks to a PHP file...

the flash site has some forms and those variables are sent to php.

 

I am having some trouble with this security code I implemented on php:

 

// Host name from where the form is authorized 
// to be posted from:  
$authHosts = array("mysite.com"); 

// Where have we been posted from? 
$fromArray = parse_url(strtolower($_SERVER['HTTP_REFERER'])); 

// Test to see if the $fromArray used www to get here. 
$wwwUsed = strpos($fromArray['host'], "www."); 

// Make sure the form was posted from an approved host name. 
if(!in_array(($wwwUsed === false ? $fromArray['host'] : substr(stristr($fromArray['host'], '.'), 1)), $authHosts)){     
   //logBadRequest(); 
   header("HTTP/1.0 403 Forbidden"); 
       exit;     
} 

 

On IE and Google Chrome the site works fine! but on FireFox Flash pops up an error message telling me that the php file has a sequence error.

 

Any ideas or suggestions on how to fix this?

 

Thanks in advance!

Cheers.

[nightkarnation]

Anyone? Please!!

 

I would really appreciate some feedback on this one,

 

Thanks a lot!

[akitchin]

this probably has to do with flash more than anything. $_SERVER['HTTP_REFERER'] shouldn't be relied upon, since it can be spoofed by the browser. however, can you be more precise as to what flash means by sequence error? if it means that the headers have already been sent, then it means that there is output from the PHP file before the attempted header call, which is a very common error. the problem is, without knowing what your file structure is like (ie. what gets called by what file and when), it's difficult for us to track it down for you.