Mavent Posted February 10, 2012 Share Posted February 10, 2012 I have a bit of code that's supposed to verify the referring page. If it's processlogin.php, then it allows access. Otherwise, it fails. This works: <?php $ref = $_SERVER['PHP_SELF']; if ($ref != '/processlogin.php') header('Location: sorry1.php'); ?> However, when I try and show more data on the page, it fails on Reload. At first I thought it was because the page is seeing itself as an invalid Referrer. So, I added the page itself as a valid referrer, as seen below. <?php $ref = $_SERVER['PHP_SELF']; if (($ref != '/processlogin.php') || ($ref != '/atv_list.php')) header('Location: sorry1.php'); ?> The problem is that now NOTHING works the way I think it should. Whereas if ($ref != '/processlogin.php') worked just fine when it was by itself, now it throws the Fail state. However, the page can now be reloaded, which doesn't make much sense to me. Next I attempted the following: <?php $ref = $_SERVER['PHP_SELF']; if ($ref != '/processlogin.php' || $ref != '/atv_list.php') header('Location: sorry1.php'); ?> Which didn't work either. So I thought that MAYBE it's reprocessing through processlogin.php, and the Variables in the URL were causing the problem. So, I tried this: <?php $ref = $_SERVER['PHP_SELF']; if (strstr($ref,'/processlogin.php')) {header('Location: sorry1.php'); } ?> And again it doesn't work. Anyone know where I went so horribly, horribly wrong? Link to comment https://forums.phpfreaks.com/topic/256777-_serverphp_self/ Share on other sites More sharing options...
freelance84 Posted February 10, 2012 Share Posted February 10, 2012 Oops , i forgot there is no use of the tab key in this forum HTTP_REFERER will get the refering page http://www.php.net/manual/en/reserved.variables.server.php $ref = $_SERVER['HTTP_REFERER']; //place all the acceptables in here $acceptedArray = array('/processlogin.php') if(in_array($ref,$acceptedArray) { //do your thing } else{ //echo the ref to check whats going on in the bug squatting echo $ref; } Link to comment https://forums.phpfreaks.com/topic/256777-_serverphp_self/#findComment-1316382 Share on other sites More sharing options...
AyKay47 Posted February 10, 2012 Share Posted February 10, 2012 $_SERVER['PHP_SELF'] has nothing to do with the referring page at all, it holds the file name of the executing script, relative to the doc root. Keep in mind, the referrer can be tampered with. Link to comment https://forums.phpfreaks.com/topic/256777-_serverphp_self/#findComment-1316393 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.