Jump to content

domain match


Destramic
 Share

Recommended Posts

hey guys im making a script where the user gets redirected...but im wanting to make sure the redirection is within the same domain and not being shipped off to another site when using ($_SERVER['HTTP_REFERER'])

 

now what im using seems to do the trick but im wondering if there is a better method of doing this?...i dont want to use regex either

 

thank you guys

<?php 

$match = strpos("http://127.0.0.1/login", $_SERVER['SERVER_NAME']);

if ($match && $match > 0 ||  $match === 0)
{
	echo "domain match";
}

?>
Link to comment
Share on other sites

I guess this depends on how are actually doing it.

 

$_SERVER['HTTP_REFERER'] can be spoofed

 

You can do a check what the ip is though

$remote_ip = $_SERVER['REMOTE_ADDR'];
if (strstr($remote_ip, ', ')) {
    $ips = explode(', ', $remote_ip);
    $remote_ip = $ips[0];
}
if($remote_ip == "192.168.1.2"){ //use servers ip
echo "from my server";
}
Edited by QuickOldCar
Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.