rockymcrockerson Posted January 3, 2008 Share Posted January 3, 2008 Hi, I'm just learning how to do this stuff. Suppose I have an array called $array with its set of values, and now I have an error function that looks looks something like if ($referer =="yourdomain.com") $found = false; if (!$found){ print_error("You are coming from an <b>unauthorized domain.</b>"); error_log("[FormMail.php] Illegal Referer. (".getenv("HTTP_REFERER").")", 0); } return $found; } else { return true; I want to find a way to make it so that this error is printed if $referer is not a value from the array. How would I do this? To be perfectly honest, I'm not sure what everything in this code does. Like I'm not sure what the .getenv stuff means. I know that overall the code is saying that if the referrer is not the one specified (like if the form is on another site besides the ones I've authorized, then it'll refuse to send the contents and deliver an error message. My problem is that I want to specify at least two valid referrers. Quote Link to comment Share on other sites More sharing options...
priti Posted January 3, 2008 Share Posted January 3, 2008 Hi, If you know the list of valid referre then create an array $valid_referre={'ref1','ref2'}; then Instead of if ($referer =="yourdomain.com") do follow $status=in_array($referee,$vali_referre); //in_array() is a in built function to check weather the var passed as needle is present in the defined array or not. if($status) { this is a valid referer } else { not a valid referer; } regards Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted January 3, 2008 Share Posted January 3, 2008 How's about: <?php $valid_referers = array('yoursite.com','someothersite.com',''); if(!in_array($_SERVER['HTTP_REFERER'],$valid_referers)){ echo 'Invalid Referer'; exit; } ?> Im using the $_SERVER superglobal array rather than the getenv() function, since this is what it was created for. Couple of things to note though: 1.) The HTTP referer is unrealiable at best. It can be faked. It is not sent by all browsers. Some filewalls prevent it. 2.) I've included one of the valid referes as a blank; there will be no HTTP referer sent if a user navigates directly to your website - this, of course, should also aleviate the problems caused by browsers and firewalls not sending this. 3.) For the above reasons, HTTP referer shouldn't be relied upon as a security tool - ligitimate users will find themselves blocked; illigitimate users will find a way round it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.