I haven't tested this and it's off the top of my head so don't shoot
me if I'm off track here ;-)
You could possibly use some embedded javascript to set a cookie with
the current URL stored in it. This would be easy to spoof as well,
but not quite as easy as appending ?site=xyz.
(shrug) just a thought
On Aug 5, 2005, at 6:58 PM, Cabbar Duzayak wrote:
Hi,
I have a web page (say page1) which refers to a php within
javascript tag as:
<script type="text/javascript"
src="http://mysite.com/javascript_dump.php";></script>
As you can see, this calls a php file which dumps javascript. The
problem here is, within this php I couldn't get which page it is
called from.
Basically, if it comes from affiliate site 1, I will show some
content, and if it comes from affiliate site 2, I will show some other
content.
And, the thing is, within this javascript_dump.php, HTTP_REFERER shows
nothing, because it gives you the referer of the html page (page1)
that contains this <script> tag (which might be something irrelevant,
i.e. google), and remote_addr gives you the IP address of the user.
I know that I can add a simple query parameter to specify the source
web page such as: javascript_dump.php?siteid=xyz, but this can be
faked very easily, and anyone can introduce themselves as any
affiliate.
Is there a way of getting (within the php) the site this php was
called from in a reasonably secure way? Any ideas/suggestions?
Thanks..
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
