Re: Javascript Src and HTTP_REFERER

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I haven't tested this and it's off the top of my head so don't shoot me if I'm off track here ;-)

You could possibly use some embedded javascript to set a cookie with the current URL stored in it. This would be easy to spoof as well, but not quite as easy as appending ?site=xyz.

(shrug) just a thought


On Aug 5, 2005, at 6:58 PM, Cabbar Duzayak wrote:

Hi,

I have a web page (say page1) which refers to a php within javascript tag as:

<script type="text/javascript"
src="http://mysite.com/javascript_dump.php";></script>

As you can see, this calls a php file which dumps javascript. The
problem here is, within this php I couldn't get which page it is
called from.

Basically, if it comes from affiliate site 1, I will show some
content, and if it comes from affiliate site 2, I will show some other
content.

And, the thing is, within this javascript_dump.php, HTTP_REFERER shows
nothing, because it gives you the referer of the html page (page1)
that contains this <script> tag (which might be something irrelevant,
i.e. google), and remote_addr gives you the IP address of the user.

I know that I can add a simple query parameter to specify the source
web page such as: javascript_dump.php?siteid=xyz, but this can be
faked very easily, and anyone can introduce themselves as any
affiliate.

Is there a way of getting (within the php) the site this php was
called from in a reasonably secure way? Any ideas/suggestions?

Thanks..

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux