At 3:55 AM +0100 3/13/08, H u g o H i r a m wrote:
Hello
I have a swf that runs a PHP script that generates a XML, on the PHP
is there any way to detect if the file is being called from the swf
or from the browser? because I want to avoid the file being run
directly from the browser or from any other file than the swf.
regards,
Hugo.
You might want to check the HTTP_REFERER value; test the program from
a browser and the swf, and see what happens. Alternatively you could
use a GET parameter like
http://example.com/yourscript.php?calledby=swf
Be aware that anything sent back from the client can be spoofed - and
HTTP_REFERER can be altered or disabled - so it probably wouldn't be
hard for someone to make it appear to your script that it is being
called by your SWF.
If you're really concerned about restricting the communication
between the Flash movie and your server, there might be some way to
build a challenge-response mechanism into the flash; I don't know
much about it.
If, on the other hand, you just don't want to confuse someone who
might accidentally run the XML-generating script from the browser,
checking a GET parameter as above is probably the safest. If it's not
set properly, redirect the user, eg:
if (!isset($_GET['calledby']) || $_GET['calledby'] != 'swf') {
header('Location: http://example.com/thecorrectpage.html');
exit();
}
...
- steve
--
+--------------- my people are the people of the dessert, ---------------+
| Steve Edberg http://pgfsun.ucdavis.edu/ |
| UC Davis Genome Center sbedberg@xxxxxxxxxxx |
| Bioinformatics programming/database/sysadmin (530)754-9127 |
+---------------- said t e lawrence, picking up his fork ----------------+
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
