I know it can be faked, and while not 100% relevant, what have done in past
to sort of hide things like javascript source is also to set a $_SESSION
value in the page that then calls the javascript source inclusion using
something like:
<script type="text/javascript" src="jsSource.php"></script>
And then in jsSource.php I would actually check the $_SESSION variable
value, before rendering the script source as such, and then unsetting it,
and this meant that while someone could look at the source of the parent
page, they couldn't actually have a look at the actual javascript source as
such, but anyway...<smile>
So, I suppose, if you wanted to make a bit more sure, you could do something
like check the value of a $_SESSION value at the top of each page, then turn
it off while performing whatever operations, and then turn it on again at
end of page, or something - LOL!
Stay well
Jacob Kruger
Blind Biker
Skype: BlindZA
'...fate had broken his body, but not his spirit...'
----- Original Message -----
From: "Warren Vail" <warren@xxxxxxxxxxxx>
To: "'Lester Caine'" <lester@xxxxxxxxxxx>; "'php-windows'"
<php-windows@xxxxxxxxxxxxx>
Sent: Wednesday, February 22, 2012 10:08 AM
Subject: RE: Trying to retrieve/confirm referrer URL in a PHP
page/script
http://us.php.net/manual/en/reserved.variables.server.php cited is a good
resource, you might have better luck with
$_SERVER['HTTP_REFERER']
You might want to first check the user agent (browser) with get_browser()
to determine if it is one of those that can spoof the answer. Bottom line
it's not always trustworthy, some clients can, under certain
circumstances,
fake being referred from one of your own pages.
Warren Vail
Vail Systems Technology
warren@xxxxxxxxxxxx
(510) 444-5380
-----Original Message-----
From: Lester Caine [mailto:lester@xxxxxxxxxxx]
Sent: Tuesday, February 21, 2012 11:53 PM
To: php-windows
Subject: Re: Trying to retrieve/confirm referrer URL in a PHP
page/script
Jacob Kruger wrote:
As subject line says, it would be nice, sometimes, specifically in terms
of form submission processing to maybe confirm the referring URL/server,
and
I have used similar things in past with classic ASP etc., but can't
remember
that exact syntax, but think it had something to do with something like a
HTTP response referer header or something.
Either way, I know there are collections of values like $_REQUEST,
$_SERVER, etc., but not sure where to try find something like this, or if
it's simply/easily possible/doable?
http://php.net/manual/en/reserved.variables.server.php
'REQUEST_URI'
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
