Results 1 to 5 of 5

Thread: Handling referrer

  1. #1
    Join Date
    Apr 2009
    Posts
    2
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Cool Handling referrer

    thanks to the community. i have a inhouse script, we are going to make the script in such a way that it want to be open only in firefox and referrer shud be from http://intranet/. any code or direction code is appreciated.

  2. #2
    Join Date
    Jul 2008
    Posts
    199
    Thanks
    6
    Thanked 58 Times in 57 Posts

    Default

    Since HTTP referrals can be forged, I do not recommend using that method. Here is the code though:

    PHP Code:
    <?php
    if(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) != 'intranet' || strpos($_SERVER['HTTP_USER_AGENT'], 'Firefox') === false){
        die;
    }

    echo 
    'hello, you\'re one of us (maybe...)';

  3. The Following User Says Thank You to techietim For This Useful Post:

    sgr (04-06-2009)

  4. #3
    Join Date
    Mar 2009
    Posts
    65
    Thanks
    13
    Thanked 4 Times in 4 Posts

    Default

    If you wish to set up an intranet, it is better to enforce this behaviour on the network level, no on the application level. By default, a proper set-up intranet would only allow requests to come from computers on the same intranet...

    The reason for this is such -- why if next time you change the http://intranet string (or whatever it is)? You have to change a lot of files.

    Sorry for my rambling, but I am just thinking you are solving the problem at the wrong level.

  5. #4
    Join Date
    Apr 2009
    Posts
    2
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Default

    Thanks techietim its working fine now need to see how to put this in my login.php .

    Techietim,

    instead of die can i redirect to http://intranet ? sorry i am not even close to programmer please ignore my ignorance on this

    To Crazychop,

    already in apache i have done ip level access restriction. this is to ensure that our users are not accessing the site directly.. i mean the script can be directly accessed and every time i change the server or something i need to notify all of them for change of url.

  6. #5
    Join Date
    Jul 2008
    Posts
    199
    Thanks
    6
    Thanked 58 Times in 57 Posts

    Default

    PHP Code:
    if(parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) != 'intranet' || strpos($_SERVER['HTTP_USER_AGENT'], 'Firefox') === false){
        
    header('Location: http://intranet/');
        die;


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •