How to only allow certain domain access php

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
baoky
Forum Newbie
Posts: 12
Joined: Sat May 24, 2008 6:21 am

How to only allow certain domain access php

Post by baoky »

I have a php file which will download files upon execute.

The issue is at now its not protected, anyone can use the script.

Info: The script is hosted on a remote server
I execute the script via a xml file, e.g my domain such as mydomain.com

how do i only allow mydomain.com can run that file.php and the rest include blank referrer will get forbidden or access deny etc.

Sorry cause i not sure how to phrase it , in simple i just wanna protect my php file from unauthorize access. Only domain mydomain.com can access the php file, rest get killed.

I tried use $_SERVER['HTTP_REFERRER'] or http host but it show the remote server ip.
User avatar
phdatabase
Forum Commoner
Posts: 83
Joined: Fri May 28, 2010 10:02 am
Location: Fort Myers, FL

Re: How to only allow certain domain access php

Post by phdatabase »

Quick and dirty and not fool proof but will get rid of many.

If( $_SERVER['REMOTE_ADDR'] != 'your IP goes here') {
header('Location:http://www.google.com/');
}

Of course I assume you have a semi static IP - won't work on dial up and will need to be reset if you lose your lease.

The next best thing is to use a basic 'shared secret' authentication.

when calling the function use a query line
$time = time();
$code = sha1( $time . $secretWord);
$ql = "t=$time&c=$code";

add it to your URL for something like this
http://www.mydomain.com/page.php?$ql

when your script receives the $_GET array all it needs to do is use the same secret word to check the validity.
if( sha1( $_GET['t'] . $secretWord) != $_GET['c']) {
header('Location:http://www.google.com/');
}

I would use the later.
Post Reply