I have a php file which will download files upon execute.
The issue is at now its not protected, anyone can use the script.
Info: The script is hosted on a remote server
I execute the script via a xml file, e.g my domain such as mydomain.com
how do i only allow mydomain.com can run that file.php and the rest include blank referrer will get forbidden or access deny etc.
Sorry cause i not sure how to phrase it , in simple i just wanna protect my php file from unauthorize access. Only domain mydomain.com can access the php file, rest get killed.
I tried use $_SERVER['HTTP_REFERRER'] or http host but it show the remote server ip.
How to only allow certain domain access php
Moderator: General Moderators
- phdatabase
- Forum Commoner
- Posts: 83
- Joined: Fri May 28, 2010 10:02 am
- Location: Fort Myers, FL
Re: How to only allow certain domain access php
Quick and dirty and not fool proof but will get rid of many.
If( $_SERVER['REMOTE_ADDR'] != 'your IP goes here') {
header('Location:http://www.google.com/');
}
Of course I assume you have a semi static IP - won't work on dial up and will need to be reset if you lose your lease.
The next best thing is to use a basic 'shared secret' authentication.
when calling the function use a query line
$time = time();
$code = sha1( $time . $secretWord);
$ql = "t=$time&c=$code";
add it to your URL for something like this
http://www.mydomain.com/page.php?$ql
when your script receives the $_GET array all it needs to do is use the same secret word to check the validity.
if( sha1( $_GET['t'] . $secretWord) != $_GET['c']) {
header('Location:http://www.google.com/');
}
I would use the later.
If( $_SERVER['REMOTE_ADDR'] != 'your IP goes here') {
header('Location:http://www.google.com/');
}
Of course I assume you have a semi static IP - won't work on dial up and will need to be reset if you lose your lease.
The next best thing is to use a basic 'shared secret' authentication.
when calling the function use a query line
$time = time();
$code = sha1( $time . $secretWord);
$ql = "t=$time&c=$code";
add it to your URL for something like this
http://www.mydomain.com/page.php?$ql
when your script receives the $_GET array all it needs to do is use the same secret word to check the validity.
if( sha1( $_GET['t'] . $secretWord) != $_GET['c']) {
header('Location:http://www.google.com/');
}
I would use the later.