Page 1 of 1

How to only allow certain domain access php

Posted: Sun May 30, 2010 5:58 pm
by baoky
I have a php file which will download files upon execute.

The issue is at now its not protected, anyone can use the script.

Info: The script is hosted on a remote server
I execute the script via a xml file, e.g my domain such as mydomain.com

how do i only allow mydomain.com can run that file.php and the rest include blank referrer will get forbidden or access deny etc.

Sorry cause i not sure how to phrase it , in simple i just wanna protect my php file from unauthorize access. Only domain mydomain.com can access the php file, rest get killed.

I tried use $_SERVER['HTTP_REFERRER'] or http host but it show the remote server ip.

Re: How to only allow certain domain access php

Posted: Mon May 31, 2010 4:47 pm
by phdatabase
Quick and dirty and not fool proof but will get rid of many.

If( $_SERVER['REMOTE_ADDR'] != 'your IP goes here') {
header('Location:http://www.google.com/');
}

Of course I assume you have a semi static IP - won't work on dial up and will need to be reset if you lose your lease.

The next best thing is to use a basic 'shared secret' authentication.

when calling the function use a query line
$time = time();
$code = sha1( $time . $secretWord);
$ql = "t=$time&c=$code";

add it to your URL for something like this
http://www.mydomain.com/page.php?$ql

when your script receives the $_GET array all it needs to do is use the same secret word to check the validity.
if( sha1( $_GET['t'] . $secretWord) != $_GET['c']) {
header('Location:http://www.google.com/');
}

I would use the later.