Page 1 of 1

How To receive GET or POST Request From Specified servers

Posted: Thu Aug 18, 2011 4:06 am
by Mohammad-Za
Hello Guys.

I've authored a php file which receives some information like this from a bank site (like paypal) :
www.exmaple.com/verfy.php?[b]ed=xxxxx&s ... ?tid=zzzzz[/b]
and stores the ed , sd, tid numbers in the database.
But there's a problem ! Every one can crate a file which posts those information to my verfy.php file!
What should I do to receive those information from ONLY one server!
* I also used HTTP_REFERER but it didn't work.

Re: How To receive GET or POST Request From Specified server

Posted: Thu Aug 18, 2011 10:49 am
by genix2011
hi,

you can check for the ip accessing your script, using this function:

Code: Select all

$remoteip = '127.0.0.1';
if($remoteip != get_ip_address()){
    die("You are not allowed to access this script!");
}

function get_ip_address() {
    foreach (array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key) {
        if (array_key_exists($key, $_SERVER) === true) {
            foreach (explode(',', $_SERVER[$key]) as $ip) {
                if (filter_var($ip, FILTER_VALIDATE_IP) !== false) {
                    return $ip;
                }
            }
        }
    }
}