I need to make a variable secure so that it can only process URLs on a certain domain. I've tried several ways of doing this but they don't work right.
I need to tell the file index.php that if the domain to be processed is on http://example.net, then it will go through, if not, it will be rejected.
So if someone tries to spoof it like index.php?var=http://google.com it will return an error.
any solutions?
[SOLVED] securing a variable.
Moderator: General Moderators
Maybe something like:
Code: Select all
<?php
if(!empty($_GET['var'])){
$url = parse_url($_GET['var']);
if($url['host'] == 'example.net' || $url['host'] == 'www.example.net'){
echo 'ok';
} else {
echo 'rejected';
}
}
?>-
Daisy Cutter
- Forum Commoner
- Posts: 75
- Joined: Sun Aug 01, 2004 9:51 am
Excellent. My URLs look a bit odd (http://kafene.org/index.php?url=http://kafene.org/atkaf) but other than that... THANK YOU!markl999 wrote:Maybe something like:Code: Select all
<?php if(!empty($_GET['var'])){ $url = parse_url($_GET['var']); if($url['host'] == 'example.net' || $url['host'] == 'www.example.net'){ echo 'ok'; } else { echo 'rejected'; } } ?>
You've solved two problems for me. Getting my forum and blog archives to work.
-
Daisy Cutter
- Forum Commoner
- Posts: 75
- Joined: Sun Aug 01, 2004 9:51 am
one last thing...
I need to make it so that if no URL was requested, just index.php, it will return main.php.
if($url == "") {
include "main.php"; }
else{}
doesnt work
neither does adding "Redirect index.php index.php?url=http://kafene.org/main.php" to my .htaccess file.
hmm...
if($url == "") {
include "main.php"; }
else{}
doesnt work
neither does adding "Redirect index.php index.php?url=http://kafene.org/main.php" to my .htaccess file.
hmm...
Code: Select all
if(empty($_GET['url'])){
include 'main.php';
} else {
//blah
}-
Daisy Cutter
- Forum Commoner
- Posts: 75
- Joined: Sun Aug 01, 2004 9:51 am
thanks. I ended up just doing...markl999 wrote:Code: Select all
if(empty($_GET['url'])){ include 'main.php'; } else { //blah }
<?php
if ($url=="") {
include "main.php"; }
else {
echo ""; }
?>