[SOLVED] securing a variable.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Daisy Cutter
Forum Commoner
Posts: 75
Joined: Sun Aug 01, 2004 9:51 am

securing a variable.

Post by Daisy Cutter »

I need to make a variable secure so that it can only process URLs on a certain domain. I've tried several ways of doing this but they don't work right.

I need to tell the file index.php that if the domain to be processed is on http://example.net, then it will go through, if not, it will be rejected.

So if someone tries to spoof it like index.php?var=http://google.com it will return an error.

any solutions?
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

Maybe something like:

Code: Select all

<?php
if(!empty($_GET['var'])){
  $url = parse_url($_GET['var']);
  if($url['host'] == 'example.net' || $url['host'] == 'www.example.net'){
    echo 'ok';
  } else {
    echo 'rejected';
  }
}
?>
Daisy Cutter
Forum Commoner
Posts: 75
Joined: Sun Aug 01, 2004 9:51 am

Post by Daisy Cutter »

markl999 wrote:Maybe something like:

Code: Select all

<?php
if(!empty($_GET['var'])){
  $url = parse_url($_GET['var']);
  if($url['host'] == 'example.net' || $url['host'] == 'www.example.net'){
    echo 'ok';
  } else {
    echo 'rejected';
  }
}
?>
Excellent. My URLs look a bit odd (http://kafene.org/index.php?url=http://kafene.org/atkaf) but other than that... THANK YOU!

You've solved two problems for me. Getting my forum and blog archives to work.
Daisy Cutter
Forum Commoner
Posts: 75
Joined: Sun Aug 01, 2004 9:51 am

one last thing...

Post by Daisy Cutter »

I need to make it so that if no URL was requested, just index.php, it will return main.php.

if($url == "") {
include "main.php"; }
else{}

doesnt work

neither does adding "Redirect index.php index.php?url=http://kafene.org/main.php" to my .htaccess file.

hmm...
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

Code: Select all

if(empty($_GET['url'])){
    include 'main.php';
} else {
    //blah
}
Daisy Cutter
Forum Commoner
Posts: 75
Joined: Sun Aug 01, 2004 9:51 am

Post by Daisy Cutter »

markl999 wrote:

Code: Select all

if(empty($_GET['url'])){
    include 'main.php';
} else {
    //blah
}
thanks. I ended up just doing...

<?php
if ($url=="") {
include "main.php"; }
else {
echo ""; }
?>
Post Reply