Page 1 of 1

securing a variable.

Posted: Mon Aug 16, 2004 4:21 pm
by Daisy Cutter
I need to make a variable secure so that it can only process URLs on a certain domain. I've tried several ways of doing this but they don't work right.

I need to tell the file index.php that if the domain to be processed is on http://example.net, then it will go through, if not, it will be rejected.

So if someone tries to spoof it like index.php?var=http://google.com it will return an error.

any solutions?

Posted: Mon Aug 16, 2004 4:26 pm
by markl999
Maybe something like:

Code: Select all

<?php
if(!empty($_GET['var'])){
  $url = parse_url($_GET['var']);
  if($url['host'] == 'example.net' || $url['host'] == 'www.example.net'){
    echo 'ok';
  } else {
    echo 'rejected';
  }
}
?>

Posted: Mon Aug 16, 2004 6:26 pm
by Daisy Cutter
markl999 wrote:Maybe something like:

Code: Select all

<?php
if(!empty($_GET['var'])){
  $url = parse_url($_GET['var']);
  if($url['host'] == 'example.net' || $url['host'] == 'www.example.net'){
    echo 'ok';
  } else {
    echo 'rejected';
  }
}
?>
Excellent. My URLs look a bit odd (http://kafene.org/index.php?url=http://kafene.org/atkaf) but other than that... THANK YOU!

You've solved two problems for me. Getting my forum and blog archives to work.

one last thing...

Posted: Mon Aug 16, 2004 7:02 pm
by Daisy Cutter
I need to make it so that if no URL was requested, just index.php, it will return main.php.

if($url == "") {
include "main.php"; }
else{}

doesnt work

neither does adding "Redirect index.php index.php?url=http://kafene.org/main.php" to my .htaccess file.

hmm...

Posted: Tue Aug 17, 2004 12:45 am
by markl999

Code: Select all

if(empty($_GET['url'])){
    include 'main.php';
} else {
    //blah
}

Posted: Tue Aug 17, 2004 1:00 am
by Daisy Cutter
markl999 wrote:

Code: Select all

if(empty($_GET['url'])){
    include 'main.php';
} else {
    //blah
}
thanks. I ended up just doing...

<?php
if ($url=="") {
include "main.php"; }
else {
echo ""; }
?>