Page 1 of 1
securing a variable.
Posted: Mon Aug 16, 2004 4:21 pm
by Daisy Cutter
I need to make a variable secure so that it can only process URLs on a certain domain. I've tried several ways of doing this but they don't work right.
I need to tell the file index.php that if the domain to be processed is on
http://example.net, then it will go through, if not, it will be rejected.
So if someone tries to spoof it like index.php?var=
http://google.com it will return an error.
any solutions?
Posted: Mon Aug 16, 2004 4:26 pm
by markl999
Maybe something like:
Code: Select all
<?php
if(!empty($_GET['var'])){
$url = parse_url($_GET['var']);
if($url['host'] == 'example.net' || $url['host'] == 'www.example.net'){
echo 'ok';
} else {
echo 'rejected';
}
}
?>
Posted: Mon Aug 16, 2004 6:26 pm
by Daisy Cutter
markl999 wrote:Maybe something like:
Code: Select all
<?php
if(!empty($_GET['var'])){
$url = parse_url($_GET['var']);
if($url['host'] == 'example.net' || $url['host'] == 'www.example.net'){
echo 'ok';
} else {
echo 'rejected';
}
}
?>
Excellent. My URLs look a bit odd (
http://kafene.org/index.php?url=http://kafene.org/atkaf) but other than that... THANK YOU!
You've solved two problems for me. Getting my forum and blog archives to work.
one last thing...
Posted: Mon Aug 16, 2004 7:02 pm
by Daisy Cutter
I need to make it so that if no URL was requested, just index.php, it will return main.php.
if($url == "") {
include "main.php"; }
else{}
doesnt work
neither does adding "Redirect index.php index.php?url=
http://kafene.org/main.php" to my .htaccess file.
hmm...
Posted: Tue Aug 17, 2004 12:45 am
by markl999
Code: Select all
if(empty($_GET['url'])){
include 'main.php';
} else {
//blah
}
Posted: Tue Aug 17, 2004 1:00 am
by Daisy Cutter
markl999 wrote:Code: Select all
if(empty($_GET['url'])){
include 'main.php';
} else {
//blah
}
thanks. I ended up just doing...
<?php
if ($url=="") {
include "main.php"; }
else {
echo ""; }
?>