Page 1 of 1

Check whether the page was browsed

Posted: Sat Feb 24, 2007 2:43 pm
by user___
Hi guys,
I have some .php files which I need to check whether they are browsed or not. I sometimessend $get vars to them(If I had not I would know how to do it). Is there any to do so?

Posted: Sat Feb 24, 2007 3:21 pm
by nickvd
Huh?

Reply

Posted: Sat Feb 24, 2007 3:59 pm
by user___
???

Posted: Sat Feb 24, 2007 4:03 pm
by nickvd
Can you perhaps explain what you want to do, as I did not understand a single thing you posted.

Reply

Posted: Sat Feb 24, 2007 4:49 pm
by user___
Well, I have these files(.php) which are used with Flash. Flash requests the file on the server, gets what that file has returned(A value), and parse it(or use it) in the very .swf file. I want to ban users to browse these files because sometimes some secure values are outputed.

Posted: Sat Feb 24, 2007 5:13 pm
by feyd
I'm pretty sure there's not much you can do about that. I guess the question is, why are you returning "secure" information?

Posted: Sat Feb 24, 2007 5:14 pm
by nickvd
Ah...

One way would be to send a special variable to the php file (from flash). Your php file would then check to see if this value exists AND is what it expects, if so, you're authorized, if not, leave!

<edit>
It wouldn't stop someone who is determined to access that output, then again a car alarm won't guarantee my car won't get stolen...
</edit>

Posted: Sat Feb 24, 2007 5:40 pm
by Chris Corbyn
Something GPG could help here... but it could easily be sniffed.

Reply

Posted: Sun Feb 25, 2007 5:01 am
by user___
Thank you for the info.

Posted: Sun Feb 25, 2007 5:09 am
by Chris Corbyn
You could probably restrict access to a small number of remote IP addresses :?:

$_SERVER["REMOTE_ADDR"];

Posted: Sun Feb 25, 2007 9:45 am
by anjanesh
I dont know flash but if theres a method in the flash's swf file to send a custom user-agent which cant be viewed withing the swf file itself ?

Posted: Sun Feb 25, 2007 10:36 am
by feyd
There's nothing stopping a sniffer to ferret out any of the solutions (other than IP restriction) offered so far. I don't think you want a false sense of security when there is little.

Reply

Posted: Sun Feb 25, 2007 3:29 pm
by user___
Thank you guys but this with the restriction, which I loved after I had read, made me think whether there was any way to filter IPs. I mean it is a forum which uses Flash and when a user invokes a movie the movie requests a .php page and here I want to(If it is possible for which I am not sure(Rather not)) make Flash sends its requests from the Server's IP.

As far as I know this is not possible but it just hit my mind while trying to find a solution.

Any help is highly appreciated.

You are great guys, continue in the same way.