Who issued the request to my script?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
wvxvw
Forum Newbie
Posts: 22
Joined: Sat May 17, 2008 10:55 am

Who issued the request to my script?

Post by wvxvw »

Hi again...
I tried searchinfg, but, probably, I just don't know how to call this properly... Ok, what I need is to know which domain has sent the request to my script, so that, say, if it comes from www.some-domain.com, the script will process the query, and if it comes from www.some-other-domain.com, it'll just show some warning / exit without processing query.
I belive there has to be some built-in functions to handle this situation rather than make all the permitted domains send some sort of authorisation info before accessing scripts from my domain...
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Who issued the request to my script?

Post by onion2k »

Your question doesn't really make sense. A script can't be requested from another domain. It can only be requested from the domain it's on (plus an aliases of that domain).

I think what you mean is "how can I stop people hotlinking to my script?", where someone else will put a link to it in a page that isn't on your domain, like a JS or CSS link, or an image. If they do that then the user's browser might send $_SERVER['HTTP_REFERER'] with details of the page that caused the browser to request the script. You can check that value, if it's not your site then it's likely to be a hotlink. Note however that whether the user's browser sends that or not is optional, so sometimes it'll be blank. It's also controlled by the user, so you cannot trust the information, they might have configured their browser to send 'wrong' information (eg the name of a page on your site).
wvxvw
Forum Newbie
Posts: 22
Joined: Sat May 17, 2008 10:55 am

Re: Who issued the request to my script?

Post by wvxvw »

Ok, thank you, yes, by saying "another domain" I meant "page residing in another domain". Like in case:
my script www.my-domain.com/script.php being requested from www.someone-else-domain.com/some.html. Huh... good to know it's called hotlinking...
So, to make it totally clear... are there any known workarounds for this kind of situations, except for checking $_SERVER['HTTP_REFERER']? Sorry, if I ask something obvious...
Post Reply