Hi again...
I tried searchinfg, but, probably, I just don't know how to call this properly... Ok, what I need is to know which domain has sent the request to my script, so that, say, if it comes from www.some-domain.com, the script will process the query, and if it comes from www.some-other-domain.com, it'll just show some warning / exit without processing query.
I belive there has to be some built-in functions to handle this situation rather than make all the permitted domains send some sort of authorisation info before accessing scripts from my domain...
Who issued the request to my script?
Moderator: General Moderators
Re: Who issued the request to my script?
Your question doesn't really make sense. A script can't be requested from another domain. It can only be requested from the domain it's on (plus an aliases of that domain).
I think what you mean is "how can I stop people hotlinking to my script?", where someone else will put a link to it in a page that isn't on your domain, like a JS or CSS link, or an image. If they do that then the user's browser might send $_SERVER['HTTP_REFERER'] with details of the page that caused the browser to request the script. You can check that value, if it's not your site then it's likely to be a hotlink. Note however that whether the user's browser sends that or not is optional, so sometimes it'll be blank. It's also controlled by the user, so you cannot trust the information, they might have configured their browser to send 'wrong' information (eg the name of a page on your site).
I think what you mean is "how can I stop people hotlinking to my script?", where someone else will put a link to it in a page that isn't on your domain, like a JS or CSS link, or an image. If they do that then the user's browser might send $_SERVER['HTTP_REFERER'] with details of the page that caused the browser to request the script. You can check that value, if it's not your site then it's likely to be a hotlink. Note however that whether the user's browser sends that or not is optional, so sometimes it'll be blank. It's also controlled by the user, so you cannot trust the information, they might have configured their browser to send 'wrong' information (eg the name of a page on your site).
Re: Who issued the request to my script?
Ok, thank you, yes, by saying "another domain" I meant "page residing in another domain". Like in case:
my script www.my-domain.com/script.php being requested from www.someone-else-domain.com/some.html. Huh... good to know it's called hotlinking...
So, to make it totally clear... are there any known workarounds for this kind of situations, except for checking $_SERVER['HTTP_REFERER']? Sorry, if I ask something obvious...
my script www.my-domain.com/script.php being requested from www.someone-else-domain.com/some.html. Huh... good to know it's called hotlinking...
So, to make it totally clear... are there any known workarounds for this kind of situations, except for checking $_SERVER['HTTP_REFERER']? Sorry, if I ask something obvious...