Dirty Web Services

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jeffrydell
Forum Commoner
Posts: 77
Joined: Thu Jan 17, 2008 4:39 pm
Location: Menasha, WI

Dirty Web Services

Post by jeffrydell »

I'm attempting to put together a quick & easy Web service without using SOAP. (Dirty)

Poor humor aside, I'm trying to figure out how I can ensure that I only respond to requests from 'licensed' clients. My first thought was to check $_SERVER['HTTP_REFERER'] to identify where the request was coming from and compare that to a URL stored in my clients table, but that doesn't work.

Client script:

Code: Select all

<?php
 
$Reply = file("http://www.myserver.ext/sandbox/eventsrv.php");
echo $Reply[0];
 
?>
In eventsrv.php, I do the MySQL query and format a string which then gets echoed back to the client's (requesting) script. But I don't want to start the query process if the client script gets copied from an authorized site to an unauthorized site.

I COULD use $_SERVER['REMOTE_HOST'] to get the IP of the requesting server, but if multiple sites are on a shared server, then some unlicensed pages COULD access the data ... and if the IP of a site's server changes, a valid request could be denied.

Any thoughts on how I can check to see that a request is coming from someone who is paying to receive data from my server?

Thanks in advance for your help!

Jeff
Post Reply