Page 1 of 2
How to get the URL of the requesting server
Posted: Fri Jan 16, 2009 4:09 am
by Mizhad
Hello every body.. My problem is:
I have a server A and another Server B, there is a file on Server A by the name a.php, and a file on server B by the name b.php. The file a.php wants to get some information from b.php and b.php has to check the URL of a.php before handing over the information to a.php... How can I do this? How can b.php get the domain name of the requesting server? I will be appreciative for any good advice.... Thanks in advance..
Regards
Mizhad
Re: How to get the URL of the requesting server
Posted: Fri Jan 16, 2009 5:11 am
by susrisha
try to look up in $_SERVER[] variables.
Not sure this works but worth a try.
http://in.php.net/reserved.variables.server
Re: How to get the URL of the requesting server
Posted: Fri Jan 16, 2009 10:56 am
by Mizhad
Thank you susrisha for your help... $_SERVER[] does not help though it does not contain the URL of the remote server but only the current server... in my case server B. But I want the url of the account on server A. Thanks again
Re: How to get the URL of the requesting server
Posted: Fri Jan 16, 2009 12:09 pm
by RobertGonzalez
$_SERVER['HTTP_REFERER'], but this is totally unreliable. Have you considered setting up a web service that will only return data when a correct key is presented, then pass that key in a call to the service from A to B?
Re: How to get the URL of the requesting server
Posted: Fri Jan 16, 2009 12:28 pm
by Mizhad
Yes Everah, $_SERVER['HTTP_REFERER'] is not reliable, and the idea of the key is good for some other certain problems but in this case, why? a.php is distributed per domain name and at the the time of delivery the domain name is stored in a database DB, DB is located on B server... every time a.php requests info from b.php, b.php has to check the existance of domain name of a.php in the database DB, if the domain exists then b.php hands over the info to a.php otherwise null...
I read yesterday little bit about HTTP protocol, it seems web server do not care at all and not interested in the domain name of requesting server... This makes me desperate...
Re: How to get the URL of the requesting server
Posted: Fri Jan 16, 2009 1:27 pm
by RobertGonzalez
I suggested a web service to accomodate your requirement. There is no way to reliably gather the requesting sites domain name without the requesting site handing it off to you, and that is a massive security issue.
Re: How to get the URL of the requesting server
Posted: Sat Jan 17, 2009 4:04 am
by Mizhad
Yes good Everah but if a.php takes the responsibility of handing over a key or what else to b.php then any body can have a copy of a.php hack it, crack it or what ever else and use it my problem is that I want to protect my work from thieves and it is exactly this which I want to resolve but do not know how... Thank you Everah... And by the way, I'm not sure at all if this is possible...
Re: How to get the URL of the requesting server
Posted: Sat Jan 17, 2009 9:55 am
by RobertGonzalez
a.php does not have to contain a generic key. If you are distributing this code then hand out API keys like just about all other APIs do. Then validate the key against your database (like you were doing anyway with the domain). Then it doesn't have to be domain specific it can be key specific.
Re: How to get the URL of the requesting server
Posted: Sat Jan 17, 2009 2:24 pm
by Mizhad
Everah, please, would you tell me little bit more about API keys and how to make them? or would you recommend some tutorials or books? Thank you very much for your kind help
Re: How to get the URL of the requesting server
Posted: Sat Jan 17, 2009 4:25 pm
by RobertGonzalez
Think of it like this... you have a website that makes data available to other sites. But you don't want just anyone accessing that data. So you make your web service run in a way that requires some form of authentication from the requesting. So what you do is set your server up to take a posted key (like a users password if you will) and only let data out if the key validates against your database (like a user is authenticated with a password).
The sites can make a cURL request to your service, provide the necessary credential by way of a POST request and your server can return either text, HTML or XML. The requesting server can then use the output you offer in its own way.
You might want to Google "setting up a web service" or something along those line to see how you can easily set up a web service on your server.
Re: How to get the URL of the requesting server
Posted: Sat Jan 17, 2009 6:28 pm
by Mizhad
Thank you Everah for your answer, my system is not built like this, so there is no interaction between my site and the user. People come to my site, see a piece of software, like it and click buy button and pay and download it. Now they install it on their CMS system, not all files are delivered I keep a file on my server which is b.php, a.php is delivered to the buyer and is a part of the software he bought, every time people visits her/his website a.php is ran and here a.php asks b.php about the rest of information.. So neither the buyer nor the visitors of buyer's site know any thing about a.php and this interaction between a.php and b.php.. Here is the dilemma.. Thus every thing is ran in the background without humans interaction... I want just to prevent the illegal distribution of the software by implementing a.php and b.php mechanism.
cURL is just great, but I do not have the solution for the problem.
Re: How to get the URL of the requesting server
Posted: Sat Jan 17, 2009 9:02 pm
by RobertGonzalez
This is the perfect scenario for a web service. Seriously, you should look into it.
Re: How to get the URL of the requesting server
Posted: Sun Jan 18, 2009 1:15 am
by Stryks
I'd have to agree with Everah with regards to the best solution to the problem you pose. I do wonder if you have really thought about how this protects you though.
If the user has access to a.php, they can see the call to b.php and it would be a relatively simple matter to remove any protections you have built in, either by removing the reliance on the call (clip the call and bypass any checking mechanism), or simply by modifying the page to echo the return result and store it in a local b.php file.
Also, if I was aware of this reliance on an external server, I'd be concerned about what failover protection was in place. If your server dies, does that kill my site functionality? Likewise, if your server is under heavy load, are my users going to be hanging around waiting for your servers response?
I think that you might be better off looking into an encoding solution to protect your code. Something like Zend Guard or NuSphere NuCoder. The latter is more affordable, but needs a hosting service that will allow you to run the PHP decoder extension, where most servers automatically enable Zend Optimiser.
Just food for thought.
Re: How to get the URL of the requesting server
Posted: Sun Jan 18, 2009 4:32 am
by Mizhad
Thank you Everah, thank you Stryks for your kind help. I read little bit about Zend Guard, sounds promising, I haven't read enough but I think the encoding method is a good idea.
Strykes, yes, if my server goes down so does a.php because it can not access b.php any more, I think Zend guard resolves this issue also... But as I said I have to read and learn Zend Guard...
You are so kind, I'm really appreciative for your engagement in my problem and offering me these solutions... Thanks again.
Re: How to get the URL of the requesting server
Posted: Sun Jan 18, 2009 5:35 pm
by Mizhad
Zend Guard encoder is just marvelous. Another question which I have in my mind is:
How reliable is $_SERVER['SERVER_NAME'] and $_SERVER['HTTP_HOST]
If they are not reliable then is there some other more reliable way that does the same job?
Regards
Mizhad