?
Solved

Server variables for protection

Posted on 2016-10-29
6
Medium Priority
?
35 Views
Last Modified: 2016-10-29
How can I be sure if my html form posted from the  server I trust or outside spammer?

I want to let one of my friend post data from the server i can trust to my page, however i want to block the rest posting data or redirect the page if the form is not coming from trusted server.

How can i do that?
0
Comment
Question by:Braveheartli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 2000 total points
ID: 41865114
There is a hierarchy of protections you can apply.  First, let me start by saying that nothing in any HTTP request can be completely trusted.  If the request does not expose important business information or change the data on your server, you do not need to know the origin of the request - it might just be Google setting up links to your site.

So let's assume that you're willing to do a little work to secure a page and make it trustworthy.  Here are some things that may be helpful.

You can password-protect the page using PHP client authentication.  This will let you control who can see the page or post information.

If you just want to be sure that the request came from a human being, you can use CAPTCHA techniques.  There are many such techniques, some are even invisible, but the invisible ones are difficult to prove effective.

If you want to be sure that the request came from a web page in your web site, you might use a form token (the article shows how to check the referrer* variables, too).

If you want to be sure the request came from a specific server, you can test the IP address.  Look in $_SERVER["REMOTE_ADDR"] and compare this to your trusted friend's authorized IP address.

If you know what browser your trusted friend is using, you can look in _SERVER["HTTP_USER_AGENT"].  If this value changes, you can re-authenticate by asking for a password.

Any of these techniques can be useful, and most sites would use a combination of them.

* You can check to see that the request and the referrer contain a match on the URL with something along these lines (a same-origin  check):
$regex = '#' . preg_quote($_SERVER['HTTP_HOST']) . '#i';
if (!preg_match($regex, $_SERVER['HTTP_REFERER'])) return FALSE; 

Open in new window

0
 
LVL 1

Author Closing Comment

by:Braveheartli
ID: 41865116
Wonderful , thank you
1
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 41865297
This simple program lists all of the server variables that are available on your server.  It changes from server to server so you can't count on all of them being there on all servers.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>PHP Server Variables</title>
</head>
<body><h1>PHP Server Variables</h1>
<?php

//reset($_SERVER);
foreach($_SERVER as $key => $value) {
    echo "<b>$key :</b> $value<br />\n";
}

print_r ($_POST);
?>
</body>
</html>

Open in new window

1
Tutorial: Introduction to Managing a Linux Server

In this tutorial on systemd, we will explore:
-OS/Distro Adoption
-chkconfig and Other Legacy Commands
-Summary and Key Commands

 
LVL 1

Author Comment

by:Braveheartli
ID: 41865355
Yha k you Dave
0
 
LVL 1

Author Comment

by:Braveheartli
ID: 41865356
Thank you
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 41865388
You're welcome.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question