Solved

Server variables for protection

Posted on 2016-10-29
6
14 Views
Last Modified: 2016-10-29
How can I be sure if my html form posted from the  server I trust or outside spammer?

I want to let one of my friend post data from the server i can trust to my page, however i want to block the rest posting data or redirect the page if the form is not coming from trusted server.

How can i do that?
0
Comment
Question by:Braveheartli
  • 3
  • 2
6 Comments
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 41865114
There is a hierarchy of protections you can apply.  First, let me start by saying that nothing in any HTTP request can be completely trusted.  If the request does not expose important business information or change the data on your server, you do not need to know the origin of the request - it might just be Google setting up links to your site.

So let's assume that you're willing to do a little work to secure a page and make it trustworthy.  Here are some things that may be helpful.

You can password-protect the page using PHP client authentication.  This will let you control who can see the page or post information.

If you just want to be sure that the request came from a human being, you can use CAPTCHA techniques.  There are many such techniques, some are even invisible, but the invisible ones are difficult to prove effective.

If you want to be sure that the request came from a web page in your web site, you might use a form token (the article shows how to check the referrer* variables, too).

If you want to be sure the request came from a specific server, you can test the IP address.  Look in $_SERVER["REMOTE_ADDR"] and compare this to your trusted friend's authorized IP address.

If you know what browser your trusted friend is using, you can look in _SERVER["HTTP_USER_AGENT"].  If this value changes, you can re-authenticate by asking for a password.

Any of these techniques can be useful, and most sites would use a combination of them.

* You can check to see that the request and the referrer contain a match on the URL with something along these lines (a same-origin  check):
$regex = '#' . preg_quote($_SERVER['HTTP_HOST']) . '#i';
if (!preg_match($regex, $_SERVER['HTTP_REFERER'])) return FALSE; 

Open in new window

0
 
LVL 1

Author Closing Comment

by:Braveheartli
ID: 41865116
Wonderful , thank you
1
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 41865297
This simple program lists all of the server variables that are available on your server.  It changes from server to server so you can't count on all of them being there on all servers.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>PHP Server Variables</title>
</head>
<body><h1>PHP Server Variables</h1>
<?php

//reset($_SERVER);
foreach($_SERVER as $key => $value) {
    echo "<b>$key :</b> $value<br />\n";
}

print_r ($_POST);
?>
</body>
</html>

Open in new window

1
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Author Comment

by:Braveheartli
ID: 41865355
Yha k you Dave
0
 
LVL 1

Author Comment

by:Braveheartli
ID: 41865356
Thank you
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 41865388
You're welcome.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
These days socially coordinated efforts have turned into a critical requirement for enterprises.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now