Re: [PHP] Javascript Src and HTTP_REFERER
On 8/6/05, Cabbar Duzayak [EMAIL PROTECTED] wrote: Hi, I have a web page (say page1) which refers to a php within javascript tag as: script type=text/javascript src=http://mysite.com/javascript_dump.php;/script As you can see, this calls a php file which dumps javascript. The problem here is, within this php I couldn't get which page it is called from. Basically, if it comes from affiliate site 1, I will show some content, and if it comes from affiliate site 2, I will show some other content. And, the thing is, within this javascript_dump.php, HTTP_REFERER shows nothing, because it gives you the referer of the html page (page1) that contains this script tag (which might be something irrelevant, i.e. google), and remote_addr gives you the IP address of the user. I know that I can add a simple query parameter to specify the source web page such as: javascript_dump.php?siteid=xyz, but this can be faked very easily, and anyone can introduce themselves as any affiliate. Is there a way of getting (within the php) the site this php was called from in a reasonably secure way? Any ideas/suggestions? Thanks.. Duzayak, Did you get this working the way you intented? If so, please share with us what you did. Thanks. Dotan http://lyricslist.com/lyrics/artist_albums/348/mighty_mighty_bosstones.php Mighty Mighty Bosstones Song Lyrics -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Javascript Src and HTTP_REFERER
Dotan Cohen wrote: And, the thing is, within this javascript_dump.php, HTTP_REFERER shows nothing, because it gives you the referer of the html page (page1) that contains this script tag (which might be something irrelevant, i.e. google), and remote_addr gives you the IP address of the user. I know that I can add a simple query parameter to specify the source web page such as: javascript_dump.php?siteid=xyz, but this can be faked very easily, and anyone can introduce themselves as any affiliate. Is there a way of getting (within the php) the site this php was called from in a reasonably secure way? Any ideas/suggestions? Thanks.. Duzayak, Did you get this working the way you intented? If so, please share with us what you did. Thanks. There's no reasonably secure way of doing this. I see three possible solutions. 1. Put a query parameter in, like you said you didn't want to. This is about as easy to fake as HTTP_REFERER, which could hardly be called secure anyway. HTTP_REFERER is set less and less often anyway, as people block it with security software. 2. Define a global variable in JavaScript before including the remote script, a la AdSense. 3. If the times on the servers can be expected to be synchronised, or you have some other unique but changing value that both servers know about, get an MD5/SHA1 hash of that value with the affiliate ID appended on the end, and compare it at the other end. Jasper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Javascript Src and HTTP_REFERER
Hi, I have a web page (say page1) which refers to a php within javascript tag as: script type=text/javascript src=http://mysite.com/javascript_dump.php;/script As you can see, this calls a php file which dumps javascript. The problem here is, within this php I couldn't get which page it is called from. Basically, if it comes from affiliate site 1, I will show some content, and if it comes from affiliate site 2, I will show some other content. And, the thing is, within this javascript_dump.php, HTTP_REFERER shows nothing, because it gives you the referer of the html page (page1) that contains this script tag (which might be something irrelevant, i.e. google), and remote_addr gives you the IP address of the user. I know that I can add a simple query parameter to specify the source web page such as: javascript_dump.php?siteid=xyz, but this can be faked very easily, and anyone can introduce themselves as any affiliate. Is there a way of getting (within the php) the site this php was called from in a reasonably secure way? Any ideas/suggestions? Thanks.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Javascript Src and HTTP_REFERER
I haven't tested this and it's off the top of my head so don't shoot me if I'm off track here ;-) You could possibly use some embedded javascript to set a cookie with the current URL stored in it. This would be easy to spoof as well, but not quite as easy as appending ?site=xyz. (shrug) just a thought On Aug 5, 2005, at 6:58 PM, Cabbar Duzayak wrote: Hi, I have a web page (say page1) which refers to a php within javascript tag as: script type=text/javascript src=http://mysite.com/javascript_dump.php;/script As you can see, this calls a php file which dumps javascript. The problem here is, within this php I couldn't get which page it is called from. Basically, if it comes from affiliate site 1, I will show some content, and if it comes from affiliate site 2, I will show some other content. And, the thing is, within this javascript_dump.php, HTTP_REFERER shows nothing, because it gives you the referer of the html page (page1) that contains this script tag (which might be something irrelevant, i.e. google), and remote_addr gives you the IP address of the user. I know that I can add a simple query parameter to specify the source web page such as: javascript_dump.php?siteid=xyz, but this can be faked very easily, and anyone can introduce themselves as any affiliate. Is there a way of getting (within the php) the site this php was called from in a reasonably secure way? Any ideas/suggestions? Thanks.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php