Referring URL's protection - how to in PHP? - GoFuckYourself.com

SexySarah · 06-17-2003, 09:14 AM

The following code works pretty well, but spoofing easily gets past it. Is there a stronger way to protect certain pages short of using passwords? Free, preferably.

Thanks!!!

$Referer = getenv("HTTP_REFERER");

if (strchr($Referer, "URL"))
{
echo "text";
}
elseif (strchr($Referer, "URL2"))
{
echo "text";
}
else
{
echo "[script];window.location='http://www.redirectURL.com';[/script]";
}

Obviously < changed to [ and > changed to ]

SexySarah · 06-17-2003, 09:26 AM

Anyone?

foe · 06-17-2003, 09:34 AM

what error does it give you

SexySarah · 06-17-2003, 09:46 AM

It actually works fine.

But I've been playing around and it just isn't secure against spoofers.

I used zspoof and I got around it very easily.

I was just wondered if there's anyway to make it a little more secure against spoofing?

(sorry about using the word spoof quite so many times).

neighborhood_bob · 06-17-2003, 09:50 AM

A fair security measure is to insist that your members have
cookies enabled to view the site. Use a combo of .htaccess and
cookies to verify members on login. As far as I know, there isn't
really a way to stop spoofers when your only validation is through
reading the Referrer. Not an expert, just my experiences.

SexySarah · 06-17-2003, 09:51 AM

Quote:

Originally posted by neighborhood_bob
A fair secirotu measure is to insist that your members have
cookies enabled to view the site. Use a combo of .htaccess and
cookies to verify members on login. As far as I know, there isn't
really a way to stop spoofers when your only validation is through
reading the Referrer. Not an expert, just my experiences.

Interesting.

I'll search phpbuilder.com to see how I can integrate cookies as a security measure too.

06-17-2003, 09:14 AM	#1
SexySarah So Fucking Banned Join Date: May 2003 Posts: 1,076	Referring URL's protection - how to in PHP? The following code works pretty well, but spoofing easily gets past it. Is there a stronger way to protect certain pages short of using passwords? Free, preferably. Thanks!!! $Referer = getenv("HTTP_REFERER"); if (strchr($Referer, "URL")) { echo "text"; } elseif (strchr($Referer, "URL2")) { echo "text"; } else { echo "[script];window.location='http://www.redirectURL.com';[/script]"; } Obviously < changed to [ and > changed to ]

06-17-2003, 09:26 AM	#2
SexySarah So Fucking Banned Join Date: May 2003 Posts: 1,076	Anyone?

06-17-2003, 09:34 AM	#3
foe Confirmed User Join Date: May 2002 Location: CT Posts: 5,246	what error does it give you

06-17-2003, 09:46 AM	#4
SexySarah So Fucking Banned Join Date: May 2003 Posts: 1,076	It actually works fine. But I've been playing around and it just isn't secure against spoofers. I used zspoof and I got around it very easily. I was just wondered if there's anyway to make it a little more secure against spoofing? (sorry about using the word spoof quite so many times).

06-17-2003, 09:50 AM	#5
neighborhood_bob Registered User Join Date: Jun 2003 Posts: 83	A fair security measure is to insist that your members have cookies enabled to view the site. Use a combo of .htaccess and cookies to verify members on login. As far as I know, there isn't really a way to stop spoofers when your only validation is through reading the Referrer. Not an expert, just my experiences.