I am building an application that requires the values of
$_SERVER['SERVER_ADDR'] and $_SERVER['SERVER_NAME'] etc. to be correct.
I understand users can change these values ... e.g.
How could I over come this, e.g. is it possible to do something like this
Or does anyone have any ideas?
$_SERVER = fetchServerVARS();
IF you mean for some kind of licensing/activation whatever then you need to encrypt or compile whatever routine you use for checking validity and require it in all relevant product pages. Also that file should include routines essential for your product to work (else it can just be swapped for an empty file).
That or require some validation from an external server where a spoofed IP won't cut it.
Thanks for your reply.
At the moment the code is at the top of all the product's pages, and it generates an md5 key, using variables such as $_SERVER.
It then compares the value of the key to the one that was generated upon installation.. so if anyone took the script, and moved it to another server, it wouldn't operate.
But someone could change the $_SERVER values.
Ha! Fixed. Take that hackers....
$ip = getenv("SERVER_ADDR"); // get the ip number of the server
What's to stop somebody from doing the following...
$ip = '220.127.116.11';
Without compiling your PHP pages there is no effective way you could protect your application like that.
Everything is encypted (Zend or ionCube) and I was only showing you an example, the function will not be stored in a variable :)
But while we are on the subject of encryption....
Does anyone recommend any good free encryptors ;)