SitePoint Sponsor

User Tag List

Results 1 to 7 of 7

Hybrid View

  1. #1
    SitePoint Enthusiast Adam E's Avatar
    Join Date
    Apr 2004
    Location
    Australia
    Posts
    91
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    $_SERVER variables

    Hey,

    I am building an application that requires the values of

    $_SERVER['SERVER_ADDR'] and $_SERVER['SERVER_NAME'] etc. to be correct.

    I understand users can change these values ... e.g.

    PHP Code:
    $_SERVER['SERVER_ADDR']='102.054.156.42'
    How could I over come this, e.g. is it possible to do something like this
    PHP Code:
    $_SERVER fetchServerVARS(); 
    Or does anyone have any ideas?

    Thanks
    Adam

  2. #2
    ********* wombat firepages's Avatar
    Join Date
    Jul 2000
    Location
    Perth Australia
    Posts
    1,717
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    IF you mean for some kind of licensing/activation whatever then you need to encrypt or compile whatever routine you use for checking validity and require it in all relevant product pages. Also that file should include routines essential for your product to work (else it can just be swapped for an empty file).

    That or require some validation from an external server where a spoofed IP won't cut it.

  3. #3
    SitePoint Enthusiast Adam E's Avatar
    Join Date
    Apr 2004
    Location
    Australia
    Posts
    91
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey,

    Thanks for your reply.

    At the moment the code is at the top of all the product's pages, and it generates an md5 key, using variables such as $_SERVER.

    It then compares the value of the key to the one that was generated upon installation.. so if anyone took the script, and moved it to another server, it wouldn't operate.

    But someone could change the $_SERVER values.
    Adam

  4. #4
    SitePoint Enthusiast Adam E's Avatar
    Join Date
    Apr 2004
    Location
    Australia
    Posts
    91
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ha! Fixed. Take that hackers....

    PHP Code:
    <?php
    $ip 
    getenv("SERVER_ADDR"); // get the ip number of the server
    ?>
    Adam

  5. #5
    With More ! for your $ maxor's Avatar
    Join Date
    Feb 2004
    Location
    Scottsdale, Arizona
    Posts
    909
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What's to stop somebody from doing the following...
    PHP Code:
    $ip '12.34.56.78'

  6. #6
    ********* Wizard silver trophy Cam's Avatar
    Join Date
    Aug 2002
    Location
    Burpengary, Australia
    Posts
    4,495
    Mentioned
    0 Post(s)
    Tagged
    1 Thread(s)
    Without compiling your PHP pages there is no effective way you could protect your application like that.

  7. #7
    SitePoint Enthusiast Adam E's Avatar
    Join Date
    Apr 2004
    Location
    Australia
    Posts
    91
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Everything is encypted (Zend or ionCube) and I was only showing you an example, the function will not be stored in a variable

    But while we are on the subject of encryption....

    Does anyone recommend any good free encryptors
    Adam


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •