SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Wizard tgavin's Avatar
    Join Date
    Feb 2003
    Location
    FL
    Posts
    1,051
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Domain + directory = access granted?

    I'm trying to set up a security script that will only allow another script to be run from a specified domain/directory - and any sub directory.

    script can NOT run from mydomain.com
    script CAN run from mydomain.com/my_directory
    script CAN run from mydomain.com/my_directory/sub_directory

    So far I have checking for the domain, but can't figure out how to include directories
    PHP Code:
    $domain "www.mydomain.com";
    $directory "/my_dir";
    rootPath "/home/site/public_html";
    sitePath $rootPath.$directory

    // let's do some security
    $server $_SERVER["SERVER_NAME"];

    // check if the user is authorized
    if($server != $domain) {
    ****
    ****
    // not authorized
    ****echo "ERROR! You are not authorized to run this program on the domain $server";
    ****exit();
    }
    else {
    $siteURL "http://".$domain.$directory;

    Any suggestions would be greatly appreciated!

  2. #2
    SitePoint Addict phpster's Avatar
    Join Date
    Feb 2005
    Location
    Toronto, Canada
    Posts
    374
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    have a look at $_SERVER['REQUEST_URI']...it may be what you are looking for
    phpster

    I wish my computer would do what I want it to.
    Not what I tell it to do...

  3. #3
    SitePoint Wizard tgavin's Avatar
    Join Date
    Feb 2003
    Location
    FL
    Posts
    1,051
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by phpster
    have a look at $_SERVER['REQUEST_URI']...it may be what you are looking for
    Thanks for the reply. I think I got it, although it seemed too easy

    Anybody, if there is a hole, please point it out to me.
    Remember, this is supposed to allow from www.mydomain.com/my_dir/ downward into as many directories deep as the user wants to go.

    PHP Code:
    $domain "www.mydomain.com";
    $directory "/my_dir";
    rootPath "/home/site/public_html";
    $site $domain.$directory;
    sitePath $rootPath.$directory;

    // let's do some security
    $server $_SERVER["SERVER_NAME"].$directory;

    // check if the user is authorized
    if($server != $site) {

       
    // not authorized
       
    echo "ERROR! You are not authorized to run this program on the domain $server";
       exit();
    }
    else {
    $siteURL "http://".$domain.$directory;

    Thanks!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •