SitePoint Sponsor

User Tag List

Results 1 to 12 of 12

Hybrid View

  1. #1
    Working on it... Contrid's Avatar
    Join Date
    Apr 2006
    Location
    Online
    Posts
    955
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    $_SERVER['http_host'] Problem

    Hi there,

    I have a quick question...
    Are there any limits to using $_SERVER['http_host'] meaning...are there specific PHP versions or PHP configurations that will preven this from outputting correctly? How reliable is this variable? Will it always give me the domain name as I'd expect it to?

    Thanks for your advice.

  2. #2
    SitePoint Enthusiast mrsmiley's Avatar
    Join Date
    Jul 2004
    Location
    Melbourne
    Posts
    96
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Contrid View Post
    Will it always give me the domain name as I'd expect it to?
    I guess that depends on what you are expecting. On most hosts www.example.com and example.com will both serve up the same pages from the same site, but the HTTP_HOST variable will be different. You need to account for every alias that references your site. That includes all its IP addresses as well.

    According to the PHP manual http://au.php.net/manual/en/reserved...riables.server:

    "Contents of the Host: header from the current request, if there is one."

    Looks like you cant really rely on it being there all the time. From previous experience though, its there pretty much all the time when the site is being used normally through normal equipment. It would only be a hacker or something outside the normal usage parameters that might drop it I would think.

  3. #3
    Working on it... Contrid's Avatar
    Join Date
    Apr 2006
    Location
    Online
    Posts
    955
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Thank you very much for your response. It's very informative.

    I guess my problem is with the sensitivity of the string. I'm comparing two strings with one another, one of which is the $_server['http_host'] variable output by php.

    Basically, I created a license class. When someone downloads a script from me, they need to type in the domain name, together with "http://www." on which it will be used. This string, together with some other values then go through a process of encryption before it gets written to a text file which serves as a license file.

    Everytime the script is run/executed, some static, hardcoded values inside of the script together with the $_server['http_host']; goes through the same process like when the license file was created. These two encrypted strings are then compared to see if they match. If they don't...tough luck.

    So yeah...all the values are perfect and I figured that the culprit has to be the $_server['http_host']...and I guess it is since some servers won't add the "www." or might even only output the IP address.

    I'll have to find a workaround for this, since some (very few) people have been complaining about invalid license files.

  4. #4
    SitePoint Wizard stereofrog's Avatar
    Join Date
    Apr 2004
    Location
    germany
    Posts
    4,324
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Like other HTTP_ variables, HTTP_HOST comes from the client and contains the value of the "Host:" field in HTTP header. This value is used by webserver when mapping request to a physical path and may or may not match the actual server's hostname.

    For licensing purposes I'd rather use server IP address (SERVER_ADDR variable).

  5. #5
    Working on it... Contrid's Avatar
    Join Date
    Apr 2006
    Location
    Online
    Posts
    955
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by stereofrog View Post
    Like other HTTP_ variables, HTTP_HOST comes from the client and contains the value of the "Host:" field in HTTP header. This value is used by webserver when mapping request to a physical path and may or may not match the actual server's hostname.

    For licensing purposes I'd rather use server IP address (SERVER_ADDR variable).
    What if users are hosting their sites on a shared server?
    With a shared server, many users have the same IP address.
    I guess I could execute a PHP script on my own server and return a value from my database and then check if the license if valid.
    There are many workarounds.

  6. #6
    SitePoint Wizard stereofrog's Avatar
    Join Date
    Apr 2004
    Location
    germany
    Posts
    4,324
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Contrid View Post
    What if users are hosting their sites on a shared server?
    Why are you asking me? I just told you what I'd use if I wanted to license my scripts (what I'll never do, because all home-made "licensing" is stupid).

  7. #7
    Working on it... Contrid's Avatar
    Join Date
    Apr 2006
    Location
    Online
    Posts
    955
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by stereofrog View Post
    Why are you asking me? I just told you what I'd use if I wanted to license my scripts (what I'll never do, because all home-made "licensing" is stupid).
    I'm asking you because you made the suggestion. (which won't work).
    There is nothing wrong with "home licensing" (what does it mean?). I prefer to protect my source code from lazy "developers" whom enjoy to alter it and make it their own. Don't you think that's fair?

  8. #8
    SitePoint Wizard stereofrog's Avatar
    Join Date
    Apr 2004
    Location
    germany
    Posts
    4,324
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Contrid View Post
    I'm asking you because you made the suggestion. (which won't work).
    There is nothing wrong with "home licensing" (what does it mean?). I prefer to protect my source code from lazy "developers" whom enjoy to alter it and make it their own. Don't you think that's fair?
    Whether copy protection is morally fair or not, is the matter of opinion, but technically it's nothing more than a PITA for legitimate users. Copy protection doesn't "protect" anything, especially in php, where all code is open. Unless using ioncube (which is even more pita), it'll take 10 seconds till 30 min to break any php copy protection / licensing scheme.

    Off Topic:


    thanks.

  9. #9
    Working on it... Contrid's Avatar
    Join Date
    Apr 2006
    Location
    Online
    Posts
    955
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by stereofrog View Post
    Why are you asking me? I just told you what I'd use if I wanted to license my scripts (what I'll never do, because all home-made "licensing" is stupid).
    Off topic :
    Love you JS table sort script. It's extremely useful. Thanks.

  10. #10
    SitePoint Evangelist superuser2's Avatar
    Join Date
    Aug 2006
    Posts
    598
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Contrid
    What does "pita" stand for
    Pain in the $#*

    And yes, I am wondering about the off topic box, too.

  11. #11
    Working on it... Contrid's Avatar
    Join Date
    Apr 2006
    Location
    Online
    Posts
    955
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by superuser2 View Post
    Pain in the $#*

    And yes, I am wondering about the off topic box, too.
    Aha...i see

    Well...I certainly agree about that...though I do give users the control they need using template files, configuration files, etc... so they don't really need to edit any of the other (encoded) source code anyways.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •