$_SERVER['http_host'] Problem

[Contrid]

Hi there,

I have a quick question...
Are there any limits to using $_SERVER['http_host'] meaning...are there specific PHP versions or PHP configurations that will preven this from outputting correctly? How reliable is this variable? Will it always give me the domain name as I'd expect it to?

Thanks for your advice.

[mrsmiley]

Will it always give me the domain name as I'd expect it to?

I guess that depends on what you are expecting. On most hosts www.example.com and example.com will both serve up the same pages from the same site, but the HTTP_HOST variable will be different. You need to account for every alias that references your site. That includes all its IP addresses as well.

According to the PHP manual http://au.php.net/manual/en/reserved...riables.server:

"Contents of the Host: header from the current request, if there is one."

Looks like you cant really rely on it being there all the time. From previous experience though, its there pretty much all the time when the site is being used normally through normal equipment. It would only be a hacker or something outside the normal usage parameters that might drop it I would think.

[Contrid]

Thank you very much for your response. It's very informative.

I guess my problem is with the sensitivity of the string. I'm comparing two strings with one another, one of which is the $_server['http_host'] variable output by php.

Basically, I created a license class. When someone downloads a script from me, they need to type in the domain name, together with "http://www." on which it will be used. This string, together with some other values then go through a process of encryption before it gets written to a text file which serves as a license file.

Everytime the script is run/executed, some static, hardcoded values inside of the script together with the $_server['http_host']; goes through the same process like when the license file was created. These two encrypted strings are then compared to see if they match. If they don't...tough luck.

So yeah...all the values are perfect and I figured that the culprit has to be the $_server['http_host']...and I guess it is since some servers won't add the "www." or might even only output the IP address.

I'll have to find a workaround for this, since some (very few) people have been complaining about invalid license files.

[stereofrog]

Like other HTTP_ variables, HTTP_HOST comes from the client and contains the value of the "Host:" field in HTTP header. This value is used by webserver when mapping request to a physical path and may or may not match the actual server's hostname.

For licensing purposes I'd rather use server IP address (SERVER_ADDR variable).

[Contrid]

Like other HTTP_ variables, HTTP_HOST comes from the client and contains the value of the "Host:" field in HTTP header. This value is used by webserver when mapping request to a physical path and may or may not match the actual server's hostname.

For licensing purposes I'd rather use server IP address (SERVER_ADDR variable).

What if users are hosting their sites on a shared server?
With a shared server, many users have the same IP address.
I guess I could execute a PHP script on my own server and return a value from my database and then check if the license if valid.
There are many workarounds.

[stereofrog]

What if users are hosting their sites on a shared server?

Why are you asking me? I just told you what I'd use if I wanted to license my scripts (what I'll never do, because all home-made "licensing" is stupid).

[Contrid]

Why are you asking me? I just told you what I'd use if I wanted to license my scripts (what I'll never do, because all home-made "licensing" is stupid).

I'm asking you because you made the suggestion. (which won't work).
There is nothing wrong with "home licensing" (what does it mean?). I prefer to protect my source code from lazy "developers" whom enjoy to alter it and make it their own. Don't you think that's fair?

[Contrid]

Why are you asking me? I just told you what I'd use if I wanted to license my scripts (what I'll never do, because all home-made "licensing" is stupid).

Off topic :

Love you JS table sort script. It's extremely useful. Thanks.

[stereofrog]

I'm asking you because you made the suggestion. (which won't work).
There is nothing wrong with "home licensing" (what does it mean?). I prefer to protect my source code from lazy "developers" whom enjoy to alter it and make it their own. Don't you think that's fair?

Whether copy protection is morally fair or not, is the matter of opinion, but technically it's nothing more than a PITA for legitimate users. Copy protection doesn't "protect" anything, especially in php, where all code is open. Unless using ioncube (which is even more pita), it'll take 10 seconds till 30 min to break any php copy protection / licensing scheme.

Off Topic:


thanks.

[Contrid]

Whether copy protection is morally fair or not, is the matter of opinion, but technically it's nothing more than a PITA for legitimate users. Copy protection doesn't "protect" anything, especially in php, where all code is open. Unless using ioncube (which is even more pita), it'll take 10 seconds till 30 min to break any php copy protection / licensing scheme.

Off Topic:


thanks.

I use Zend Guard for all scripts I distribute. 90% or more of my scripts are free and I use them to gain traffic to my site in order to sell other services.

What does "pita" stand for?

Also...how do you create the nice "off topic" box?

[superuser2]

What does "pita" stand for

Pain in the $#*

And yes, I am wondering about the off topic box, too.

[Contrid]

Pain in the $#*

And yes, I am wondering about the off topic box, too.

Aha...i see

Well...I certainly agree about that...though I do give users the control they need using template files, configuration files, etc... so they don't really need to edit any of the other (encoded) source code anyways.