SitePoint Sponsor |
|
User Tag List
Results 1 to 12 of 12
Thread: $_SERVER['http_host'] Problem
-
Feb 13, 2007, 19:41 #1
- Join Date
- Apr 2006
- Location
- Online
- Posts
- 955
- Mentioned
- 2 Post(s)
- Tagged
- 0 Thread(s)
$_SERVER['http_host'] Problem
Hi there,
I have a quick question...
Are there any limits to using $_SERVER['http_host'] meaning...are there specific PHP versions or PHP configurations that will preven this from outputting correctly? How reliable is this variable? Will it always give me the domain name as I'd expect it to?
Thanks for your advice.
-
Feb 13, 2007, 20:13 #2
- Join Date
- Jul 2004
- Location
- Melbourne
- Posts
- 96
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I guess that depends on what you are expecting. On most hosts www.example.com and example.com will both serve up the same pages from the same site, but the HTTP_HOST variable will be different. You need to account for every alias that references your site. That includes all its IP addresses as well.
According to the PHP manual http://au.php.net/manual/en/reserved...riables.server:
"Contents of the Host: header from the current request, if there is one."
Looks like you cant really rely on it being there all the time. From previous experience though, its there pretty much all the time when the site is being used normally through normal equipment. It would only be a hacker or something outside the normal usage parameters that might drop it I would think.
-
Feb 13, 2007, 20:20 #3
- Join Date
- Apr 2006
- Location
- Online
- Posts
- 955
- Mentioned
- 2 Post(s)
- Tagged
- 0 Thread(s)
Thank you very much for your response. It's very informative.
I guess my problem is with the sensitivity of the string. I'm comparing two strings with one another, one of which is the $_server['http_host'] variable output by php.
Basically, I created a license class. When someone downloads a script from me, they need to type in the domain name, together with "http://www." on which it will be used. This string, together with some other values then go through a process of encryption before it gets written to a text file which serves as a license file.
Everytime the script is run/executed, some static, hardcoded values inside of the script together with the $_server['http_host']; goes through the same process like when the license file was created. These two encrypted strings are then compared to see if they match. If they don't...tough luck.
So yeah...all the values are perfect and I figured that the culprit has to be the $_server['http_host']...and I guess it is since some servers won't add the "www." or might even only output the IP address.
I'll have to find a workaround for this, since some (very few) people have been complaining about invalid license files.
-
Feb 14, 2007, 04:26 #4
- Join Date
- Apr 2004
- Location
- germany
- Posts
- 4,324
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Like other HTTP_ variables, HTTP_HOST comes from the client and contains the value of the "Host:" field in HTTP header. This value is used by webserver when mapping request to a physical path and may or may not match the actual server's hostname.
For licensing purposes I'd rather use server IP address (SERVER_ADDR variable).
-
Feb 14, 2007, 04:32 #5
- Join Date
- Apr 2006
- Location
- Online
- Posts
- 955
- Mentioned
- 2 Post(s)
- Tagged
- 0 Thread(s)
What if users are hosting their sites on a shared server?
With a shared server, many users have the same IP address.
I guess I could execute a PHP script on my own server and return a value from my database and then check if the license if valid.
There are many workarounds.
-
Feb 14, 2007, 05:26 #6
- Join Date
- Apr 2004
- Location
- germany
- Posts
- 4,324
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
-
Feb 14, 2007, 05:32 #7
-
Feb 14, 2007, 05:47 #8
-
Feb 14, 2007, 06:16 #9
- Join Date
- Apr 2004
- Location
- germany
- Posts
- 4,324
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Whether copy protection is morally fair or not, is the matter of opinion, but technically it's nothing more than a PITA for legitimate users. Copy protection doesn't "protect" anything, especially in php, where all code is open. Unless using ioncube (which is even more pita), it'll take 10 seconds till 30 min to break any php copy protection / licensing scheme.
Off Topic:
thanks.
-
Feb 14, 2007, 06:24 #10
-
Feb 14, 2007, 06:30 #11
Originally Posted by Contrid
And yes, I am wondering about the off topic box, too.
-
Feb 14, 2007, 06:33 #12
Bookmarks