Re: [PHP] confused about getenv arguements

Sat, 27 Jan 2001 21:27:49 -0800 

Just put <?phpinfo()?> in a file and read through it.  Note that
HTTP_REFERER (1 R) is only set if you click on a link to get to the page.

Also note that relying on HTTP_REFERER for anything important is not safe.
Anybody can spoof this variable.

-Rasmus

On Sat, 27 Jan 2001, Noel Akins wrote:

> Hello,
> I found this script at zend. Please note the getenv("HTTP_REFFERER").
>
> <?
>
> /* Anti-leech bandwidth protecter by Corey Milner, http://www.odey.com.
> Turn the refererring URL into a variable */
> $from = getenv("HTTP_REFERER");
>
> /* Check to see if the URL in the variable is a valid referrer. Add the
> page URL which you would like people to arrive from here. */
> if ($from != "http://www.yoursite.com/validpage.htm")
>
> /* If the URL is valid, page loads now */
>
> /* If URL is invalid the following error message and proper link appears,
> enter your custom error message and a hyperlink to the valid URL you
> entered above here*/
> {print(" Sorry you have tried to link to a page which does not accept
> visitors directly. <br>
> <a href=http://www.yoursite.com/validpage.htm>CLICK HERE</a> to enter");
>
> /* Prevent the rest of the page from loading */
> exit;}
>
> ?>
>
> I went to check getenv in the php manual, and it said "You can see a list
> of all the environmental variables by using phpinfo(). You can find out
> what many of them mean by taking a look at the CGI specification,
> specifically the page on environmental variables.
>
> I made a php script phpinfo(INFO_ALL) to return everything for my host and
> did not see HTTP_REFFERER, not did I see any of the other args that were in
> the comments on the getenv page.
> I looked at the linked cgi pages and didn't find anything there either.
>
> If by not seeing these HTTP_like variables in my phpinfo, does that mean
> they are unavailable to me to use? Do they have to be setup during the
> install of php/apache?
> Where can I get more info on these getenv args/vars?
>
> Thanks
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to