I have this question. As in PHP you can check if a person came to this page from localhost or not. And $_SERVER['HTTP_REFERER'] cannot be used. Also, you can not check on 127.0.0.1 What other ways are there?

  • one
    If a person came to your page from a localhost, then that person is sitting in front of your server's monitor: D Specify the task, what exactly do you mean by "came from a localhost" and for what purpose do you want to check it? - Ilya Pirogov
  • What do you mean by localhost? - Elime
  • Yes, I had it in mind. It is necessary to check if a stranger is running a script on the server. - alex_90
  • one
    Record the session, record the session access time in the session ... a bunch of ways! The essence of the problem is what?) - Palmervan
  • one
    or in general, why is all this necessary, put a password, as protection and do not e * mind your brain%) - Elime

8 answers 8

To find out a stranger or not a person runs the script.

Option 1: set a password. Either by session or httppass.
Option 2 (used in the CMS): the file pulls up where the variable is set. Then, each CMS script checks for the presence of a variable.
Option 3: all links to the site should contain some kind of get-request (href = "site.ru/?partnerId=21534"), the value of which is written to the session. Option 1 is obtained, only more transparent.

    If the client (browser) does not send this information (And many do not send by default), you cannot recognize it. Unless, with accuracy: whether it came from your site or not from yours. If the information is sent, it lies in HTTP_REFERRER

    • @knes, I was told there is a way to somehow determine this by ip . PS Is it possible to somehow do this through Whois ? - alex_90
    • @knes, and how can you find out from my site whether it came or not? - alex_90

    "It is necessary to check if an outsider does not run a script on the server."

     <?php $ip = $_SERVER['REMOTE_ADDR']; //ip зашедшего на страницу $your_ip = '182.54.12.482'; //ip с которого можно заходить if($ip !== $your_ip){ echo 'Ахтунг! Чужой!'; exit(); }

    or am I misunderstood?

      You took into account that if a person simply typed in the address bar the address of your site or its page, then there simply won't be a thing like $_SERVER['HTTP_REFERER'] at all?

      Generate yourself a cookie and check its presence, don’t give a cookie to someone else and you will be happy without passwords

        There are two variables $_SERVER['HTTP_REFERRER'] and $_SERVER['REMOTE_ADDR']

           if(empty($_SERVER['HTTP_REFERRER'])) { echo 'localhost or http://' . $_SERVER['HTTP_HOST']; }

            This is how the browser sends the request:

             GET http://ru.stackoverflow.com/posts/64726/ivc/95ee?_=1431120826827 HTTP/1.1 Host: ru.stackoverflow.com Connection: keep-alive Accept: */* X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.2.9999.797 Safari/537.31 Referer: http://ru.stackoverflow.com/questions/64726/%d0%9a%d0%b0%d0%ba-%d1%83%d0%b7%d0%bd%d0%b0%d1%82%d1%8c-%d0%be%d1%82%d0%ba%d1%83%d0%b4%d0%b0-%d0%bf%d1%80%d0%b8%d1%88%d0%b5%d0%bb-%d0%b7%d0%b0%d0%bf%d1%80%d0%be%d1%81 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: smth=was-here;

            Pay attention to the host header. Yes, and in the url address is.

              The question is relevant for me. I am looking for a way to do something like this, but for now this kind of something happens. Not sure that this will give the expected result, but close to it. In any case, SERVER_NAME provides the necessary information about the server name, it remains only to determine this information about the request server. HTTP_HOST gives the wrong information.

               if ( $_SERVER['HTTP_HOST'] != $_SERVER['SERVER_NAME'] ) { }