I need your guys opinion. I'm thinking of having a sub ran in every sub to
check to make sure this script is being ran only through my own domain. I
think this will only break down a valid referral from
http://www.digital-drakon.com/*anything* . The only thing I think I need to
add is to force the $referer down to lowercase cause if someone enters my dir
as http://WWW.DIGITAL-DRAKON.COM it will think its not a valid referral.
Please give me any comments on this good or bad. This is just a prototype
code I did in like 2 min. It will be cleaned up a bit more. And if there is
a better way of checking let me know. I would rather use proven code then
risk a security hole.
Chris
$valid = 'digital-drakon'
$referer = $ENV{HTTP_REFERER};
# should split by the // in
# http://www.digital-drakon.com
($http, $url) = split(/\/\//, $referer)
# whats left over should be in url like
# www.digital-drakon.com/index.html
# whats in domain should be
# www.digital-drakon or digital-drakon
# depents on if the used the www in the
# first place.
($domain, $dir) = split(/\.com/, $url)
($www, $domain2) = split(/\./, $domain)
#check the 2 posable domains
if( $domain eq $valid || $domain2 eq $valid ){
#do somethign to tell the script to continue
}
else{
#do something to tell the script to stop and
#show an error page
}
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
