Hi, how can I set a php script just to run from specific domain name? How is the best way to protect php code using this method? Can anyone give me a script to this? some snippet? Thanks in advance.
Unless you encode the script, the person will be able to remove your line of code and use the website as they wish. You could encode the an important include file for example. You could use $_SERVER["SCRIPT_URI"] to detect the domain name used. Something like this may work? if(!ereg("yourdomain.com",$_SERVER["SCRIPT_URI"]){ die("Invalid Domain"); } PHP:
In your form processing script, use the server variable for host. The following line gives some idea of how you would use it: $whatSiteIsSubmittingThis = $_SERVER['HTTP_HOST']; The variable $whatSiteIsSubmittingThis will show the main URL of the site that is sending the posted data. It will appear in "www.<your domain name>.com" format. Then just do a simple compare, for example: if ($whatSiteIsSubmittingThis = "www.google.com"){ //do your stuff }else{ die('Hey! I only accept form submissions from my own site!'); } Just get in touch if you need more help!
But may I protect that lines of code from being deleted? Or could I delete importante files on server if wrong domain name? Thanks.
Make sure you put == instead of =, otherwise it will always evaluate to true. if ($whatSiteIsSubmittingThis == "www.google.com"){ //do your stuff }else{ die('Hey! I only accept form submissions from my own site!'); } PHP:
invest in one of the PHP source encoder products or you could base64_encode the source, but it would be easy to decode it , you can try this online at makcoder.sourceforge.net/demo/base64.php do a search on G for php file encode or similar and it will chuck up a few choices.
What could be the best PHP encoder? every encoder could code to specific domain name of my choice? Thanks.