Hi, What i want to do is check to make sure that if someone is using my script that the the domain name that site is on is valid. I have a table on my script site which will store the users urls what i was thinking of is if i connect to that database and check to make sure the the current url matches a url in that table. What would be the best way to go about connecting to that other database to check? Cheers, Adam
Well you are going to have a bit of a hard time connecting to the other database because of the username and password. I can suggest another method via pm.
Make a PHP page that takes the referrer URL and checks it to see if its valid or not. In the Script's HTML, use an <IFRAME> to open that page, and Display that message. Like : <iframe src="http://yoursite.com/testing_script.php" /> PHP: In the testing_script.php, you should get the referer as $_SERVER['HTTP_REFERER'], and check it from the mysql table. ~ Thomas
Right after receiving a pm from daman371 thank you, i think the best method would be to use curl to check. What i need to do now though is build something which can handle a curl query on the other side. I know how to handle the results when i get them but how would i go about setting this up so i can get the results i need.
Right i have sort of done this now but just having a little problem In the client code: <?php $validationURL = "http://www.yourdomain.net/validateDomain.php?domain=".$_SERVER['HTTP_HOST']; $validation = trim(implode('', file($validationURL))); if ($validation == 'valid') { echo "This is a valid domain"; } else { echo "This is Not valid domain"; } ?> Code (markup): Validation side <?php //Insert db connection info here $domain = stripslashes($_GET['domain']) $query = "SELECT * FROM tablename WHERE domain = '$domain'"; $results = mysql_query($query); if (mysql_num_rows($result)==1) { echo 'valid' } ?> Code (markup): But this does not seem to work and comes back with This is Not valid domain everytime even though there that domain in the database.
This is actually a bad move. Any one would be able to fake a domain as long as they know of a valid domain. What you should be doing is having a license key that has a very extensive key, such as SHA512. This will be stored in an external file and sent to the central server upon request. You would then take the IP and some other information as a hash of the client node and check for any suspicious access from alien nodes. If there is found to be suspicious behaviour then disable their license until indisputable proof has been supplied. As for your request from client to server, XML should be used for this if you wish to be pedantic. But the method given to you would work, just not at all securely.
Well the code would be encrypted so would be secure enough for what i need it for. Cheers for that advice though.
You didn't use curl so it isn't doing anything on the client side or validation side. The client side is running but not getting anything from the validation side. You used the wrong variable. I also took out an unnecessary line. One more thing. $validationURL = "http://www.yourdomain.net/validateDomain.php?domain=".$_SERVER['HTTP_HOST']; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $validationURL); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POST, 0); $validation = curl_exec($ch); curl_close($ch); if ($validation == 'valid') { echo "This is a valid domain"; } else { echo "This is Not valid domain"; } ?> Code (markup): <?php //Insert db connection info here $domain = stripslashes($_GET['domain']) $results = mysql_query("SELECT * FROM tablename WHERE domain = '$domain'"); if (mysql_num_rows($results)==1) { echo 'valid' } ?> Code (markup):