| Subcribe via RSS

Flir security check.

April 16th, 2009 Posted in Code

This is the PHP snippet in the generate.php file from the FLIR.

This code will check if the request to generate the FLIR image is allowed or not.

if(false !== ALLOWED_DOMAIN && $_SERVER['HTTP_REFERER'] != '') {
    $refhost = get_hostname($_SERVER['HTTP_REFERER']);
    if(substr(ALLOWED_DOMAIN, 0, 1) == '.') {
        if(false === strpos($refhost, substr(ALLOWED_DOMAIN, 1)))
            err('DISALLOWED_DOMAIN');
    }else {
        if($refhost != ALLOWED_DOMAIN)
            err('DISALLOWED_DOMAIN');
    }
}
Tags: , ,

Comments are closed.