in string test

gofox

We have a http_referer setup on a site that is setting into a session, code is:
<? $the_url = $_SERVER['HTTP_REFERER'];
$pieces = explode("/", $the_url);
$domain=$pieces[2];
This sets just the www.site.com, here is the problem, we are passing this to restrict access to some pages to members only,
the restricted pages use this code:

<? if ($_SESSION['domain'] == "www.site.com") {
print("ok");
} else {
header("Location: http://othersite.com/close.htm");
}
Here is my problem, turns out the are referering from a "www.sub.site.com" location and the "sub." will change so the if else will not let them in, how can I weed that out in either the "http_referer" part or in the "if else" so they can access those pages?

gofox

got it... fyi changed
$pieces = explode("/", $the_url);
to
$pieces = explode(".", $the_url);

laserlight

Firstly HTTP_REFERER probably isnt a reliable way doing it.

Still...
Basically, you want to check if HTTP_REFERER is of the form:
http://www.domain.com/page.html
or
http://www.subdomain.domain.com/page.html

and if domain.com matches, it is expected.

What you can do is this:

function matchDomain($domain, $url) {
	//get an array containing the parts of the parsed URL
	$url_array = parse_url($url);
	$host = $url_array['host'];
	//periods are special chars in regex, so we escape them
	$domain = str_replace('.', '\.', $domain);
	//compare $host with the domain name provided
	if (preg_match('/' . $domain . '$/i', $host) == 1)
		return true;
	else
		return false;
}

Then you would use:

<?php
//check that HTTP_REFERER is set
if (isset($_SERVER['HTTP_REFERER'])) {
	if (matchDomain("site.com", $_SERVER['HTTP_REFERER'])) {
		//ok
	}
	else {
		//incorrect
	}
}
else {
	//incorrect
}