Location: PHPKode > scripts > Submit Security > submit-security/submitSecurity.class.php
<?php

/*
submitSecurity 1.0
Copyright: Left
---------------------------------------------------------------------------------
Version:        1.0
Date:           10 September 2007
---------------------------------------------------------------------------------
Author:        Gilmar Pupo (hide@address.com) / Brazil
---------------------------------------------------------------------------------
License:        Choose the more appropriated for You.Enjoy!
---------------------------------------------------------------------------------
Description:
Check if the submit reffer is from trusted server.

* Only for PHP5 or later

---------------------------------------------------------------------------------
Example usage: 
submitSecurity::check('POST');
  or 
submitSecurity::check('GET');

---------------------------------------------------------------------------------
Customize:

Set you preffer text in the funcion deny() and include yours thusted servers in array $allowed;


---------------------------------------------------------------------------------
Todo:
- check thusted servers in a SQL table;
- live an let live! :)



---------------------------------------------------------------------------------
*/



class submitSecurity{
    
    
    private static $allowed = array(
                                    'flexdigital.com.br',
                                    'flexturbo.com.br'
                                    );
                                    
    private static $_trust;
    private static $reffer;
    private static $host;
                      
   
    
    
    
    private static function deny(){
        //Message for deny page:
        //Portuguese default
        echo '<h1>Envio de dados não aceito.</h1><p>Sua postagem não foi aceita porque o endereço anterior de seu navegador (' . self::$reffer . ') não faz parte deste servidor (' . self::$host . ') ou de servidores confiáveis.</p><p>Para esclarecimento de dúvidas a respeito, por favor contate o <a href="mailto:'. $_SERVER['SERVER_ADMIN'].'">Administrador do sistema</a>.</p>';
        exit();
    }
    
    
   private static function urlClear($n){
      $n = str_replace('http://', '',$n);
      $n = str_replace('www.', '',$n);
      return $n;
   }
    
    
    private static function allow(){
      //do something if you need
    }
    
    private static function _check(){
    
    if(!$_SERVER['HTTP_REFERER']){
      self::$reffer = 'Your Desktop file system';
    }else{
      self::$reffer = self::urlClear($_SERVER['HTTP_REFERER']);
      self::$reffer = substr(self::$reffer, 0, stripos(self::$reffer,'/'));
    }

    self::$host = self::urlClear($_SERVER['HTTP_HOST']);  
    
      if(!$_SERVER['HTTP_REFERER'])
        return false;
      else if (self::$reffer == self::$host)
        return true;  
      else if (in_array(self::$reffer,self::$allowed)) 
        return true;
      else
        return false;     
    }
    private static function setThust(){
      if(self::_check())
        self::$_trust = true;
      else
        self::$_trust = false;  
    }
    private static function trust(){
    
      if(!isset($_trust))
        self::setThust();
    
      return self::$_trust;  
    }
      
    
    public static function check($REQUEST_METHOD = 'POST') {
      if(!self::trust() && $_SERVER[REQUEST_METHOD] == strtoupper($REQUEST_METHOD))
        self::deny();
      else
        self::allow();   
    }
    
    // Cannot be instantiated by any other class
    protected function __Construct() { }
    
    // Cannot be cloned ever
    private function __Clone() { }
    

} 




?>
Return current item: Submit Security