FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? [message #179832] Tue, 11 December 2012 10:53 Go to previous message
Tony Marston is currently offline  Tony Marston
Messages: 57
Registered: November 2010
Karma:
Member
I always understood than when activated through a web browser that
$_SERVER['SERVER_NAME'] and $_SERVER['HTTP_HOST'] identified the domain name
under which the script was being run, but I have come across some instances
where both SERVER_NAME and HTTP_HOST appear to be spoofed, and I wondered if
this is legitimate or not.

I have an application which exists on a live server and a test server, with
a different database for each, and they both share a common config file
which identifies which server it is running on so that it can use the
relevant database credentials. If the server name does not match either of
the live or test domain names (such as mydomain.com and test.mydomain.com)
then it uses invalid credentials which causes an error when attempting to
access the database. I never though that this error would ever appear, but
lately I have been getting errors such as the following:

Fatal Error: mysqli_connect(): Access denied for user 'default'@'localhost'
(using password: YES).
Error in line 259 of file
'/var/www/vhosts/mydomain.com/httpdocs/transix/includes/dml.mysqli.class.in c'.
PHP_SELF: /index.php
CURRENT DIRECTORY: /var/www/vhosts/mydomain.com/httpdocs
SERVER_ADDR: nnn.nnn.nnn.nnn
SERVER_NAME: www.yahoo.com
HTTP_HOST: www.yahoo.com
REMOTE_ADDR: 109.108.142.236
REQUEST_URI: http://www.yahoo.com/

In order to run this script on my live server the URL should have been
www.mydomain.com but here you can see it reported as www.yahoo.com. How is
this possible?

Tony Marston

http://www.tonymarston.net
http://www.radicore.org
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Recommendations for PHP Chart generation?
Next Topic: Printing out or displaying for debugging
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 19:26:54 GMT 2024

Total time taken to generate the page: 0.04110 seconds