Reading source code and extracting json from a urlPHP function to access a database and return jsonhow secure...
Discouraging missile alpha strikes
Isn't a semicolon (';') needed after a function declaration in C++?
Does changing "sa" password require a SQL restart (in mixed mode)?
Why don't reads from /dev/zero count as I/O?
Is it ethical to apply for a job on someone's behalf?
Why does finding small effects in large studies indicate publication bias?
Distortion of City -Boundary-Polygons proportional to population size in QGIS?
What is formjacking?
Exploding Numbers
How do I add a strong "onion flavor" to the biryani (in restaurant style)?
Identical projects by students at two different colleges: still plagiarism?
Almost normal subgroup
Arizona laws regarding ownership of ground glassware for chemistry usage
Which was the first story to feature space elevators?
How to know if I am a 'Real Developer'
Found a major flaw in paper from home university – to which I would like to return
How do I write a maintainable, fast, compile-time bit-mask in C++?
Last Reboot commands don't agree
Why are `&array` and `array` pointing to the same address?
Ramanujan's radical and how we define an infinite nested radical
Coworker is trying to get me to sign his petition to run for office. How to decline politely?
Why is ra lower than re while la is higher than le?
How can I portray body horror and still be sensitive to people with disabilities?
Do error bars on probabilities have any meaning?
Reading source code and extracting json from a url
PHP function to access a database and return jsonhow secure is this way of writing and reading with PHP and SQLite?Website for updating a divA Simple, One-Page PHP Admin Login (with prepared SQL statements)URL link SEO and security using LaravelRetrieving objects from JSON URLsRead and display data from MySQL tableImage, file, text uploader and URL shortenerSpring JWT authentication using cookiesUsing postMessage() in JavaScript with iframes for cross domain communication
$begingroup$
I made a code to read the source code from a url, to reach this url i need to specify a token, after read the source code i extract a url in json format, and i redirect my domain to this url. It's not relevant to what i'm asking, but want explain what i'm doing...
As you can see, on my domain http://localhost/test i have a query string called token that is used to read the souce code of a different domain, after this i redirect to a page.
I defined the domain which i will read the source code but i don't know if someone could pass a value to the $_GET['token'] in a way that this will go to a different domain, i'm reading the source code from a url and using the result on my website, so i don't know if someone could do some kind of attack to my server. I'm not sure how these kind of attacks works, and i felt that i should ask someone that has more knowledge than I.
What do you think about my code?
php:
//i use this condition to make sure that nobody can access the url directly,
//and later make sure that the request is from my domain
if(!empty($_SERVER['HTTP_REFERER'])){
//if $_GET[] is empty then $.. is = NULL, else $.. is = $_GET[]
$source = (empty($_GET['source']) ? NULL : $_GET['source']);
$token = (empty($_GET['token']) ? NULL : $_GET['token']);
if(!empty($source) && !empty($token)){
if($source == 'player'){
//check if the request is from the same domain
if(preg_match('/^http://localhost/test/', $_SERVER['HTTP_REFERER'])){
//inside this if() i read the source
//code from this url bellow
$urlPost = 'https://www.player.com/?token='.$token;
$url = file_get_contents($urlPost);
preg_match('/CONFIG = (.*)/', $url, $matches);
$jsn = json_decode($matches[1]);
$streams = $jsn->streams;
foreach($streams as $i){
//this variable will be used to redirect the src
//iframe to a url that contains a video
$vdUrl = $i->url;
}
//redirect to the url that i got from the source code
die(header('location:'.$vdUrl));
}else{
//if the request is not from the same domain then
//redirect to 404 Not Found
die(header('HTTP/1.1 404 Not Found'));
}
}else{
die(header('HTTP/1.1 404 Not Found'));
}
}
}
html:
<iframe src="http://localhost/test/?source=player&token=145215d1ww"></iframe>
php security
asked 7 hours ago
111111111111111111111111
405
$endgroup$
add a comment |
$begingroup$
I made a code to read the source code from a url, to reach this url i need to specify a token, after read the source code i extract a url in json format, and i redirect my domain to this url. It's not relevant to what i'm asking, but want explain what i'm doing...
As you can see, on my domain http://localhost/test i have a query string called token that is used to read the souce code of a different domain, after this i redirect to a page.
I defined the domain which i will read the source code but i don't know if someone could pass a value to the $_GET['token'] in a way that this will go to a different domain, i'm reading the source code from a url and using the result on my website, so i don't know if someone could do some kind of attack to my server. I'm not sure how these kind of attacks works, and i felt that i should ask someone that has more knowledge than I.
What do you think about my code?
php:
//i use this condition to make sure that nobody can access the url directly,
//and later make sure that the request is from my domain
if(!empty($_SERVER['HTTP_REFERER'])){
//if $_GET[] is empty then $.. is = NULL, else $.. is = $_GET[]
$source = (empty($_GET['source']) ? NULL : $_GET['source']);
$token = (empty($_GET['token']) ? NULL : $_GET['token']);
if(!empty($source) && !empty($token)){
if($source == 'player'){
//check if the request is from the same domain
if(preg_match('/^http://localhost/test/', $_SERVER['HTTP_REFERER'])){
//inside this if() i read the source
//code from this url bellow
$urlPost = 'https://www.player.com/?token='.$token;
$url = file_get_contents($urlPost);
preg_match('/CONFIG = (.*)/', $url, $matches);
$jsn = json_decode($matches[1]);
$streams = $jsn->streams;
foreach($streams as $i){
//this variable will be used to redirect the src
//iframe to a url that contains a video
$vdUrl = $i->url;
}
//redirect to the url that i got from the source code
die(header('location:'.$vdUrl));
}else{
//if the request is not from the same domain then
//redirect to 404 Not Found
die(header('HTTP/1.1 404 Not Found'));
}
}else{
die(header('HTTP/1.1 404 Not Found'));
}
}
}
html:
<iframe src="http://localhost/test/?source=player&token=145215d1ww"></iframe>
php security
asked 7 hours ago
111111111111111111111111
405
$endgroup$
add a comment |
$begingroup$
I made a code to read the source code from a url, to reach this url i need to specify a token, after read the source code i extract a url in json format, and i redirect my domain to this url. It's not relevant to what i'm asking, but want explain what i'm doing...
As you can see, on my domain http://localhost/test i have a query string called token that is used to read the souce code of a different domain, after this i redirect to a page.
I defined the domain which i will read the source code but i don't know if someone could pass a value to the $_GET['token'] in a way that this will go to a different domain, i'm reading the source code from a url and using the result on my website, so i don't know if someone could do some kind of attack to my server. I'm not sure how these kind of attacks works, and i felt that i should ask someone that has more knowledge than I.
What do you think about my code?
php:
//i use this condition to make sure that nobody can access the url directly,
//and later make sure that the request is from my domain
if(!empty($_SERVER['HTTP_REFERER'])){
//if $_GET[] is empty then $.. is = NULL, else $.. is = $_GET[]
$source = (empty($_GET['source']) ? NULL : $_GET['source']);
$token = (empty($_GET['token']) ? NULL : $_GET['token']);
if(!empty($source) && !empty($token)){
if($source == 'player'){
//check if the request is from the same domain
if(preg_match('/^http://localhost/test/', $_SERVER['HTTP_REFERER'])){
//inside this if() i read the source
//code from this url bellow
$urlPost = 'https://www.player.com/?token='.$token;
$url = file_get_contents($urlPost);
preg_match('/CONFIG = (.*)/', $url, $matches);
$jsn = json_decode($matches[1]);
$streams = $jsn->streams;
foreach($streams as $i){
//this variable will be used to redirect the src
//iframe to a url that contains a video
$vdUrl = $i->url;
}
//redirect to the url that i got from the source code
die(header('location:'.$vdUrl));
}else{
//if the request is not from the same domain then
//redirect to 404 Not Found
die(header('HTTP/1.1 404 Not Found'));
}
}else{
die(header('HTTP/1.1 404 Not Found'));
}
}
}
html:
<iframe src="http://localhost/test/?source=player&token=145215d1ww"></iframe>
php security
asked 7 hours ago
111111111111111111111111
405
$endgroup$
I made a code to read the source code from a url, to reach this url i need to specify a token, after read the source code i extract a url in json format, and i redirect my domain to this url. It's not relevant to what i'm asking, but want explain what i'm doing...
As you can see, on my domain http://localhost/test i have a query string called token that is used to read the souce code of a different domain, after this i redirect to a page.
I defined the domain which i will read the source code but i don't know if someone could pass a value to the $_GET['token'] in a way that this will go to a different domain, i'm reading the source code from a url and using the result on my website, so i don't know if someone could do some kind of attack to my server. I'm not sure how these kind of attacks works, and i felt that i should ask someone that has more knowledge than I.
What do you think about my code?
php:
//i use this condition to make sure that nobody can access the url directly,
//and later make sure that the request is from my domain
if(!empty($_SERVER['HTTP_REFERER'])){
//if $_GET[] is empty then $.. is = NULL, else $.. is = $_GET[]
$source = (empty($_GET['source']) ? NULL : $_GET['source']);
$token = (empty($_GET['token']) ? NULL : $_GET['token']);
if(!empty($source) && !empty($token)){
if($source == 'player'){
//check if the request is from the same domain
if(preg_match('/^http://localhost/test/', $_SERVER['HTTP_REFERER'])){
//inside this if() i read the source
//code from this url bellow
$urlPost = 'https://www.player.com/?token='.$token;
$url = file_get_contents($urlPost);
preg_match('/CONFIG = (.*)/', $url, $matches);
$jsn = json_decode($matches[1]);
$streams = $jsn->streams;
foreach($streams as $i){
//this variable will be used to redirect the src
//iframe to a url that contains a video
$vdUrl = $i->url;
}
//redirect to the url that i got from the source code
die(header('location:'.$vdUrl));
}else{
//if the request is not from the same domain then
//redirect to 404 Not Found
die(header('HTTP/1.1 404 Not Found'));
}
}else{
die(header('HTTP/1.1 404 Not Found'));
}
}
}
html:
<iframe src="http://localhost/test/?source=player&token=145215d1ww"></iframe>
php security
php security
asked 7 hours ago
111111111111111111111111
405
asked 7 hours ago
111111111111111111111111
405
edited 7 hours ago
111111111111
asked 7 hours ago
111111111111111111111111
405
asked 7 hours ago
111111111111111111111111
405
asked 7 hours ago
111111111111111111111111
405
405
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
$begingroup$
The Security
The main point here is your assumption that HTTP_REFERER could prevent someone from using this code. Unfortunately it doesn't. Referrer, just like any other HTTP header, is easily faked, one is setting it routinely with any software that is doing HTTP requests. So be advised that it is an ostrich-style defense.
You should understand that there is absolutely no way to protect the information which is shown in the browser. The only way to restrict an access to a script is to make it password protected.
Moreover, I suppose that a concerned user could easily guess the domain from which you are requesting the data, and then just bluntly take the token from the source of your page and then just use it at their own disposal. Consider storing the token inside your PHP code instead.
The code.
That said, your code could be syntactically improved as well. First of all, just like it said in the other answer, you could combine all conditions in one. But it mustn't be done at the expense of readability. So first define your conditions and then check them at once.
After that you could just write your code without any conditions. A loop is unnecessary if there is only one value in the array
$referrer = $_SERVER['HTTP_REFERER'] ?? '';
$access = preg_match('!^http://localhost/test!', $referrer);
$token = $_GET['token'] ?? '';
$source = $_GET['source'] ?? '';
$source_ok = $source == 'player';
if (!$referrer || !$access || !$token || !$source || !$source_ok) {
header('HTTP/1.1 404 Not Found');
die;
}
$urlPost = 'https://www.player.com/?token='.$token;
$url = file_get_contents($urlPost);
preg_match('/CONFIG = (.*)/', $url, $matches);
$jsn = json_decode($matches[1]);
$vdUrl = $jsn->streams[0]->url;
header('location:'.$vdUrl);
Note: if $_GET['source'] ?? ''; operator is giving you an error, consider upgrading your PHP version immediately, because it is not supported anymore.
answered 6 hours ago
Your Common SenseYour Common Sense
3,7461528
$endgroup$
add a comment |
$begingroup$
not a php expert but I think you might improve your code a bit to make it more clean.
the piece of code:
if($source == 'player'){
//check if the request is from the same domain
if(preg_match('/^http://localhost/test/', $_SERVER['HTTP_REFERER'])){
// your code...
} else {
die(header('HTTP/1.1 404 Not Found'));
}
} else {
die(header('HTTP/1.1 404 Not Found'));
}
might become simply
if(!$source == 'player' || !preg_match('/^http://localhost/test/', $_SERVER['HTTP_REFERER']))
die(header('HTTP/1.1 404 Not Found'))
//your code here
For your question I would wait for some expert
edited 1 hour ago
Roman
619214
answered 6 hours ago
MargonMargon
1194
New contributor
Margon is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
$begingroup$
Just for your info, no code that couldn't be read (because of scrolling) can be considered simple.
$endgroup$
– Your Common Sense
6 hours ago
$begingroup$
Yes i could have combined both conditions into one, thanks for the advice
$endgroup$
– 111111111111
6 hours ago
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
});
});
}, "mathjax-editing");
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "196"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f213936%2freading-source-code-and-extracting-json-from-a-url%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
The Security
The main point here is your assumption that HTTP_REFERER could prevent someone from using this code. Unfortunately it doesn't. Referrer, just like any other HTTP header, is easily faked, one is setting it routinely with any software that is doing HTTP requests. So be advised that it is an ostrich-style defense.
You should understand that there is absolutely no way to protect the information which is shown in the browser. The only way to restrict an access to a script is to make it password protected.
Moreover, I suppose that a concerned user could easily guess the domain from which you are requesting the data, and then just bluntly take the token from the source of your page and then just use it at their own disposal. Consider storing the token inside your PHP code instead.
The code.
That said, your code could be syntactically improved as well. First of all, just like it said in the other answer, you could combine all conditions in one. But it mustn't be done at the expense of readability. So first define your conditions and then check them at once.
After that you could just write your code without any conditions. A loop is unnecessary if there is only one value in the array
$referrer = $_SERVER['HTTP_REFERER'] ?? '';
$access = preg_match('!^http://localhost/test!', $referrer);
$token = $_GET['token'] ?? '';
$source = $_GET['source'] ?? '';
$source_ok = $source == 'player';
if (!$referrer || !$access || !$token || !$source || !$source_ok) {
header('HTTP/1.1 404 Not Found');
die;
}
$urlPost = 'https://www.player.com/?token='.$token;
$url = file_get_contents($urlPost);
preg_match('/CONFIG = (.*)/', $url, $matches);
$jsn = json_decode($matches[1]);
$vdUrl = $jsn->streams[0]->url;
header('location:'.$vdUrl);
Note: if $_GET['source'] ?? ''; operator is giving you an error, consider upgrading your PHP version immediately, because it is not supported anymore.
answered 6 hours ago
Your Common SenseYour Common Sense
3,7461528
$endgroup$
add a comment |
$begingroup$
The Security
The main point here is your assumption that HTTP_REFERER could prevent someone from using this code. Unfortunately it doesn't. Referrer, just like any other HTTP header, is easily faked, one is setting it routinely with any software that is doing HTTP requests. So be advised that it is an ostrich-style defense.
You should understand that there is absolutely no way to protect the information which is shown in the browser. The only way to restrict an access to a script is to make it password protected.
Moreover, I suppose that a concerned user could easily guess the domain from which you are requesting the data, and then just bluntly take the token from the source of your page and then just use it at their own disposal. Consider storing the token inside your PHP code instead.
The code.
That said, your code could be syntactically improved as well. First of all, just like it said in the other answer, you could combine all conditions in one. But it mustn't be done at the expense of readability. So first define your conditions and then check them at once.
After that you could just write your code without any conditions. A loop is unnecessary if there is only one value in the array
$referrer = $_SERVER['HTTP_REFERER'] ?? '';
$access = preg_match('!^http://localhost/test!', $referrer);
$token = $_GET['token'] ?? '';
$source = $_GET['source'] ?? '';
$source_ok = $source == 'player';
if (!$referrer || !$access || !$token || !$source || !$source_ok) {
header('HTTP/1.1 404 Not Found');
die;
}
$urlPost = 'https://www.player.com/?token='.$token;
$url = file_get_contents($urlPost);
preg_match('/CONFIG = (.*)/', $url, $matches);
$jsn = json_decode($matches[1]);
$vdUrl = $jsn->streams[0]->url;
header('location:'.$vdUrl);
Note: if $_GET['source'] ?? ''; operator is giving you an error, consider upgrading your PHP version immediately, because it is not supported anymore.
answered 6 hours ago
Your Common SenseYour Common Sense
3,7461528
$endgroup$
add a comment |
$begingroup$
The Security
The main point here is your assumption that HTTP_REFERER could prevent someone from using this code. Unfortunately it doesn't. Referrer, just like any other HTTP header, is easily faked, one is setting it routinely with any software that is doing HTTP requests. So be advised that it is an ostrich-style defense.
You should understand that there is absolutely no way to protect the information which is shown in the browser. The only way to restrict an access to a script is to make it password protected.
Moreover, I suppose that a concerned user could easily guess the domain from which you are requesting the data, and then just bluntly take the token from the source of your page and then just use it at their own disposal. Consider storing the token inside your PHP code instead.
The code.
That said, your code could be syntactically improved as well. First of all, just like it said in the other answer, you could combine all conditions in one. But it mustn't be done at the expense of readability. So first define your conditions and then check them at once.
After that you could just write your code without any conditions. A loop is unnecessary if there is only one value in the array
$referrer = $_SERVER['HTTP_REFERER'] ?? '';
$access = preg_match('!^http://localhost/test!', $referrer);
$token = $_GET['token'] ?? '';
$source = $_GET['source'] ?? '';
$source_ok = $source == 'player';
if (!$referrer || !$access || !$token || !$source || !$source_ok) {
header('HTTP/1.1 404 Not Found');
die;
}
$urlPost = 'https://www.player.com/?token='.$token;
$url = file_get_contents($urlPost);
preg_match('/CONFIG = (.*)/', $url, $matches);
$jsn = json_decode($matches[1]);
$vdUrl = $jsn->streams[0]->url;
header('location:'.$vdUrl);
Note: if $_GET['source'] ?? ''; operator is giving you an error, consider upgrading your PHP version immediately, because it is not supported anymore.
answered 6 hours ago
Your Common SenseYour Common Sense
3,7461528
$endgroup$
The Security
The main point here is your assumption that HTTP_REFERER could prevent someone from using this code. Unfortunately it doesn't. Referrer, just like any other HTTP header, is easily faked, one is setting it routinely with any software that is doing HTTP requests. So be advised that it is an ostrich-style defense.
You should understand that there is absolutely no way to protect the information which is shown in the browser. The only way to restrict an access to a script is to make it password protected.
Moreover, I suppose that a concerned user could easily guess the domain from which you are requesting the data, and then just bluntly take the token from the source of your page and then just use it at their own disposal. Consider storing the token inside your PHP code instead.
The code.
That said, your code could be syntactically improved as well. First of all, just like it said in the other answer, you could combine all conditions in one. But it mustn't be done at the expense of readability. So first define your conditions and then check them at once.
After that you could just write your code without any conditions. A loop is unnecessary if there is only one value in the array
$referrer = $_SERVER['HTTP_REFERER'] ?? '';
$access = preg_match('!^http://localhost/test!', $referrer);
$token = $_GET['token'] ?? '';
$source = $_GET['source'] ?? '';
$source_ok = $source == 'player';
if (!$referrer || !$access || !$token || !$source || !$source_ok) {
header('HTTP/1.1 404 Not Found');
die;
}
$urlPost = 'https://www.player.com/?token='.$token;
$url = file_get_contents($urlPost);
preg_match('/CONFIG = (.*)/', $url, $matches);
$jsn = json_decode($matches[1]);
$vdUrl = $jsn->streams[0]->url;
header('location:'.$vdUrl);
Note: if $_GET['source'] ?? ''; operator is giving you an error, consider upgrading your PHP version immediately, because it is not supported anymore.
answered 6 hours ago
Your Common SenseYour Common Sense
3,7461528
edited 2 hours ago
answered 6 hours ago
Your Common SenseYour Common Sense
3,7461528
answered 6 hours ago
Your Common SenseYour Common Sense
3,7461528
answered 6 hours ago
Your Common SenseYour Common Sense
3,7461528
3,7461528
add a comment |
add a comment |
$begingroup$
not a php expert but I think you might improve your code a bit to make it more clean.
the piece of code:
if($source == 'player'){
//check if the request is from the same domain
if(preg_match('/^http://localhost/test/', $_SERVER['HTTP_REFERER'])){
// your code...
} else {
die(header('HTTP/1.1 404 Not Found'));
}
} else {
die(header('HTTP/1.1 404 Not Found'));
}
might become simply
if(!$source == 'player' || !preg_match('/^http://localhost/test/', $_SERVER['HTTP_REFERER']))
die(header('HTTP/1.1 404 Not Found'))
//your code here
For your question I would wait for some expert
edited 1 hour ago
Roman
619214
answered 6 hours ago
MargonMargon
1194
New contributor
Margon is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
$begingroup$
Just for your info, no code that couldn't be read (because of scrolling) can be considered simple.
$endgroup$
– Your Common Sense
6 hours ago
$begingroup$
Yes i could have combined both conditions into one, thanks for the advice
$endgroup$
– 111111111111
6 hours ago
add a comment |
$begingroup$
not a php expert but I think you might improve your code a bit to make it more clean.
the piece of code:
if($source == 'player'){
//check if the request is from the same domain
if(preg_match('/^http://localhost/test/', $_SERVER['HTTP_REFERER'])){
// your code...
} else {
die(header('HTTP/1.1 404 Not Found'));
}
} else {
die(header('HTTP/1.1 404 Not Found'));
}
might become simply
if(!$source == 'player' || !preg_match('/^http://localhost/test/', $_SERVER['HTTP_REFERER']))
die(header('HTTP/1.1 404 Not Found'))
//your code here
For your question I would wait for some expert
edited 1 hour ago
Roman
619214
answered 6 hours ago
MargonMargon
1194
New contributor
Margon is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
$begingroup$
Just for your info, no code that couldn't be read (because of scrolling) can be considered simple.
$endgroup$
– Your Common Sense
6 hours ago
$begingroup$
Yes i could have combined both conditions into one, thanks for the advice
$endgroup$
– 111111111111
6 hours ago
add a comment |
$begingroup$
not a php expert but I think you might improve your code a bit to make it more clean.
the piece of code:
if($source == 'player'){
//check if the request is from the same domain
if(preg_match('/^http://localhost/test/', $_SERVER['HTTP_REFERER'])){
// your code...
} else {
die(header('HTTP/1.1 404 Not Found'));
}
} else {
die(header('HTTP/1.1 404 Not Found'));
}
might become simply
if(!$source == 'player' || !preg_match('/^http://localhost/test/', $_SERVER['HTTP_REFERER']))
die(header('HTTP/1.1 404 Not Found'))
//your code here
For your question I would wait for some expert
edited 1 hour ago
Roman
619214
answered 6 hours ago
MargonMargon
1194
New contributor
Margon is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
not a php expert but I think you might improve your code a bit to make it more clean.
the piece of code:
if($source == 'player'){
//check if the request is from the same domain
if(preg_match('/^http://localhost/test/', $_SERVER['HTTP_REFERER'])){
// your code...
} else {
die(header('HTTP/1.1 404 Not Found'));
}
} else {
die(header('HTTP/1.1 404 Not Found'));
}
might become simply
if(!$source == 'player' || !preg_match('/^http://localhost/test/', $_SERVER['HTTP_REFERER']))
die(header('HTTP/1.1 404 Not Found'))
//your code here
For your question I would wait for some expert
edited 1 hour ago
Roman
619214
answered 6 hours ago
MargonMargon
1194
New contributor
Margon is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 1 hour ago
Roman
619214
edited 1 hour ago
Roman
619214
edited 1 hour ago
Roman
619214
619214
answered 6 hours ago
MargonMargon
1194
New contributor
Margon is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 6 hours ago
MargonMargon
1194
answered 6 hours ago
MargonMargon
1194
1194
New contributor
Margon is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Margon is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Margon is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$begingroup$
Just for your info, no code that couldn't be read (because of scrolling) can be considered simple.
$endgroup$
– Your Common Sense
6 hours ago
$begingroup$
Yes i could have combined both conditions into one, thanks for the advice
$endgroup$
– 111111111111
6 hours ago
add a comment |
$begingroup$
Just for your info, no code that couldn't be read (because of scrolling) can be considered simple.
$endgroup$
– Your Common Sense
6 hours ago
$begingroup$
Yes i could have combined both conditions into one, thanks for the advice
$endgroup$
– 111111111111
6 hours ago
$begingroup$
Just for your info, no code that couldn't be read (because of scrolling) can be considered simple.
$endgroup$
– Your Common Sense
6 hours ago
$begingroup$
Just for your info, no code that couldn't be read (because of scrolling) can be considered simple.
$endgroup$
– Your Common Sense
6 hours ago
$begingroup$
Yes i could have combined both conditions into one, thanks for the advice
$endgroup$
– 111111111111
6 hours ago
$begingroup$
Yes i could have combined both conditions into one, thanks for the advice
$endgroup$
– 111111111111
6 hours ago
add a comment |
Thanks for contributing an answer to Code Review Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f213936%2freading-source-code-and-extracting-json-from-a-url%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
