When is it possible for $_SERVER['SERVER_NAME'] to contain something other than the URL which actvated the script? [message #179832] |
Tue, 11 December 2012 10:53 |
Tony Marston
Messages: 57 Registered: November 2010
Karma:
|
Member |
|
|
I always understood than when activated through a web browser that
$_SERVER['SERVER_NAME'] and $_SERVER['HTTP_HOST'] identified the domain name
under which the script was being run, but I have come across some instances
where both SERVER_NAME and HTTP_HOST appear to be spoofed, and I wondered if
this is legitimate or not.
I have an application which exists on a live server and a test server, with
a different database for each, and they both share a common config file
which identifies which server it is running on so that it can use the
relevant database credentials. If the server name does not match either of
the live or test domain names (such as mydomain.com and test.mydomain.com)
then it uses invalid credentials which causes an error when attempting to
access the database. I never though that this error would ever appear, but
lately I have been getting errors such as the following:
Fatal Error: mysqli_connect(): Access denied for user 'default'@'localhost'
(using password: YES).
Error in line 259 of file
'/var/www/vhosts/mydomain.com/httpdocs/transix/includes/dml.mysqli.class.in c'.
PHP_SELF: /index.php
CURRENT DIRECTORY: /var/www/vhosts/mydomain.com/httpdocs
SERVER_ADDR: nnn.nnn.nnn.nnn
SERVER_NAME: www.yahoo.com
HTTP_HOST: www.yahoo.com
REMOTE_ADDR: 109.108.142.236
REQUEST_URI: http://www.yahoo.com/
In order to run this script on my live server the URL should have been
www.mydomain.com but here you can see it reported as www.yahoo.com. How is
this possible?
Tony Marston
http://www.tonymarston.net
http://www.radicore.org
|
|
|