Power By 专否社区

Check ip when getting request from flash file in php

Go To StackoverFlow.com

3

I have a flash file that sends some request to php file every 5 minutes. How can I check if the request from flash file has been sent from my website or from other place. I want to be shure that someone is not sending requests from other locations. It is very important for security reasons. Will the following PHP code work?

if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
    {
        $user_ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    else
    {
        $user_ip=$_SERVER['REMOTE_ADDR'];
    }
2012-04-04 08:01
by Rafael Sedrakyan
Requests from the flash file will always come from your users IP, since the file is executed locally on their machines - knittl 2012-04-04 08:18

2

If you want really secure solution you need to some sort of tokens mechanism.

When client requests for flash file your server side PHP builds following string:

user_id(if any):client_ip:clinet_forwarded_ip(if any):some_random_string

Then you need to encrypt this string with symetric secure algorithm like AES256. So this will be access token for your flash. Then you pass this token via flashvars to flash and on every request flash need to send this token back in order to verify it's identity.

On receiving token you need to decrypt it, so first of all if it decrypts it means that you've this token is encrypted by matching key, which I assume only you have. Then you need to verify that all fields that was encapsulated into token match to client that is sending request. If any of field fail to match you need to reject that request.

2012-04-04 10:01
by Alex Amiryan
Actualy I already have this kind of solution. But encrypted string for the first time is being created and inserted into database by java server. Then every 5 minutes java gets the string from database, passes it to flash and flash passes it to php. php cheks the string and if everything is right it generates the new one passes it to flash and inserts into database. Java is needed beacuse of the multiplayer platform we use.Howewer your answer was helpfull for me. If I generate encrypted string with php for the first time and not with java the flash will be bounded to website. Thanks for help - Rafael Sedrakyan 2012-04-05 05:37
Ads