CODEWITHSUNDEEP
javascriptphpcurl
John Doe
John Doe

Reputation: 29

Get where requests coming from to my website

I'm having a simple PHP page that generates random json values and returns it to the user. I want to know what website is using this page to get data using curl or javascript. for example:

the PHP page:

$datas['random'] = ['firstValue'=>'Hello', 'secondValue'=>'world'];
header('Content-Type: application/json');
echo json_encode($datas);

now that code will return this value

{"random":{"firstValue":"Hello","secondValue":"world"}}

what I want to do is: if someone used this file in his website using curl or javascript I want to be able to know which website is using it and what website requested it.

if the website http://example.com used this code in the website 

var xhttp = new XMLHttpRequest();

                  xhttp.onreadystatechange = function () {
                      if (this.readyState === 4) {
                          if (this.status === 200) {
                              resolve(this.responseText);
                          } else if (this.response == null && this.status === 0) {
                              var reason = new Error('OFFLINE');
                              reject(reason);
                          } else {
                              var reason = new Error('ERROR');
                              reject(reason);
                          }
                      }
                  };


              xhttp.open("GET", "jsonpage.php", true);
              xhttp.send();

I want to be able to know that the website http://example.php requested the file, without using extra value jsonpage.php?website=example.com

is there any way to do it using PHP.

Upvotes: 1

Views: 1074

Answers (2)

Youssef Al Subaihi
Youssef Al Subaihi

Reputation: 136

you can using $_SERVER['HTTP_REFERER'] which will gives you which website is getting your info's but it's not really reliable because it's easy to change from the source.

Upvotes: 0

dearsina
dearsina

Reputation: 5192

You can check the IP address of the party making the call to jsonpage.php, but to the best of my knowledge, not the domain.

$_SERVER['REMOTE_ADDR'] contains the real IP address of the connecting party. That is the most reliable value you can find.

However, they can be behind a proxy server in which case the proxy may have set the $_SERVER['HTTP_X_FORWARDED_FOR'], but this value is easily spoofed. For example, it can be set by someone without a proxy, or the IP can be an internal IP from the LAN behind the proxy.

Finally, if your concern is that only some people should have access to jsonpage.php, I suggest you implement either a public/private API key or oAuth to ensure only the right people have access.

Further reading: How to get the client IP address in PHP

Upvotes: 1

Related Questions