For reasons beyond the scope of this post, I would like to verify in PHP if post data was sent from the same server, but I would like to avoid using a token. If completely necessary, I can use one, but I would be very helpful if I didn't have to.
Is this possible? If not, why?
Thanks!
Yes, you can check the remote address for the IP address of the request sender using $_SERVER['REMOTE_ADDR']. Do it like this:
if( $_SERVER['REMOTE_ADDR'] == $your_Server_IP_Address)
echo 'From same server';
else
echo 'from different server';
Related
I am using zend framework to send emails. I have an Hostname::ALLOW_DNS validator. It fails when trying to send email to yahoo.gr. I get this error:
An error occurred
An error occurred during execution; please try again later.
Additional information:
Zend\Mail\Exception\InvalidArgumentException
File:
/var/www/file/project/vendor/zendframework/zendframework/library/Zend/Mail/Address.php:41
Message:
'yahoo.gr ' is not a valid hostname for the email address
The email is smth#yahoo.gr. Any suggestions?
From your error, the only problem I can see is the whitespace 'yahoo.gr ' which will/can cause failure of validation.
Fix Suggestion 1:
You should start using trim() on your GET/POST "email" value.
Fix Suggestion 2:
Which is by the way in the documentation:
Validating only the local part
If you need Zend\Validator\EmailAddress to check only the local part of an email address, and want to disable validation of the hostname, you can set the domain option to FALSE. This forces Zend\Validator\EmailAddress not to validate the hostname part of the email address.
$validator = new Zend\Validator\EmailAddress();
$validator->setOptions(array('domain' => FALSE));
Fix Suggestion 3:
Which is by the way in the documentation as well:
Validating different types of hostnames
The hostname part of an email address is validated against Zend\Validator\Hostname. By default only DNS hostnames of the form domain.com are accepted, though if you wish you can accept IP addresses and Local hostnames too.
To do this you need to instantiate Zend\Validator\EmailAddress passing a parameter to indicate the type of hostnames you want to accept. More details are included in Zend\Validator\Hostname, though an example of how to accept both DNS and Local hostnames appears below:
$validator = new Zend\Validator\EmailAddress(
Zend\Validator\Hostname::ALLOW_DNS |
Zend\Validator\Hostname::ALLOW_LOCAL);
if ($validator->isValid($email)) {
// email appears to be valid
} else {
// email is invalid; print the reasons
foreach ($validator->getMessages() as $message) {
echo "$message\n";
}
}
Well, no more suggestions. I wish you good luck!
The End.
I have am using websocket and trying to merge with my custom PHP app and Mysql database. In Database I store IP, ClientID and username when user connects to server. These infromation are to be used when user disconnect from websocket server or sends message. I run server.php with php server.php
The server page is https://github.com/Flynsarmy/PHPWebSocket-Chat/blob/master/server.php
As mentioned above I stored necessary information in Mysql database to identify which users sends message, disconnect and connect.
So for that I need to identify my own mechine IP for further identification with various clients. So when I try to use
<?php
echo $_SERVER["REMOTE_ADDR"];
in server.php. It gives an error saying undefined.
You don't.
WebSockets does not deal with web requests. The $_SERVER superglobal does not get populated because it does not make sense to populate it.
Deal with the socket connections directly.
You most likely want to play around with socket_getsockname().
Please try this,
var_dump($_SERVER);
and check if it prints... [REMOTE_ADDR] => .......
But if you are after clients IP,
as a PHP developer I use following code
$ip=NULL;
if (!empty($_SERVER['HTTP_CLIENT_IP']))
$ip = $_SERVER['HTTP_CLIENT_IP'];
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
else
$ip = $_SERVER['REMOTE_ADDR'];
I'd like to know how can I check if I have a valid e-mail, including the domain.
For example,
e-mails like:
email1#gmail.com, email2#hotmail.com should return true,
but e-mails like:
email3#gmal.com, email4#hotmai.com should return false.
How can we do this?
I can check if a e-mail is a valid one with filter_var($email, FILTER_VALIDATE_EMAIL), but this don't guarantee that we can send the e-mail (email3#gmal.com is a example). How can we guarantee that we have a valid domain?
You could create a whitelist of acceptable domains but that would no doubt leave out many valid services.
You could try to connect to the domain on the appropriate port after doing an MX dig but what if the service is down for an hour for maintenance?
The best way to determine if an email is valid is by sending a verification code and have the user click on/enter the code after receiving the email.
You could use CURL to check if domain exist, this option is very simple but works very well. Is fast to implement.
Check this response for well tested solution:
- https://stackoverflow.com/a/12547629/1146492
To get domain email you can use something like this:
<?php
function getDomainFromEmail($email)
{
// Get the data after the # sign
$domain = substr(strrchr($email, "#"), 1);
return $domain;
}
// Example
$email = 'the_username_here#yahoo.com';
$domain = getDomainFromEmail($email);
echo $domain; // yahoo.com
?>
And than use CURL for fast check.
One possible solution is to attempt to connect to the domain and see if it's successful or not:
if(fopen("http://$domain"))
{
echo "success, valid domain";
} else {
echo "failure, not valid domain";
}
Where $domain is the portion of the email address following the # symbol. (This can be obtained using regular expressions).
I want to collect data from email to mysql database using php.
If some one is sent a mail to their mail account to my mail id. I want that mail information to store in my database. for further operation. It is possible in PHP because I saw this feature in one hosting support application Kayako Fusion which developed by PHP.
So plese give some information to do this task.
If you want to parse with PHP the best way is to use a 3rd party API to revive the email and then send it to your PHP script with a HTTP Post.
I'd recommend using either sendgrid.com or mailgun.com
Both of these services will parse the email and send you the information in a http POST that you can then insert into mysql. API docs for both: MailGun Incoming Parse API / SendGrid Incoming Parse API
You can use the imap functions, for example:
<?php
$imap = imap_open("{server.example.com:143}INBOX" , 'login' , 'password');
if( $imap ) {
//Check no.of.msgs
$num = imap_num_msg($imap);
//if there is a message in your inbox
if( $num >0 ) {
//read that mail recently arrived
$the_message = imap_body($imap, $num);
//Do the stuff with $the_message
}
//close the stream
imap_close($imap);
}
You'll have to setup a cronjob (scheduled task on Windows) that connects to the Exchange or POP server, retrieve's all new emails sinds the last run and insert them into the DB.
In case of a POP mail server(I think POP will be easier), there is a comment here with all functions you need right -> here. If that doesn't work, try Googling for "PHP POP wrapper" or something similar.
In case of a Microsoft Exchange server, you'd have to use a PHP Exchange wrapper, found one here for you.
Goodluck!
You can pipe your email to a php script and then extract each part of email and store it in data base.
check this example
when you get content of email you can do what ever you want
How can we track the Real IP address behind the proxy using PHP?I mean a pure PHP implementation.Because they can turn off the js of their browsers.BTW when the JS is turn on I may use HTML 5 geolocation so I don't need the IP address to locate the user.
You can look at the X-Forwarded-For HTTP header if one is sent, but there is no guaranteed way to know.
This PHP code will work, and is useful for forward and reverse proxies. For reverse proxies, note that the X_FORWARDED_FOR header information, if available at all, can be forged and should not be trusted at all.
if($_SERVER["HTTP_X_FORWARDED_FOR"] != ""){
$IP = $_SERVER["HTTP_X_FORWARDED_FOR"];
$proxy = $_SERVER["REMOTE_ADDR"];
$host = #gethostbyaddr($_SERVER["HTTP_X_FORWARDED_FOR"]);
}else{
$IP = $_SERVER["REMOTE_ADDR"];
$proxy = "No proxy detected";
$host = #gethostbyaddr($_SERVER["REMOTE_ADDR"]);
}
The user who is behind a proxy does not have a globally routable IP address. If you want to maintain session state, you're better off having a session key you generate, and setting it as a cookie, or keeping it in the URL (there are tradeoffs with that approach).
If you really want to find out what their IP address is on their own network, you could probably use javascript in the page to find it out, and then send it back to your server.