Checking ip when receiving a request from a flash file in php
I have a flash file that sends some request to a php file every 5 minutes. How can I check if a request was sent from a flash file from my site or from another location. I want to be sure that someone is not submitting requests from elsewhere. This is very important for security reasons. Will the following PHP code work?
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$user_ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$user_ip=$_SERVER['REMOTE_ADDR'];
}
source to share
If you want a truly secure solution, you need some kind of token mechanism.
When a client asks for a flash file, your PHP backend builds the following line:
user_id(if any):client_ip:clinet_forwarded_ip(if any):some_random_string
Then you need to encrypt that string with a symmetric secure algorithm like AES256. So this will be the access token for your flash. Then you pass this token using flashvars to flash, and on every flash request you need to send this token back to check its ID.
When you receive a token, you need to decrypt it, so first of all, if it decrypts it, it means that this token is encrypted with the corresponding key, which I assume only you have. Then you need to make sure that all the fields that were encapsulated in the token match the client that is sending the request. If any of the fields do not match, you need to decline this request.
source to share