检查用户请求我的网站正在使用URL访问或脚本src |链接href请求

时间:2016-06-04 07:59:16

标签: javascript php jquery html

现在我正在做自己的事情,就像Rawgit一样,以防万一丢弃

这是我的PHP代码

<?php
$urlquery = $_SERVER['QUERY_STRING'];
$fullurl = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];

$code = file_get_contents($urlquery);

echo $code;

 ?>

这段代码是某种脚本src |的工作查找样式链接请求

但是当我尝试这样的时候

<?php
$urlquery = $_SERVER['QUERY_STRING'];
$fullurl = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];

$code = file_get_contents($urlquery);


echo '<code style="word-wrap: break-word; white-space: pre-wrap;">'.$code.'</code>'

 ?>

从URL请求看起来不错,但是没有从脚本src |开始工作styel链接请求

我认为检查用户的方法是使用URL或某些请求看起来像这样

<?php
$urlquery = $_SERVER['QUERY_STRING'];
$fullurl = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];

$code = file_get_contents($urlquery);

echo $code;

if ( user is form URL visiting my site ) {
  echo '<code style="word-wrap: break-word; white-space: pre-wrap;">'.$code.'</code>'
}else {
  //User is scripting
  echo $code
}

 ?>

1 个答案:

答案 0 :(得分:0)

您可以使用$_SERVER['HTTP_ACCEPT']检查来自脚本SRC或不是

的请求

如果直接或不是src标题将如下所示:

Host: localhost
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36     (KHTML, like Gecko) Chrome/52.0.2743.24 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
DNT: 1
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: __utma=111872281.760768228.1462861525.1462861525.1462882676.2; __utmz=111872281.1462861525.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

如果从src看起来像:

Host: localhost
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36     (KHTML, like Gecko) Chrome/52.0.2743.24 Safari/537.36
Accept: */*
DNT: 1
Referer: http://localhost/b/jwplayer/test.txt.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: __utma=111872281.760768228.1462861525.1462861525.1462882676.2; __utmz=111872281.1462861525.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

在firefox和chrome上测试。

不同之处在于标题接受:

直接会&#34; Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 &#34;

来自src的

&#34; */* &#34;

来自css href&#34; text/css,*/*;q=0.1 &#34;

所以你可以使用脚本:

<?php
$acceptheader=explode(',',$_SERVER['HTTP_ACCEPT']);
if(in_array("text/html", $acceptheader)){
    echo '<pre class="prettyprint">var variable="i am direct & not from SRC";</pre>';
}else{
    echo 'var variable="i am from SRC";';
}

不要忘记在Chrome上添加标题(&#39;内容类型:mime&#39;); ; href将无法使用set set&#34; text / CSS &#34;

相关问题
最新问题