2

I want to check only sites finished in : *.test.com and *.test1.com I tried :

if((preg_match('.\w+.test.com', $_SERVER['HTTP_ORIGIN'])) or (preg_match('.\w+.test1.com', $_SERVER['HTTP_ORIGIN']))){
}
Termininja
  • 6,620
  • 12
  • 48
  • 49
Harea Costicla
  • 797
  • 3
  • 9
  • 20
  • Try $urlcheck = expload("test.com",$_SERVER['HTTP_ORIGIN']); if(isset($urlcheck[1])) // it means it has test.com so your code goes here. Try it for both test.com and *.test1.com – Aammad Ullah Oct 21 '16 at 15:32
  • PHP requires delimiters for its regular expressions, http://php.net/manual/en/regexp.reference.delimiters.php. Those regexs should have been throwing errors. – chris85 Oct 21 '16 at 15:46

2 Answers2

6

For starters, you want the most reliable way to break down any given url. For this, you can use PHP's built-in parse_url function:

$host = parse_url($url, PHP_URL_HOST);

Then, you want to check whether or not it ends in test.com or test1.com, which you can do using a regex:

if (preg_match('/test1?\.com$/', $host)) {
    //match
}

The regex works like this:

  • test: matches a string literal "test"
  • 1?: Matches a literal 1, but it's optional, so both test and test1 will match
  • \.: a literal dot match
  • com: literal match for com
  • $: end of string. The expression will only match if the string ends in test.com or test1.com.

Just a word of warning: $_SERVER['HTTP_ORIGIN'], and in fact almost none of the $_SERVER values are to be trusted. You can read more on the subject here ( + linked pages)

How secure is HTTP_ORIGIN?

Community
  • 1
  • 1
Elias Van Ootegem
  • 74,482
  • 9
  • 111
  • 149
0

You could use str_pos. Str_pos will search inside the string,link,url.. The documentation link

Here is a little example

if(strpos($_SERVER['HTTP_ORIGIN'], 'test.com') !== false) {
    echo "found it";
}
Rafael Shkembi
  • 786
  • 6
  • 16
  • 1
    You're not checking for `test1.com`. you've tried to edit my answer: please read the question again: OP wants to check for _"test.com"_ ***and*** _"test1.com"_. In addition to `test1` not being checked. If I owned a domain like _"com.org"_, and had a _"test"_ subdomain, your check would not pick up on `HTTP_ORIGIN` being `test.com.org` – Elias Van Ootegem Oct 21 '16 at 15:51