Home/ Questions/Q 5985689
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T22:33:58+00:00

I’m attempting to pass a key via the $_SERVER[‘HTTP_REFERER’] (set via cURL) from one

  • 0

I’m attempting to pass a key via the $_SERVER[‘HTTP_REFERER’] (set via cURL) from one server to another, to then process some POST data and send an XML file back. I have the key stored in identical files on both servers (rotating them via cron job SCP) but when I read the key on the receiving end and compare to the referer it fails every time and throws the 418 back to me.

If I use if($refkey = "mykeyhere") instead of if($refkey = $key) it works properly, but obviously hard coding they key isn’t going to work here – I need to be able to read it from a file.

I’ve tried using strstr(), doing a cast with (string)$key however gettype() on both returns string so it should work. The key is being sent properly in $_SERVER[‘HTTP_REFERER’] and being read in properly from the file on the receiving end, I’ve echo’d both and they’re identical. Does anyone know why the comparison would fail, am I doing something stupidly, and obviously wrong? Thanks.

cURL request build code:

            $file = "key";
            $fh = fopen($file, 'r');
            $key = fread($fh, filesize($file));
            fclose($fh);
            $ch = curl_init();
            curl_setopt($ch, CURLOPT_URL, "http://example.com/xmlreq.php");
            curl_setopt($ch, CURLOPT_HEADER, 1);
            curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
            curl_setopt($ch, CURLOPT_FRESH_CONNECT, 1);
            curl_setopt($ch, CURLOPT_POST, 1);
            curl_setopt($ch, CURLOPT_REFERER, $key);
            curl_setopt($ch, CURLOPT_POSTFIELDS, "greeting=hello" );

            curl_exec($ch);
            curl_close($ch);

receiving code (xmlreq.php):

    if($_SERVER['REQUEST_METHOD'] === "POST" ){
            $file = "key";
            $fh = fopen($file, "r");
            $key = fread($fh, filesize($file));
            fclose($fh);
            $refkey = $_SERVER['HTTP_REFERER'];
            if($refkey == $key){
                    print_r("hello, world!"); // it should run this
            }else
                    header("HTTP/1.0 418 I'm a teapot"); // but runs this instead

    }else
            header("HTTP/1.0 404 Not Found");
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As a first troubleshooting step, on both sides, replace $key with trim($key). Alternatively, on the receiving side, change your if condition to if (trim($refkey) == trim($key)) {

    The file may contain a newline/carriage-return after the key, and it may NOT send that extra character in the referrer variable. The receiving side may be trying to compare the referrer with the one from the file, and the file version might have the newline included.

    • 0