Is it possible to fake or fake the PHP variable $ _SERVER ['SERVER_NAME']? I planned to use this as a security measure to publish a form. I would check that the variable was the name of my site (www.example.com). I know that HTTP_REFERRER can be faked, but I was not sure about that.
Thank!
Actually $ _SERVER ['SERVER_NAME'] can be affected by what the client browser sends ... See http://shiflett.org/blog/2006/mar/server-name-versus-http-host for a cross-cutting investigation about this question.
. , SERVER_NAME , . , .
, . PHP, Apache, Apache, - PHP, CGI NGINX IIS, PHP, CLI, , - , . .
, .
$_SERVER['SERVER_NAME'] = ... // this can go above all your scripts
You can not fake, restrain, but will always return the name of your site. This is useful if you run several sites from the same script and, for example, use a different database depending on the host name provided.
PHP documentation says:
'SERVER_NAME' The name of the server host under which the current script is executing. If the script is running on a virtual host, this will be the value defined for that virtual host.