How to Verify the Requesting Server in PHP

how to verify the requesting server in php?

There are many ways this could be implemented.

This easiest way is to check the $_SERVER['HTTP_REFERER'] to see if it matches, although this is not 100% reliable, and is not true security.

A second method would be to use PHP's session functionality. This would require that the two servers use a shared session tracking area though, which is a much more advanced server setup.

A third method would be to use a shared MySQL server that both can access to verify requests. This will introduce latency, which may slow down the request a bit.

A fourth method would be to use a call back to the originating server to verify it did make the request. Server2 makes the request to Server1, then Server1 contacts Server2 and asks if the request it just received actually came from it.

A fifth method is to sign your request using a private/public key pair. This way you can verify for sure that the request came specifically from the server it claims it is.

How to check if a request if coming from the same server or different server?

Basically : you cannot.

With the HTTP protocol, each request is independent from the others.

A first idea would be to check the Referer HTTP header, but note that :

It can be faked (it's sent by the browser)
It is not always present.

So : not a reliable solution.

A possible, and far better than the Referer idea, solution could be to use a nonce :

When displaying the form, put a hidden input field in it, containing a random value
At the same time, store that random value into the session that correspond to the user.
When the form is submitted, check that the hidden field has the same value as the one that's stored in session.

If those two values are not the same, refuse to use the submitted data.

Note : this idea is often used to help fight against CSRF -- and integrated in the "Form" component of some Frameworks (Zend Framework, for instance).

Detecting request type in PHP (GET, POST, PUT or DELETE)

By using

$_SERVER['REQUEST_METHOD']

Example

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     // The request is using the POST method
}

For more details please see the documentation for the $_SERVER variable.

Determining if a html request comes from inside the office using PHP

If your requests comes from inside the lan then the $_SERVER['REMOTE_ADDR'] will be from a private ip address group, if if comes from outside the lan it will not.
Unless you have a poorly configured internal network, but this will probably not be the case.

look here for the correct address groups
http://en.wikipedia.org/wiki/Private_network

If your internal dns server resolves example.com to the public ip then the requests will appear to come from the public ip as well, so if this is the case you also know that the request came from inside.

PHP: How to detect direct requests of external visitors?

To add to what @Dharman suggested
jQuery adds a header to all its ajax request called HTTP_X_REQUESTED_WITH so you could simply check against this header in the $_SERVER global array.

Example:

if($_SERVER['HTTP_REFERER']!=$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"])
{
    // check if the request is ajax 
    if(isset($_SERVER['HTTP_X_REQUESTED_WITH']) &&
          $_SERVER['HTTP_X_REQUESTED_WITH']  == 'XMLHttpRequest' ){
          // ajax content loading
    }

    header ("Location: index.php");
}

Verify What Server Sends HTTP Request

Use SSL client-certificate authentication.

See also: Using client certificates with PHP.

How to Verify the Requesting Server in PHP