OK sorry, basically I want to detect if an incoming referer is registered in my database but I cannot do this if the referer came from an https url. The $_SERVER is just blank if the link to the script is from a https:// site but shows for http:// site.
I have scripts that I want to allow access to via a token and if the token is correct they have access to the script. I wanted to stop someone copying the url to the script with the token by checking the incoming referer. The domain that the script is allowed to run on is encrypted in the token but I cannot check that against the referer if it's from an SSL enabled site.
I know using referers etc can be spoofed, I'm just doing a small token license thing to monitor the usage of some of my scripts rather than trying to stop them being copied.
The token holds some data that I use cURL to check against my database, if it checks out then the script is available to them, otherwise it's not. It's just the start to something I'm putting together for some of my custom mootools work that I license out for free to my clients. I just want to make sure that it's being used in the correct manor. Many of my clients use my servers so if the server goes down their site goes down as well so there's no point worrying about if my server is down, that the script isn't available. Again this is just an idea I want to work on.