Is there a way to see if a certain page referred you to it?

For example I have a login script and it goes to a page that validates them and such but i dont want direct access to that page allowed, meaning that, the page will check to see if it was accessed by index.php which contains a form that sends the user to it. Does anybody know? or follow me?

Thank you.
Musya

you would need to add this to your site:


I would then suggest exploding the result and comparing it in an if, else statement... since it's possible to go through http://site.com OR through http://www.site.com, the if needs to contain "http://site" and "site".



I just threw this together quickly, so it might need some tweaking, but it should work =)

i made one in JS earlier for outgoing links, so it's very similar.

This post has been edited by JBrace1990: 31 May, 2008 - 04:22 PM

Well first if you design the validation page correctly you can make it check for the username and pass and if not provided, simply die or redirect back to the sign in screen.

That would be my first choice and is very secure. But to answer your point more directly yes, there is a way to check the "referrer" that referred the user to the validation page.

It is in the super global array as $_SERVER["HTTP_REFERER"]. But as the PHP.net page says, and you should already know, this can't be truly relied on. People could directly type in the URL of the validation page and not have a referrer. But in most cases this variable will be populated with the referring page.

Just use with caution and again, if you simply test that the user provided a username and pass, it really shouldn't matter where that data comes from... as long as it is validated for correctness and puts the user where they need to go on success or failure.

I hope that helps you out! Enjoy!


Edit: Just want you to know that $HTTP_REFERER has been deprecated for a long time and $_SERVER["HTTP_REFERER"] be used in its place.



This post has been edited by Martyr2: 31 May, 2008 - 04:28 PM

There a couple of ways of doing this. The first is that you could try to use the $_SERVER['HTTP_REFERER'] variable.



Be sure to put that at the top of your apge. needpermission.php is the page that you to redirect to. HTTP_REFERER doesn't always work though, so it can be very unreliable. You may want to set a session variable on the index page. If so, on your index page put the following



Then at the top of your processing processing page you would put



Hope that helps. Let me know if you need any more assistance.

If all you need to do is make sure that the referrer contains a certain keyword/domain, you could always use a regular expression, too - I had a guy linking to one of my sites that I didn't want linking to my site, and this is what I used to redirect all requests from his site to my pretty pony:

...And you'd just replace 'yourwordhere' with whatever you wanted to be in their referrer - that could be a specific query string parameter, a URL, or even just a www - whatever you want.