4 Replies - 748 Views - Last Post: 02 June 2008 - 07:48 PM Rate Topic: -----

#1 musya  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 11
  • View blog
  • Posts: 1,012
  • Joined: 25-April 07

checking refferal page

Posted 31 May 2008 - 03:25 PM

Is there a way to see if a certain page referred you to it?

For example I have a login script and it goes to a page that validates them and such but i dont want direct access to that page allowed, meaning that, the page will check to see if it was accessed by index.php which contains a form that sends the user to it. Does anybody know? or follow me?

Thank you.
Musya
Is This A Good Question/Topic? 0
  • +

Replies To: checking refferal page

#2 JBrace1990  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 110
  • View blog
  • Posts: 760
  • Joined: 09-March 08

Re: checking refferal page

Posted 31 May 2008 - 05:21 PM

you would need to add this to your site:
$ref=@$HTTP_REFERER; 


I would then suggest exploding the result and comparing it in an if, else statement... since it's possible to go through http://site.com OR through http://www.site.com, the if needs to contain "http://site" and "site".

<?php
$ref=@$HTTP_REFERER; 
$ref = explode(".",$ref);
if($ref[0] = "http://site"||$ref[1] = "site"){/*code to be executed*/}
else{/*code to be executed*/}


I just threw this together quickly, so it might need some tweaking, but it should work =)

i made one in JS earlier for outgoing links, so it's very similar.

This post has been edited by JBrace1990: 31 May 2008 - 05:22 PM

Was This Post Helpful? 0
  • +
  • -

#3 Martyr2  Icon User is offline

  • Programming Theoretician
  • member icon

Reputation: 4361
  • View blog
  • Posts: 12,180
  • Joined: 18-April 07

Re: checking refferal page

Posted 31 May 2008 - 05:26 PM

Well first if you design the validation page correctly you can make it check for the username and pass and if not provided, simply die or redirect back to the sign in screen.

That would be my first choice and is very secure. But to answer your point more directly yes, there is a way to check the "referrer" that referred the user to the validation page.

It is in the super global array as $_SERVER["HTTP_REFERER"]. But as the PHP.net page says, and you should already know, this can't be truly relied on. People could directly type in the URL of the validation page and not have a referrer. But in most cases this variable will be populated with the referring page.

Just use with caution and again, if you simply test that the user provided a username and pass, it really shouldn't matter where that data comes from... as long as it is validated for correctness and puts the user where they need to go on success or failure.

I hope that helps you out! Enjoy!


Edit: Just want you to know that $HTTP_REFERER has been deprecated for a long time and $_SERVER["HTTP_REFERER"] be used in its place.

:)

This post has been edited by Martyr2: 31 May 2008 - 05:28 PM

Was This Post Helpful? 0
  • +
  • -

#4 akozlik  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 90
  • View blog
  • Posts: 797
  • Joined: 25-February 08

Re: checking refferal page

Posted 31 May 2008 - 05:29 PM

View Postmusya, on 31 May, 2008 - 03:25 PM, said:

Is there a way to see if a certain page referred you to it?

For example I have a login script and it goes to a page that validates them and such but i dont want direct access to that page allowed, meaning that, the page will check to see if it was accessed by index.php which contains a form that sends the user to it. Does anybody know? or follow me?

Thank you.
Musya


There a couple of ways of doing this. The first is that you could try to use the $_SERVER['HTTP_REFERER'] variable.

<?php

$lastpage = $_SERVER['HTTP_REFERER'];

if ($lastpage != "index.php") {
	header("Location: needpermission.php");
}

// The rest of your page goes here

?>



Be sure to put that at the top of your apge. needpermission.php is the page that you to redirect to. HTTP_REFERER doesn't always work though, so it can be very unreliable. You may want to set a session variable on the index page. If so, on your index page put the following

<?
session_start();
$_SESSION['indexAccessed'] = true;

// The rest of your index pages code

?>



Then at the top of your processing processing page you would put


<?php
	 if ( ! ($_SESSION['indexAccessed']) ) {
		  header("Location: redirectpage.php");
	 }

	 $_SESSION['indexAccessed'] = false;

	// Process the form
?>




Hope that helps. Let me know if you need any more assistance.
Was This Post Helpful? 0
  • +
  • -

#5 girasquid  Icon User is offline

  • Barbarbar
  • member icon

Reputation: 108
  • View blog
  • Posts: 1,825
  • Joined: 03-October 06

Re: checking refferal page

Posted 02 June 2008 - 07:48 PM

If all you need to do is make sure that the referrer contains a certain keyword/domain, you could always use a regular expression, too - I had a guy linking to one of my sites that I didn't want linking to my site, and this is what I used to redirect all requests from his site to my pretty pony:
<?php
if(preg_match('/yourwordhere/',$_SERVER['HTTP_REFERER'])) {
	header('Location: [url="http://www.hasbro.com/mylittlepony/');"]http://www.hasbro.com/mylittlepony/');[/url]	
}
?>


...And you'd just replace 'yourwordhere' with whatever you wanted to be in their referrer - that could be a specific query string parameter, a URL, or even just a www - whatever you want.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1