PHP redirect based on referer

allow access only if coming from two specific url's

Page 1 of 1

7 Replies - 19713 Views - Last Post: 07 January 2009 - 10:13 AM Rate Topic: -----

#1 midasxl   User is offline

  • D.I.C Head

Reputation: 2
  • View blog
  • Posts: 212
  • Joined: 03-December 08

PHP redirect based on referer

Post icon  Posted 02 January 2009 - 09:32 AM

Hello and thanks for your time. I am attempting a PHP redirect using the referer as the determining factor. I want to redirect to a new page ONLY if the user is coming from a specific url. I have a working script using just one referer URL.

What I would like to do is add three more URL's, so that the redirect will work if the user is coming from any one of those four. I tried to add the url's using the "or" operator ( || ) but no go. Any ideas?

The following code is what I would like it to do, but the || operators are not doing the trick. Are they the right solution? Are they in the wrong place? etc. Thank you!!

<?
$referer = $_SERVER['HTTP_REFERER'];
if ( $referer != "http://first_url" || "http://second_url" || "http://third_url" || "http://fourth_url" ) {
  header('Location: http://desired_url);
  exit;
};
?>



Is This A Good Question/Topic? 0
  • +

Replies To: PHP redirect based on referer

#2 William_Wilson   User is offline

  • lost in compilation
  • member icon

Reputation: 207
  • View blog
  • Posts: 4,812
  • Joined: 23-December 05

Re: PHP redirect based on referer

Posted 02 January 2009 - 09:49 AM

it does work, but you need to specify the variable in each or:
if ( $referer != "http://first_url" || $referer != "http://second_url") {
as an example

you may be able to do something like:
if ( !($referer == "http://first_url" || "http://second_url")) {
but I have not tried this.

Personally I would use a loop with an array of urls, thus if the list gets longer you do not need to make your if statement longer.
A database would be the best option, but I do not know if you have one available.
Was This Post Helpful? 0
  • +
  • -

#3 snoj   User is offline

  • Married Life
  • member icon

Reputation: 93
  • View blog
  • Posts: 3,583
  • Joined: 31-March 03

Re: PHP redirect based on referer

Posted 02 January 2009 - 10:04 AM

You could also use in_array() instead of a loop!

$fromURL = array("http://example.com","https://my.email.net","http://etc.al");

if(in_array($referer,$fromURL)) {
   do_something_awesome();
}


This post has been edited by snoj: 02 January 2009 - 10:04 AM

Was This Post Helpful? 0
  • +
  • -

#4 brawnyman713   User is offline

  • D.I.C Head
  • member icon

Reputation: 0
  • View blog
  • Posts: 139
  • Joined: 21-October 07

Re: PHP redirect based on referer

Posted 02 January 2009 - 10:23 PM

It looks like in your code you're using or '||'. Shouldn't you be using and '&&'? What your code is saying is 'If the referrer is not equal to this or the referrer is not equal to that'. Did you mean to say 'if the referrer is not equal to this AND the referrer is not equal to that'?

And one more thing. Because the referer is a header that comes from the client, it can be spoofed. So if you're planning on using this for something big, I'd suggest increasing the security, because this little measure can be bypassed
Was This Post Helpful? 0
  • +
  • -

#5 snoj   User is offline

  • Married Life
  • member icon

Reputation: 93
  • View blog
  • Posts: 3,583
  • Joined: 31-March 03

Re: PHP redirect based on referer

Posted 03 January 2009 - 12:53 AM

Good catch brawny! However, if he did go that route, he would need to take away the !....if it worked.

Anyway, I did some testing with php 5.2.4 and here's my results.

echo ("a" === true || false || 2); //url not on the list
echo ("a" !== true || false || 2); //url not on the list
echo (bool) (true === true || false || 2); //url on the list
echo (bool) (true !== true || false || 2); //url on the list



All four result in 1, and so if we plugged in your referrer stuff, you'd see that no matter what, you'd be redirected to the "secure" location.
Was This Post Helpful? 0
  • +
  • -

#6 Rechocto   User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 50
  • Joined: 04-January 09

Re: PHP redirect based on referer

Posted 04 January 2009 - 05:10 AM

I Had\have 3 sites running off of one computer (one IP address) with separate noip's.. this is basically what I do (names\links removed so it doesn't appear that I am advertising)
<?php
$dir = Index2.php;
$sn = strtolower($_SERVER['SERVER_NAME']);
if(strpos($sn, "firstsite") !== false) {
	$dir = "/firstdir/index.php";
} else if (strpos($sn, "secondsite") !== false) {
	$dir = "seconddir/index.php";
} else if (strpos($sn, "thirdsite") !== false) {
	$dir = "/thirddir/index.php";
}

header( 'Location: ' . $dir );

?>



This can be changed to use $_SERVER['HTTP_REFERRER'] and full URLs pretty easily.
You have the basic Idea down, but you are basically pitting
if ("something") { /*go here*/ }

"something" != 0, therefore is true. you NEED:
if($something == "something") { /* go here */ }

define your variable in EACH conditional statement... or make a bool function to handle that and use that for each condition.

for example:

function C($s) { if($s == $_SERVER['HTTP_REFERRER']) { return true; } else { return false; } }

if( C("first_url") || C("second_url") || C("third_url") ) {
	//goto the secure location!
}




which may work better in your situation :)
Was This Post Helpful? 0
  • +
  • -

#7 Hary   User is offline

  • D.I.C Regular

Reputation: 44
  • View blog
  • Posts: 427
  • Joined: 23-September 08

Re: PHP redirect based on referer

Posted 04 January 2009 - 11:44 AM

If you just want to host multiple sites, why do you want to do the redirect of the hostname yourself? Isn't it easier to let your web server handle those things in a vhost?

@Rechocto:
That last function is an example of a bad coding habit. If your code grows, no one will ever know what function C() does. Even with small examples, you'd better use good describing variable names.
Was This Post Helpful? 0
  • +
  • -

#8 midasxl   User is offline

  • D.I.C Head

Reputation: 2
  • View blog
  • Posts: 212
  • Joined: 03-December 08

Re: PHP redirect based on referer

Posted 07 January 2009 - 10:13 AM

Wow, thanks for all the information. I have certainly learned alot from your posts. I ended up going this route

<?
$referer = $_SERVER['HTTP_REFERER'];
$fromURL = array("http://www.siteone.com","http://www.sitetwo.com","http://www.sitethree.com/","http://www.sitefour.com");
if(!in_array($referer,$fromURL)) {
  header('Location: http://www.desiredURL.com/errorpage.html);
  exit;
};
?>



This seems to be working fine. Anyone see anything wrong with it? I'm concerned about security issues.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1