SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Addict
    Join Date
    Aug 2001
    Location
    Los Angeles, CA
    Posts
    346
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Sorry if this is a stupid question (re: HTTP referer)

    Hi, I'm kind of rusty with my PHP...and I was wondering how I could use the HTTP referer (or something else) to make sure that a PHP page can only be viewed if the visitor's referer were a certain page. Sorry if this is a stupid question...thanks...

  2. #2
    SitePoint Addict
    Join Date
    Aug 2001
    Location
    Los Angeles, CA
    Posts
    346
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Bump.

  3. #3

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Something like this should give you a start, just add it at the top of the pages you want to apply it on.
    PHP Code:
    <?
        
    if ($_SERVER['HTTP_REFERER']!='whatever')
        {
            
    header('Location: http://wherever');
            exit;
        }
    ?>

  4. #4
    PHP manual bot bronze trophy Gaheris's Avatar
    Join Date
    Oct 2003
    Location
    Germany
    Posts
    2,195
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You should of course not forget that the referer cannot be trusted, it can be easily faked or not sent at all.

  5. #5
    SitePoint Addict
    Join Date
    Aug 2001
    Location
    Los Angeles, CA
    Posts
    346
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the info!

    But how can it be faked?

  6. #6
    ********* Callithumpian silver trophy freakysid's Avatar
    Join Date
    Jun 2000
    Location
    Sydney, Australia
    Posts
    3,798
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The HTTP_REFERRER header is sent by the client. Standard browsers such as IE, Mozilla, etc will of course report the HTTP_REFERRER truthfully. However, in general we cannot trust 100% any data sent by the client as it can be faked. For example, a client may be using a bot written to fake just about anything - the user-agent, the http-referrer, etc.

  7. #7
    "Of" != "Have" bronze trophy Jeff Lange's Avatar
    Join Date
    Jan 2003
    Location
    Calgary, Canada
    Posts
    2,063
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What freakysid said; also, some firewalls block referrers as well.
    Who walks the stairs without a care
    It shoots so high in the sky.
    Bounce up and down just like a clown.
    Everyone knows its Slinky.

  8. #8
    SitePoint Member
    Join Date
    Jun 2004
    Location
    Chicago
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Gaheris
    You should of course not forget that the referer cannot be trusted, it can be easily faked or not sent at all.
    Right, but what I'm looking for is how to get this info, or send this info from a page that used LOCATION, since REFER is not sent with LOCATION.

    And I'd rather not use location: my/path/page.pgp?refer=old_page.pgp

    I'd like to keep this "hidden" from users.

    Thanks

    Walter


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •