SitePoint Sponsor

User Tag List

Results 1 to 14 of 14
  1. #1
    midnight coder
    Join Date
    Dec 2000
    Location
    The flat edge of the world
    Posts
    838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have a registration form, people fill in the form, click submit, and it goes to the next step. I want to make sure that people started right from the start, and didn't skip pages. Here's my script:

    PHP Code:
    <?php

    case 'register2':
        
    //add user details from case 'register' to db

    //check to make sure they came from page.php?action=register
    if ($HTTP_REFERRER != '$PHP_SELF?action=register')
        {

        
    ?>
        <meta http-equiv="refresh" content="0; url=<?=$PHP_SELF ?>?action=register">
        <?

        
    exit;
        }

    ?>
    I'm pretty sure I have some sort of syntax error at the line

    if ($HTTP_REFERRER != '$PHP_SELF?action=register')

    I'm not too sure how to correct it...

  2. #2
    ********* wombat firepages's Avatar
    Join Date
    Jul 2000
    Location
    Perth Australia
    Posts
    1,717
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    spelling? (not sure which is the 'correct' spelling) but


    $HTTP_REFERER

    is what PHP expects

  3. #3
    ********* Callithumpian silver trophy freakysid's Avatar
    Join Date
    Jun 2000
    Location
    Sydney, Australia
    Posts
    3,798
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First - its $HTTP_REFERER PHP like myself cannot spell

    Second - the problem is that you are using single quotes:
    if*($HTTP_REFERRER*!=*'$PHP_SELF?action=register')
    and you should use double quotes instead.

    PHP treats strings enclosed by single quotes differently to strings enclosed by double quotes. PHP does *not* parse the contents of a single quote string. However, PHP parses the contents of a double quote string and substitutes the values of variables in the string. For example;

    $foo = 'foo';
    echo 'foo is: $foo';

    will output : foo is $foo

    However,
    echo "foo is: $foo";

    will output: foo is foo

    So this should do the trick:
    if*($HTTP_REFERRER*!=*"$PHP_SELF?action=register")


  4. #4
    ********* wombat firepages's Avatar
    Join Date
    Jul 2000
    Location
    Perth Australia
    Posts
    1,717
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    or

    if ($HTTP_REFERER != "$PHP_SELF?action=register")


  5. #5
    ********* Callithumpian silver trophy freakysid's Avatar
    Join Date
    Jun 2000
    Location
    Sydney, Australia
    Posts
    3,798
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    or ...

    Duh! Thank's firepages (me bad - lazy cut and paste job)

  6. #6
    SitePoint Guru
    Join Date
    Jan 2001
    Location
    Alkmaar, Netherlands
    Posts
    710
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It can be nice to have a hidden variable in your form called
    PHP Code:
    <input name="currentpage" TYPE="HIDDEN" VALUE="register"
    then in your php code you can check which page they are coming, it looks more clean to me (IMHO)

  7. #7
    midnight coder
    Join Date
    Dec 2000
    Location
    The flat edge of the world
    Posts
    838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Damn...I was never good at spelling...it was only last month that I started spelling available instead of avaliable.

    For once I spelt something correctly, and look what happens!

  8. #8
    midnight coder
    Join Date
    Dec 2000
    Location
    The flat edge of the world
    Posts
    838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Oh damn again...

    The $HTTP_REFERER is working, but still got a slight problem...

    $HTTP_REFERER gives:

    http://localhost:8080/rave.php?action=register

    While $PHP_SELF?action=register gives:

    /rave.php?action=register

    What would I need to do to make they say the same thing? The script will be use on different domains, but I would still like the script to check for the correct domain and path before processing.

  9. #9
    ********* wombat firepages's Avatar
    Join Date
    Jul 2000
    Location
    Perth Australia
    Posts
    1,717
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    basename($HTTP_REFERER);
    should give you the filename & query string but without the leading forwardslash

    so

    $from="/".basename($HTTP_REFERER);
    if ($from!= "$PHP_SELF?action=register") ;

    may work.

    "For once I spelt something correctly, and look what happens!"
    very quotable!

  10. #10
    midnight coder
    Join Date
    Dec 2000
    Location
    The flat edge of the world
    Posts
    838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think I got it sorted, it checks that both the domain and the filename before redirecting:

    PHP Code:
    <?php

    if ($HTTP_REFERER != "http://$HTTP_HOST$PHP_SELF?action=register")
        {

        
    ?>
        <meta http-equiv="refresh" content="0; url=<?=$PHP_SELF ?>?action=register">
        <?

        
    exit;
        }

    ?>

  11. #11
    SitePoint Addict kunal's Avatar
    Join Date
    Oct 2000
    Posts
    307
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    http_referer doesnt work with all browsers
    i dunno...

  12. #12
    midnight coder
    Join Date
    Dec 2000
    Location
    The flat edge of the world
    Posts
    838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What browsers doesn't support $HTTP_REFERER?

  13. #13
    SitePoint Addict kunal's Avatar
    Join Date
    Oct 2000
    Posts
    307
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hmm... it doesnt work in IE 5.5 or Netscape 4.74
    i dunno...

  14. #14
    ********* wombat firepages's Avatar
    Join Date
    Jul 2000
    Location
    Perth Australia
    Posts
    1,717
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    does on mine (5.5) & I know that in very early versions of IE pre IE4 and I think the very first IE4 ,it was seen as a possible privacy thing and so it wasnt supported, but as NS did so did IE. NS6 often is confused as to 'who' it is but HTTP_REFERER should work on most if not all versions of NS


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •