SitePoint Sponsor

User Tag List

Results 1 to 16 of 16
  1. #1
    SitePoint Guru
    Join Date
    Nov 2008
    Posts
    625
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    which all $_server are enabled

    hi all

    i have searched a lot and found that $_SERVER['HTTP_REFERER'] can be disabled or can be spoofed.

    so does this same applies to all other $_server variables ?

    Is there any $_server variable which cannot be disabled and is available all the time ?

    vineet

  2. #2
    Founder of Primal Skill Ltd. feketegy's Avatar
    Join Date
    Aug 2006
    Posts
    482
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    $_SERVER are server variables, so pretty much every variable could be different in that array, considering the wide variety of web servers: Apache, Nginx, Lighthttpd just to name a few...

  3. #3
    SitePoint Guru
    Join Date
    Nov 2008
    Posts
    625
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    hi feketegy

    my website is hosted on linux server

    so i wanted to use $server http referer to get url of previous page.

    but everyone say it its not reliable.

    so i thought of using another $server variable to fetch previous page url

    that is why i asked if it is fine to use any other $server variable instead of http_referer


    vineet

  4. #4
    SitePoint Mentor bronze trophy
    John_Betong's Avatar
    Join Date
    Aug 2005
    Location
    City of Angels
    Posts
    1,904
    Mentioned
    74 Post(s)
    Tagged
    7 Thread(s)
    Quote Originally Posted by vinpkl View Post
    hi feketegy

    my website is hosted on linux server

    so i wanted to use $server http referer to get url of previous page.

    but everyone say it its not reliable.

    so i thought of using another $server variable to fetch previous page url

    that is why i asked if it is fine to use any other $server variable instead of http_referer


    vineet
    I have just ran some brief tests using $_SERVER["HTTP_REFERER"] variable and it works fine but also produces an error if there was not a previous page.

    Try the following and see what specific Linux Server variables are shown for different scenarios.
    PHP Code:

     ...
     ...
     ...
     <pre style='width:88%; margin:3em auto; color:#f00; background-color: pink;'>
        <h3>$_SERVER;</h3>
        <?php 
               print_r
    $_SERVER );

              
    // if set could also be interesting
              
    if( isset($_SESSION) )
              {
                 echo 
    '<h3>$_SESSION</h3>';
                 
    print_r$_SESSION );
              }
         
    ?>
     </pre>
     <body>
     </html>
    Learn how to be ready for The New Move to Discourse

    How to make Make Money Now with a *NEW* look

    Be sure to congratulate Wolfshade on earning Member of the Month for August 2014

  5. #5
    SitePoint Guru
    Join Date
    Nov 2008
    Posts
    625
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    hi john

    HTTP_REFERER works fine in my browser.

    There are tools available by which user can disable http_referer in their browser

    So i wanted to know whether they can disable other $_server variables also ?

    vineet

  6. #6
    SitePoint Mentor bronze trophy
    John_Betong's Avatar
    Join Date
    Aug 2005
    Location
    City of Angels
    Posts
    1,904
    Mentioned
    74 Post(s)
    Tagged
    7 Thread(s)
    Quote Originally Posted by vinpkl View Post
    hi john

    HTTP_REFERER works fine in my browser.

    There are tools available by which user can disable http_referer in their browser

    So i wanted to know whether they can disable other $_server variables also ?

    vineet
    Hi Vineet,


    The HTTP_REFERER server variable is not set the first time your site is called from the browser command line. It is only set when called from another web page. If you do not test for the variable, using isset( $_SESSION['HTP_REFERER'] ) then an error will be produced.

    Did you run the supplied script?
    Learn how to be ready for The New Move to Discourse

    How to make Make Money Now with a *NEW* look

    Be sure to congratulate Wolfshade on earning Member of the Month for August 2014

  7. #7
    SitePoint Guru
    Join Date
    Nov 2008
    Posts
    625
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    hi john

    i uploaded this code on 2 different hosting accounts

    PHP Code:
    <?
    print_r
    $_SERVER );
    ?>
    and they both didnot echo $_server[HTTP_REFERER']

    it means http_Referer is not available on both hosting accounts.

    strange to know

    vineet

  8. #8
    SitePoint Mentor bronze trophy
    John_Betong's Avatar
    Join Date
    Aug 2005
    Location
    City of Angels
    Posts
    1,904
    Mentioned
    74 Post(s)
    Tagged
    7 Thread(s)
    Quote Originally Posted by vinpkl View Post
    hi john

    i uploaded this code on 2 different hosting accounts

    PHP Code:
    <?
    print_r
    $_SERVER );
    ?>
    and they both didnot echo $_server[HTTP_REFERER']

    it means http_Referer is not available on both hosting accounts.

    strange to know

    vineet
    I am most surprised the two hosts are not showing the HTTP_REFERER serveer variable.

    Does HTTP_REFERER show on your localhost?

    Are then any other server values you can use?

    Have you checked your web stats because they should show the referring pages.

    Can you use session variables?
    Learn how to be ready for The New Move to Discourse

    How to make Make Money Now with a *NEW* look

    Be sure to congratulate Wolfshade on earning Member of the Month for August 2014

  9. #9
    SitePoint Guru
    Join Date
    Nov 2008
    Posts
    625
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    hi john

    no, its not shown when i print_r($_server).

    but when i go from one page to another then $_server[http_referer] echoes previous page url correctly.

    vineet

  10. #10
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,245
    Mentioned
    156 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by vinpkl View Post
    hi john

    no, its not shown when i print_r($_server).

    but when i go from one page to another then $_server[http_referer] echoes previous page url correctly.

    vineet
    That is exactly how HTTP_REFERER works. You won't get it on the initial page load, but subsequent page interactions "should" contain it. Granted, it can be spoofed (just like most SERVER, GET, POST, and REQUEST variables can be spoofed). So you shouldn't rely on it, and you should ALWAYS validate it before using it.

  11. #11
    SitePoint Guru
    Join Date
    Nov 2008
    Posts
    625
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    hi cp

    so instead of referer, if i use sessions then what value should i insert in the $_session

    vineet

  12. #12
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,245
    Mentioned
    156 Post(s)
    Tagged
    1 Thread(s)
    On each page load, you will check if the session variable exists, and read it, then you will write the current page URL into the session.

    Something along the lines of
    PHP Code:
    <?php
      session_start
    ();
      if (isset(
    $_SESSION['REFERER']))
      {
        
    define('REFERER'$_SESSION['REFERER']);
      }
      
    $_SESSION['REFERER'] = $_SERVER['PHP_SELF'];
    ?>
    You can then access the REFERER using (again after checking it is set)
    PHP Code:
    echo REFERER

  13. #13
    SitePoint Guru
    Join Date
    Nov 2008
    Posts
    625
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    hi cp

    please correct me if i m wrong.

    normally i declare sessions first and then write isset statement
    PHP Code:
    $_SESSION['user'] = $_request['user'];
    if(isset(
    $_SESSION['user']))
    {
    do 
    something

    but in your code you did the isset() first and then declare
    PHP Code:
     <?php
      session_start
    ();
      if (isset(
    $_SESSION['REFERER']))
      {
        
    define('REFERER'$_SESSION['REFERER']);
      }
      
    $_SESSION['REFERER'] = $_SERVER['PHP_SELF'];
    ?>
    i just want to clear my confusion

    vineet

  14. #14
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,245
    Mentioned
    156 Post(s)
    Tagged
    1 Thread(s)
    If you write to it before it exists or before reading it, then you can never get the referring page because you just overwrote that value. So you have to read it first and then write to it.

  15. #15
    SitePoint Guru
    Join Date
    Nov 2008
    Posts
    625
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    thanks cp

    for clearing the doubt

    vineet

  16. #16
    Founder of Primal Skill Ltd. feketegy's Avatar
    Join Date
    Aug 2006
    Posts
    482
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you have control over the web server than you can configure it to pass that variable...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •