Click to See Complete Forum and Search --> : http referer
sinewaves
May 31st, 2002, 12:44 PM
I'd like to determine if a user has come from a certain webpage (to make it impossible to enter the page from elsewhere)
Using PHP 4.0 with no globals...
Anyone want to point me in the right direction?
Thanks
filburt1
May 31st, 2002, 12:46 PM
echo $HTTP_REFERER;
It's not always guaranteed to work though, especially if the browser doesn't send HTTP/1.1 headers (unlikely though).
The Hobo
May 31st, 2002, 01:55 PM
Originally posted by filburt1
echo $HTTP_REFERER;
It's not always guaranteed to work though, especially if the browser doesn't send HTTP/1.1 headers (unlikely though).
filburt, that method is deprecated and in PHP 4.2 will automatically be turned off.
echo $_SERVER['HTTP_REFERER'];
The Hobo
May 31st, 2002, 01:57 PM
Also, to touch up on what filburt said:
HTTP_REFERER
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
filburt1
May 31st, 2002, 02:12 PM
Oi :p
Yeah I'm used to running PHP 4.1 on my site's server, cheers :)
sinewaves
May 31st, 2002, 02:16 PM
what would you recommend to determine whether the page was send via a form?
a hidden field?
The Hobo
May 31st, 2002, 02:34 PM
Originally posted by sinewaves
what would you recommend to determine whether the page was send via a form?
a hidden field?
Um...yes, I suppose. If the form is within a PHP document, you can do:
echo "<input type=\"hidden\" value=\"" . $_SERVER['PHP_SELF'] . "\">";
$_SERVER['PHP_SELF'] contains the URL of the current PHP document.
sinewaves
May 31st, 2002, 02:41 PM
actually the php page just gets information from an html file...so i could just include a hidden field and in the php file check if the hidden value is there?
The Hobo
May 31st, 2002, 02:43 PM
I'm not exactly sure what you're talking about...:confused:
sinewaves
May 31st, 2002, 02:51 PM
Ok let me clarify...
I have a form on one of my .html files that submits to a php file
I want to ensure on the php file that it was submit to via the correct .html....should i include a "hidden" field in the form of .html and then with the php determine whether the hidden is there or not?
Would this be the most logical?
The Hobo
May 31st, 2002, 03:00 PM
Yes, that would be best then.
//In the HTML file:
<input type="hidden" name="source" value="good">
//In the PHP file:
if($_REQUEST['source'] != 'good') {
echo "Input came from illegal source!";
} else {
//your code here
}
sinewaves
May 31st, 2002, 03:02 PM
Ok thanks alot for your input
The Hobo
May 31st, 2002, 03:06 PM
Of course, if someone else wanted to use your script (if that's what you're trying to protect against), they'd probably find the hidden field and put it in their form as well.
sinewaves
May 31st, 2002, 03:07 PM
Thats not really my concern, i jsut dont want people to bookmark the page and go straight to it without using the form...
The Hobo
May 31st, 2002, 03:13 PM
Oh, gotcha. Then the hidden field should do just fine.
vbforums.com
Copyright Internet.com Inc., All Rights Reserved.