I'd like to determine if a user has come from a certain webpage (to make it impossible to enter the page from elsewhere)
Using PHP 4.0 with no globals...
Anyone want to point me in the right direction?
Thanks
Printable View
I'd like to determine if a user has come from a certain webpage (to make it impossible to enter the page from elsewhere)
Using PHP 4.0 with no globals...
Anyone want to point me in the right direction?
Thanks
It's not always guaranteed to work though, especially if the browser doesn't send HTTP/1.1 headers (unlikely though).PHP Code:echo $HTTP_REFERER;
filburt, that method is deprecated and in PHP 4.2 will automatically be turned off.Quote:
Originally posted by filburt1
It's not always guaranteed to work though, especially if the browser doesn't send HTTP/1.1 headers (unlikely though).PHP Code:echo $HTTP_REFERER;
PHP Code:echo $_SERVER['HTTP_REFERER'];
Also, to touch up on what filburt said:
Quote:
HTTP_REFERER
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
Oi :p
Yeah I'm used to running PHP 4.1 on my site's server, cheers :)
what would you recommend to determine whether the page was send via a form?
a hidden field?
Um...yes, I suppose. If the form is within a PHP document, you can do:Quote:
Originally posted by sinewaves
what would you recommend to determine whether the page was send via a form?
a hidden field?
$_SERVER['PHP_SELF'] contains the URL of the current PHP document.PHP Code:echo "<input type=\"hidden\" value=\"" . $_SERVER['PHP_SELF'] . "\">";
actually the php page just gets information from an html file...so i could just include a hidden field and in the php file check if the hidden value is there?
I'm not exactly sure what you're talking about...:confused:
Ok let me clarify...
I have a form on one of my .html files that submits to a php file
I want to ensure on the php file that it was submit to via the correct .html....should i include a "hidden" field in the form of .html and then with the php determine whether the hidden is there or not?
Would this be the most logical?
Yes, that would be best then.
PHP Code://In the HTML file:
<input type="hidden" name="source" value="good">
//In the PHP file:
if($_REQUEST['source'] != 'good') {
echo "Input came from illegal source!";
} else {
//your code here
}
Ok thanks alot for your input
Of course, if someone else wanted to use your script (if that's what you're trying to protect against), they'd probably find the hidden field and put it in their form as well.
Thats not really my concern, i jsut dont want people to bookmark the page and go straight to it without using the form...
Oh, gotcha. Then the hidden field should do just fine.