|
-
May 31st, 2002, 12:44 PM
#1
Thread Starter
Lively Member
http referer
I'd like to determine if a user has come from a certain webpage (to make it impossible to enter the page from elsewhere)
Using PHP 4.0 with no globals...
Anyone want to point me in the right direction?
Thanks
-
May 31st, 2002, 12:46 PM
#2
Member
PHP Code:
echo $HTTP_REFERER;
It's not always guaranteed to work though, especially if the browser doesn't send HTTP/1.1 headers (unlikely though).
-
May 31st, 2002, 01:55 PM
#3
Stuck in the 80s
Originally posted by filburt1
PHP Code:
echo $HTTP_REFERER;
It's not always guaranteed to work though, especially if the browser doesn't send HTTP/1.1 headers (unlikely though).
filburt, that method is deprecated and in PHP 4.2 will automatically be turned off.
PHP Code:
echo $_SERVER['HTTP_REFERER'];
-
May 31st, 2002, 01:57 PM
#4
Stuck in the 80s
Also, to touch up on what filburt said:
HTTP_REFERER
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
-
May 31st, 2002, 02:12 PM
#5
-
May 31st, 2002, 02:16 PM
#6
Thread Starter
Lively Member
what would you recommend to determine whether the page was send via a form?
a hidden field?
-
May 31st, 2002, 02:34 PM
#7
Stuck in the 80s
Originally posted by sinewaves
what would you recommend to determine whether the page was send via a form?
a hidden field?
Um...yes, I suppose. If the form is within a PHP document, you can do:
PHP Code:
echo "<input type=\"hidden\" value=\"" . $_SERVER['PHP_SELF'] . "\">";
$_SERVER['PHP_SELF'] contains the URL of the current PHP document.
-
May 31st, 2002, 02:41 PM
#8
Thread Starter
Lively Member
actually the php page just gets information from an html file...so i could just include a hidden field and in the php file check if the hidden value is there?
-
May 31st, 2002, 02:43 PM
#9
Stuck in the 80s
I'm not exactly sure what you're talking about...
-
May 31st, 2002, 02:51 PM
#10
Thread Starter
Lively Member
Ok let me clarify...
I have a form on one of my .html files that submits to a php file
I want to ensure on the php file that it was submit to via the correct .html....should i include a "hidden" field in the form of .html and then with the php determine whether the hidden is there or not?
Would this be the most logical?
-
May 31st, 2002, 03:00 PM
#11
Stuck in the 80s
Yes, that would be best then.
PHP Code:
//In the HTML file:
<input type="hidden" name="source" value="good">
//In the PHP file:
if($_REQUEST['source'] != 'good') {
echo "Input came from illegal source!";
} else {
//your code here
}
-
May 31st, 2002, 03:02 PM
#12
Thread Starter
Lively Member
Ok thanks alot for your input
-
May 31st, 2002, 03:06 PM
#13
Stuck in the 80s
Of course, if someone else wanted to use your script (if that's what you're trying to protect against), they'd probably find the hidden field and put it in their form as well.
-
May 31st, 2002, 03:07 PM
#14
Thread Starter
Lively Member
Thats not really my concern, i jsut dont want people to bookmark the page and go straight to it without using the form...
-
May 31st, 2002, 03:13 PM
#15
Stuck in the 80s
Oh, gotcha. Then the hidden field should do just fine.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
