PDA

Click to See Complete Forum and Search --> : check two referers

cybercampbell
06-27-2005, 08:46 AM
Hi all

I'm using the following code to check that someone has come to a page from the correct location. this works (please let me know if there is a better way to do it) but I need to have it check for two different locations.

e.g.

if they came from http://www.mydomain.co.uk then GOOD of if they came from http://www.mydomain.co.uk/from_here.html then GOOD but from anywhere esle id BAD!!



<?php
$from = $_SERVER['HTTP_REFERER'];

$ref = "http://www.mydomain.co.uk/";

if ( $from == $ref ) {
good do this
} else {
error do this
}
?>

Any ideas?

Cheers
Chris
Stephen Philbin
06-27-2005, 08:56 AM
I don't think there really is and "good" way of checking which page a user came from. I know a very large amount of users will not supply the kind of info a script like that relies on to function because their firewalls will prevent sending of that info by default. Then there's all yer paranoid nuts that clear chache, urls, cookies, remove parts of their browsers and just about reinstall the OS after every use of a browser who definitely won't.
cybercampbell
06-27-2005, 03:36 PM
this seems to work....does it look right?


<?php
$from = $_SERVER['HTTP_REFERER'];

$ref1 = "http://www.mydomain.co.uk/";
$ref2 = "http://www.mydomain.co.uk/from_here.html";

if ( $from == $ref1 || $from == $ref2 ) {
good do this
} else {
error do this
}
?>
BeachSide
06-27-2005, 03:41 PM
Yes that would work...

except as Mr Herer above stated that will only work if that is passed. There are those who either cannot have that passed (firewall) or do not want it passed (people who block it, browser won't carry it, etc...) so that is not a very good method of checking and even php.net says to not rely on it...

'HTTP_REFERER'

The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.

Read all about it HERE (http://us2.php.net/manual/en/reserved.variables.php#reserved.variables.server)
cybercampbell
06-27-2005, 03:43 PM
ok thanks :)
acorbelli
06-27-2005, 05:41 PM
I had a script which used it and I had to ditch it after a while because it was not reliable at all. Try using sessions maybe?
BeachSide
06-27-2005, 07:12 PM
Sessions would be a good way to go for sure :)