Page 1 of 1

Validate priviouse URL

Posted: Mon Mar 08, 2004 3:14 pm
by partiallynothing
I am a paranoid programmer (which I guess can be kind of good). I want to make it so that once you enter the members pages, it checks the priviouse URLS's to make sure that it is from my site. So, say if the priviouse URL was http://www.example.com, i know it is from my site, http://www.example.com. But if the priviouse URL is http://www.iamhackingyoursite.com, i know it is not from my site and can therefor halt the php file.

I don't have any code to show you as I don't know where, or how, to start. Any help is appreciated!

Posted: Tue Mar 09, 2004 3:01 am
by twigletmac
In theory you could use $_SERVER['HTTP_REFERER'] but:
PHP Manual wrote:'HTTP_REFERER'

The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
Maybe you could use session variables?

Mac

sessions are good

Posted: Thu Mar 11, 2004 6:30 pm
by bodge
<?php session_start(); session_register("counter");?> top of your non member pages, insert the $PHPSESSID into a database then check its presence in your member pages just like login scripts.