Page 1 of 1

Referer Check

Posted: Fri Apr 16, 2004 12:15 pm
by Joe
I have been trying to make up a script which checks the referer to see if its being sent from the sendmsg.php page. If not an error message will be displayed informing the user, otherwise the process will continue. I used this a while back but I just cant seem to remember what I used. Can anyone help me please. Im not looking for a long code just the function which is used for referer checking.

Regards


Joe 8)

Posted: Fri Apr 16, 2004 1:08 pm
by Unipus
that's $_SERVER["HTTP_REFERER"], and it's listed on this page along with all the other server vars:

http://www.php.net/reserved.variables

I'd recommend you come up with another way to do this, though, it sounds like it would be prone to problems/spoofing.

Posted: Fri Apr 16, 2004 1:16 pm
by Joe
Yes, It your right that I could be prone to spoofing with something such as Curl or Z-Spoof but I have also made a part which checks the users cookie and Session ID. I know thats not much but its extra security.

Regards and Thanks for that!


Pr0zaK 8) I'll take on the world. Will they take on me?

Posted: Fri Apr 16, 2004 6:30 pm
by werlop
Hi, I have given up using referrers as some fire walls (eg Norton Personal Firewall) block the referrer data. Ostensibly Norton changes it to "refewer".

Posted: Fri Apr 16, 2004 7:00 pm
by phice
Yet another reason why I choose not to use any firewalls.