'HTTP_REFERER' cant be trusted

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
pelegk2
Forum Regular
Posts: 633
Joined: Thu Nov 27, 2003 5:02 am
Location: Israel - the best place to live in after heaven
Contact:

'HTTP_REFERER' cant be trusted

Post by pelegk2 »

from php manual
'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
how can any 1 modify the HTTP_REFERER ???
beacuse i want to check using this if the use is relly runing the php from my domain or not!
how can i check it?
thnaks in advance
peleg
User avatar
fresh
Forum Contributor
Posts: 259
Joined: Mon Jun 14, 2004 10:39 am
Location: Amerika

Post by fresh »

quite simple.. you can do it via telnet or with mozilla you can get a plug-in to do it for you.. ;)

P.s. I think you can check the URI and perhaps that would be more stable.. gd lk :)
User avatar
pelegk2
Forum Regular
Posts: 633
Joined: Thu Nov 27, 2003 5:02 am
Location: Israel - the best place to live in after heaven
Contact:

Post by pelegk2 »

what do u mean by URI ?which URI ?
User avatar
Buddha443556
Forum Regular
Posts: 873
Joined: Fri Mar 19, 2004 1:51 pm

Post by Buddha443556 »

I've seen a real jump in referrer spam in the last six months. Makes logging the referrer completely useless. Worse even my customers have noticed too. Damn spyware.
User avatar
Buddha443556
Forum Regular
Posts: 873
Joined: Fri Mar 19, 2004 1:51 pm

Post by Buddha443556 »

If you want to track the user's movement on your site try setting a $_SESSION['last_page'] = $_SERVER['REQUEST_URI'] on every page. Should be at the end of the script.
User avatar
pelegk2
Forum Regular
Posts: 633
Joined: Thu Nov 27, 2003 5:02 am
Location: Israel - the best place to live in after heaven
Contact:

Post by pelegk2 »

that want mu Aim
read at the begining of the POST the aim of my question
i dont want to follow where the users go but to check if the page they access they access it when they are in the broswer and unde my domain
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

$_SERVER['HTTP_HOST']
User avatar
pelegk2
Forum Regular
Posts: 633
Joined: Thu Nov 27, 2003 5:02 am
Location: Israel - the best place to live in after heaven
Contact:

ok again u didnt understand me

Post by pelegk2 »

for exampl i put om mydesktop an html file with an i frame
that its src="http://www.mysitecool.com/page1.php"
when i run it i recive :
"mysitecool"
if i open a browser and put the url : http://www.mysitecool.com/page1.php
again i will recive again : "mysitecool"!!!!
the point is when i run it from the desktop i want to see that u acced the page
from the browser by writing
http://www.mysitecool.com/page1.php
and not by running it from a local page on the desktop!
any idea?
User avatar
Buddha443556
Forum Regular
Posts: 873
Joined: Fri Mar 19, 2004 1:51 pm

Post by Buddha443556 »

Have no idea how to do that without using HTTP_REFERER.

However, you might add a frame break to your pages: http://javascript.internet.com/page-det ... rames.html

Sorry for not being much help.
User avatar
pelegk2
Forum Regular
Posts: 633
Joined: Thu Nov 27, 2003 5:02 am
Location: Israel - the best place to live in after heaven
Contact:

Post by pelegk2 »

ok even if i use HTTP_REFERER can u please explain still how do i check what i wan to check?
User avatar
pelegk2
Forum Regular
Posts: 633
Joined: Thu Nov 27, 2003 5:02 am
Location: Israel - the best place to live in after heaven
Contact:

Post by pelegk2 »

the point is that i run if i run from flash program i wantto check that it was from browser under my domain (the frame was just anexample)
User avatar
scorphus
Forum Regular
Posts: 589
Joined: Fri May 09, 2003 11:53 pm
Location: Belo Horizonte, Brazil
Contact:

Post by scorphus »

pelegk2,
As our mate Buddha443556 wrote:If you want to track the user's movement on your site try setting a $_SESSION['last_page'] = $_SERVER['REQUEST_URI'] on every page. Should be at the end of the script.
I think you can use sessions to solve your problem.

-- Scorphus
Post Reply