Page 1 of 1
'HTTP_REFERER' cant be trusted
Posted: Tue Aug 24, 2004 5:06 am
by pelegk2
from php manual
'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
how can any 1 modify the HTTP_REFERER ???
beacuse i want to check using this if the use is relly runing the php from my domain or not!
how can i check it?
thnaks in advance
peleg
Posted: Tue Aug 24, 2004 5:50 am
by fresh
quite simple.. you can do it via telnet or with mozilla you can get a plug-in to do it for you..
P.s. I think you can check the URI and perhaps that would be more stable.. gd lk

Posted: Tue Aug 24, 2004 6:43 am
by pelegk2
what do u mean by URI ?which URI ?
Posted: Tue Aug 24, 2004 6:59 am
by Buddha443556
I've seen a real jump in referrer spam in the last six months. Makes logging the referrer completely useless. Worse even my customers have noticed too. Damn spyware.
Posted: Tue Aug 24, 2004 7:07 am
by Buddha443556
If you want to track the user's movement on your site try setting a $_SESSION['last_page'] = $_SERVER['REQUEST_URI'] on every page. Should be at the end of the script.
Posted: Tue Aug 24, 2004 8:55 am
by pelegk2
that want mu Aim
read at the begining of the POST the aim of my question
i dont want to follow where the users go but to check if the page they access they access it when they are in the broswer and unde my domain
Posted: Tue Aug 24, 2004 9:23 am
by feyd
$_SERVER['HTTP_HOST']
ok again u didnt understand me
Posted: Wed Aug 25, 2004 2:47 am
by pelegk2
for exampl i put om mydesktop an html file with an i frame
that its src="
http://www.mysitecool.com/page1.php"
when i run it i recive :
"mysitecool"
if i open a browser and put the url :
http://www.mysitecool.com/page1.php
again i will recive again : "mysitecool"!!!!
the point is when i run it from the desktop i want to see that u acced the page
from the browser by writing
http://www.mysitecool.com/page1.php
and not by running it from a local page on the desktop!
any idea?
Posted: Wed Aug 25, 2004 7:02 am
by Buddha443556
Have no idea how to do that without using HTTP_REFERER.
However, you might add a frame break to your pages:
http://javascript.internet.com/page-det ... rames.html
Sorry for not being much help.
Posted: Wed Aug 25, 2004 7:35 am
by pelegk2
ok even if i use HTTP_REFERER can u please explain still how do i check what i wan to check?
Posted: Wed Aug 25, 2004 7:38 am
by pelegk2
the point is that i run if i run from flash program i wantto check that it was from browser under my domain (the frame was just anexample)
Posted: Wed Aug 25, 2004 10:34 am
by scorphus
pelegk2,
As our mate Buddha443556 wrote:If you want to track the user's movement on your site try setting a $_SESSION['last_page'] = $_SERVER['REQUEST_URI'] on every page. Should be at the end of the script.
I think you can use sessions to solve your problem.
-- Scorphus