How Do I Get the URL of the web page that called my script?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Wayne Herbert
Forum Commoner
Posts: 34
Joined: Tue Apr 29, 2003 3:13 pm
Location: Houston, Texas

How Do I Get the URL of the web page that called my script?

Post by Wayne Herbert »

I have two web pages that can call my script, view.php. view.php generates a link back to the page that called it, but now that either of two pages can call it, I need to know which page did the calling.

Thanks.
phpfreak
Forum Commoner
Posts: 30
Joined: Fri Mar 21, 2003 10:28 am
Location: New Jersey,USA
Contact:

url php normal history

Post by phpfreak »

hi there,
try this out:
================
<?php
$url_value= "('{$_SERVER['SCRIPT_FILENAME']}')";
//store this in the page which is going to call your view.php.
//then send this variable as a url parameter to the view.php or
//either send it as a form ,which ever you like.
//then access it and this variable will have the webpage it came from.
?>
================
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

User avatar
dstefani
Forum Contributor
Posts: 140
Joined: Sat Jan 11, 2003 9:34 am
Location: Meridian Idaho, USA

Post by dstefani »

SIDE NOTE: I just had to fix this on a new clients old script (php formmail)

When using: $_SERVER['HTTP_REFERER'] in the form parsing script, if a user has software like Norton Tools running on their machine, the minute the server asks the browser via $_SERVER['HTTP_REFERER'] for the info, Norton stops the whole process, considering it a security attack. The script is useless to the user.

Your case and mine may not have too much in common, but I thought I'd just put that out there. Once I realized what was doing it, I used session id checking to protect against spammers instead of checking the referrer...

- D
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

strange since php dose not ask for anything. The referrer is a header field like so many others and the client decides wether it will send it with the request and what it will contain. There is no "give me your referrer url"-request afaik ;)
User avatar
dstefani
Forum Contributor
Posts: 140
Joined: Sat Jan 11, 2003 9:34 am
Location: Meridian Idaho, USA

Post by dstefani »

Interesting, thanks.
This idea came from a Perl programmer I was talking to. It seemed to work. I'll send Data with the away team to check it out.

I appreciate the link to smart-questions...
Curious, specificlly?

- D
User avatar
dstefani
Forum Contributor
Posts: 140
Joined: Sat Jan 11, 2003 9:34 am
Location: Meridian Idaho, USA

Post by dstefani »

My first post was incorrect as far as the PHP code used.
I meant to say getenv('HTTP_REFERER'), not $_SERVER['HTTP_REFERER'].

From reading the manual I can't see if the getenv() version sends a request to the browser or if it acts like $_SERVER['']; and just reads the headers.

Do you happen to know?
Interesting.

Thanks,

- D
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

most systems hold enviroment variables of some kind.
on both unix and windows systems you can enter set in a shell to see what e.variables currently there are.
getenv() is the php-way to read those variables. The webserver might set some of them (cgi makes intense use of it) before invoking the script.

see also:
http://www.w3.org/Protocols/rfc2616/rfc ... l#sec14.36
http://www.w3.org/Protocols/rfc2616/rfc ... #sec15.1.3
User avatar
dstefani
Forum Contributor
Posts: 140
Joined: Sat Jan 11, 2003 9:34 am
Location: Meridian Idaho, USA

Post by dstefani »

Very cool, thanks.
I think this link is the answer:

15.1.3 Encoding Sensitive Information in URI's
"...For example, a browser client could have a toggle switch for browsing openly/anonymously, which would respectively enable/disable the sending of Referer and From information. "

Thinking out loud...
Norton works may be blocking the referer being sent, confusing the formmail referer based security.

Thanks again for the tip.

- D
User avatar
Wayne Herbert
Forum Commoner
Posts: 34
Joined: Tue Apr 29, 2003 3:13 pm
Location: Houston, Texas

Post by Wayne Herbert »

Thanks for a most informative discourse. Naturally, it brings up a question.

a) in the php doc, it says to run a phpinfo() to see what environment variables are available. If 'HTTP_REFERER' does not show in the list, then does this mean the command will not work?

Comment: One reason for wanting to know the referring URL is to stop unauthorized links. Thus, if this reqest were rejected for security reasons by Norton, then I really have to make a choice as to whether to serve a web page to a URL that won't tell me who he is.
User avatar
dstefani
Forum Contributor
Posts: 140
Joined: Sat Jan 11, 2003 9:34 am
Location: Meridian Idaho, USA

Post by dstefani »

This is true.
This is the first time I delt with it and as you can tell I'm learning as I go along.

What I did was to set a session variable on the form page, then on my script page, if(!isset(session variable) don't run . redirect to form with a nice error message. So they have to be coming from my form and no where else.

This seems logical to me. If I'm missing something, I welcome any slaps to the head. (what were you thinking!?!?!) 8)

- D
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

a) in the php doc, it says to run a phpinfo() to see what environment variables are available. If 'HTTP_REFERER' does not show in the list, then does this mean the command will not work?
How did you request that page? By typing the url into the nav-bar of a new browser windows? Then there was no referer to be set. Try

Code: Select all

<html>
	<body>
		<a href="<?php echo $_SERVER['PHP_SELF']; ?>">reload</a>
		<pre><?php print_r($_SERVER) ?></pre>
	</body>
</html>
and press the link once you see the page.
Post Reply