How Do I Get the URL of the web page that called my script?
Moderator: General Moderators
- Wayne Herbert
- Forum Commoner
- Posts: 34
- Joined: Tue Apr 29, 2003 3:13 pm
- Location: Houston, Texas
How Do I Get the URL of the web page that called my script?
I have two web pages that can call my script, view.php. view.php generates a link back to the page that called it, but now that either of two pages can call it, I need to know which page did the calling.
Thanks.
Thanks.
-
phpfreak
- Forum Commoner
- Posts: 30
- Joined: Fri Mar 21, 2003 10:28 am
- Location: New Jersey,USA
- Contact:
url php normal history
hi there,
try this out:
================
<?php
$url_value= "('{$_SERVER['SCRIPT_FILENAME']}')";
//store this in the page which is going to call your view.php.
//then send this variable as a url parameter to the view.php or
//either send it as a form ,which ever you like.
//then access it and this variable will have the webpage it came from.
?>
================
try this out:
================
<?php
$url_value= "('{$_SERVER['SCRIPT_FILENAME']}')";
//store this in the page which is going to call your view.php.
//then send this variable as a url parameter to the view.php or
//either send it as a form ,which ever you like.
//then access it and this variable will have the webpage it came from.
?>
================
- dstefani
- Forum Contributor
- Posts: 140
- Joined: Sat Jan 11, 2003 9:34 am
- Location: Meridian Idaho, USA
SIDE NOTE: I just had to fix this on a new clients old script (php formmail)
When using: $_SERVER['HTTP_REFERER'] in the form parsing script, if a user has software like Norton Tools running on their machine, the minute the server asks the browser via $_SERVER['HTTP_REFERER'] for the info, Norton stops the whole process, considering it a security attack. The script is useless to the user.
Your case and mine may not have too much in common, but I thought I'd just put that out there. Once I realized what was doing it, I used session id checking to protect against spammers instead of checking the referrer...
- D
When using: $_SERVER['HTTP_REFERER'] in the form parsing script, if a user has software like Norton Tools running on their machine, the minute the server asks the browser via $_SERVER['HTTP_REFERER'] for the info, Norton stops the whole process, considering it a security attack. The script is useless to the user.
Your case and mine may not have too much in common, but I thought I'd just put that out there. Once I realized what was doing it, I used session id checking to protect against spammers instead of checking the referrer...
- D
- dstefani
- Forum Contributor
- Posts: 140
- Joined: Sat Jan 11, 2003 9:34 am
- Location: Meridian Idaho, USA
My first post was incorrect as far as the PHP code used.
I meant to say getenv('HTTP_REFERER'), not $_SERVER['HTTP_REFERER'].
From reading the manual I can't see if the getenv() version sends a request to the browser or if it acts like $_SERVER['']; and just reads the headers.
Do you happen to know?
Interesting.
Thanks,
- D
I meant to say getenv('HTTP_REFERER'), not $_SERVER['HTTP_REFERER'].
From reading the manual I can't see if the getenv() version sends a request to the browser or if it acts like $_SERVER['']; and just reads the headers.
Do you happen to know?
Interesting.
Thanks,
- D
most systems hold enviroment variables of some kind.
on both unix and windows systems you can enter set in a shell to see what e.variables currently there are.
getenv() is the php-way to read those variables. The webserver might set some of them (cgi makes intense use of it) before invoking the script.
see also:
http://www.w3.org/Protocols/rfc2616/rfc ... l#sec14.36
http://www.w3.org/Protocols/rfc2616/rfc ... #sec15.1.3
on both unix and windows systems you can enter set in a shell to see what e.variables currently there are.
getenv() is the php-way to read those variables. The webserver might set some of them (cgi makes intense use of it) before invoking the script.
see also:
http://www.w3.org/Protocols/rfc2616/rfc ... l#sec14.36
http://www.w3.org/Protocols/rfc2616/rfc ... #sec15.1.3
- dstefani
- Forum Contributor
- Posts: 140
- Joined: Sat Jan 11, 2003 9:34 am
- Location: Meridian Idaho, USA
Very cool, thanks.
I think this link is the answer:
15.1.3 Encoding Sensitive Information in URI's
"...For example, a browser client could have a toggle switch for browsing openly/anonymously, which would respectively enable/disable the sending of Referer and From information. "
Thinking out loud...
Norton works may be blocking the referer being sent, confusing the formmail referer based security.
Thanks again for the tip.
- D
I think this link is the answer:
15.1.3 Encoding Sensitive Information in URI's
"...For example, a browser client could have a toggle switch for browsing openly/anonymously, which would respectively enable/disable the sending of Referer and From information. "
Thinking out loud...
Norton works may be blocking the referer being sent, confusing the formmail referer based security.
Thanks again for the tip.
- D
- Wayne Herbert
- Forum Commoner
- Posts: 34
- Joined: Tue Apr 29, 2003 3:13 pm
- Location: Houston, Texas
Thanks for a most informative discourse. Naturally, it brings up a question.
a) in the php doc, it says to run a phpinfo() to see what environment variables are available. If 'HTTP_REFERER' does not show in the list, then does this mean the command will not work?
Comment: One reason for wanting to know the referring URL is to stop unauthorized links. Thus, if this reqest were rejected for security reasons by Norton, then I really have to make a choice as to whether to serve a web page to a URL that won't tell me who he is.
a) in the php doc, it says to run a phpinfo() to see what environment variables are available. If 'HTTP_REFERER' does not show in the list, then does this mean the command will not work?
Comment: One reason for wanting to know the referring URL is to stop unauthorized links. Thus, if this reqest were rejected for security reasons by Norton, then I really have to make a choice as to whether to serve a web page to a URL that won't tell me who he is.
- dstefani
- Forum Contributor
- Posts: 140
- Joined: Sat Jan 11, 2003 9:34 am
- Location: Meridian Idaho, USA
This is true.
This is the first time I delt with it and as you can tell I'm learning as I go along.
What I did was to set a session variable on the form page, then on my script page, if(!isset(session variable) don't run . redirect to form with a nice error message. So they have to be coming from my form and no where else.
This seems logical to me. If I'm missing something, I welcome any slaps to the head. (what were you thinking!?!?!)
- D
This is the first time I delt with it and as you can tell I'm learning as I go along.
What I did was to set a session variable on the form page, then on my script page, if(!isset(session variable) don't run . redirect to form with a nice error message. So they have to be coming from my form and no where else.
This seems logical to me. If I'm missing something, I welcome any slaps to the head. (what were you thinking!?!?!)
- D
How did you request that page? By typing the url into the nav-bar of a new browser windows? Then there was no referer to be set. Trya) in the php doc, it says to run a phpinfo() to see what environment variables are available. If 'HTTP_REFERER' does not show in the list, then does this mean the command will not work?
Code: Select all
<html>
<body>
<a href="<?php echo $_SERVER['PHP_SELF']; ?>">reload</a>
<pre><?php print_r($_SERVER) ?></pre>
</body>
</html>