Page 1 of 1

How Do I Get the URL of the web page that called my script?

Posted: Fri May 09, 2003 12:55 pm
by Wayne Herbert
I have two web pages that can call my script, view.php. view.php generates a link back to the page that called it, but now that either of two pages can call it, I need to know which page did the calling.

Thanks.

url php normal history

Posted: Fri May 09, 2003 2:01 pm
by phpfreak
hi there,
try this out:
================
<?php
$url_value= "('{$_SERVER['SCRIPT_FILENAME']}')";
//store this in the page which is going to call your view.php.
//then send this variable as a url parameter to the view.php or
//either send it as a form ,which ever you like.
//then access it and this variable will have the webpage it came from.
?>
================

Posted: Fri May 09, 2003 10:29 pm
by m3mn0n

Posted: Sun May 11, 2003 8:38 am
by dstefani
SIDE NOTE: I just had to fix this on a new clients old script (php formmail)

When using: $_SERVER['HTTP_REFERER'] in the form parsing script, if a user has software like Norton Tools running on their machine, the minute the server asks the browser via $_SERVER['HTTP_REFERER'] for the info, Norton stops the whole process, considering it a security attack. The script is useless to the user.

Your case and mine may not have too much in common, but I thought I'd just put that out there. Once I realized what was doing it, I used session id checking to protect against spammers instead of checking the referrer...

- D

Posted: Sun May 11, 2003 9:31 am
by volka
strange since php dose not ask for anything. The referrer is a header field like so many others and the client decides wether it will send it with the request and what it will contain. There is no "give me your referrer url"-request afaik ;)

Posted: Sun May 11, 2003 9:46 am
by dstefani
Interesting, thanks.
This idea came from a Perl programmer I was talking to. It seemed to work. I'll send Data with the away team to check it out.

I appreciate the link to smart-questions...
Curious, specificlly?

- D

Posted: Sun May 11, 2003 10:30 am
by dstefani
My first post was incorrect as far as the PHP code used.
I meant to say getenv('HTTP_REFERER'), not $_SERVER['HTTP_REFERER'].

From reading the manual I can't see if the getenv() version sends a request to the browser or if it acts like $_SERVER['']; and just reads the headers.

Do you happen to know?
Interesting.

Thanks,

- D

Posted: Sun May 11, 2003 10:56 am
by volka
most systems hold enviroment variables of some kind.
on both unix and windows systems you can enter set in a shell to see what e.variables currently there are.
getenv() is the php-way to read those variables. The webserver might set some of them (cgi makes intense use of it) before invoking the script.

see also:
http://www.w3.org/Protocols/rfc2616/rfc ... l#sec14.36
http://www.w3.org/Protocols/rfc2616/rfc ... #sec15.1.3

Posted: Sun May 11, 2003 11:19 am
by dstefani
Very cool, thanks.
I think this link is the answer:

15.1.3 Encoding Sensitive Information in URI's
"...For example, a browser client could have a toggle switch for browsing openly/anonymously, which would respectively enable/disable the sending of Referer and From information. "

Thinking out loud...
Norton works may be blocking the referer being sent, confusing the formmail referer based security.

Thanks again for the tip.

- D

Posted: Tue May 13, 2003 10:57 am
by Wayne Herbert
Thanks for a most informative discourse. Naturally, it brings up a question.

a) in the php doc, it says to run a phpinfo() to see what environment variables are available. If 'HTTP_REFERER' does not show in the list, then does this mean the command will not work?

Comment: One reason for wanting to know the referring URL is to stop unauthorized links. Thus, if this reqest were rejected for security reasons by Norton, then I really have to make a choice as to whether to serve a web page to a URL that won't tell me who he is.

Posted: Tue May 13, 2003 11:11 am
by dstefani
This is true.
This is the first time I delt with it and as you can tell I'm learning as I go along.

What I did was to set a session variable on the form page, then on my script page, if(!isset(session variable) don't run . redirect to form with a nice error message. So they have to be coming from my form and no where else.

This seems logical to me. If I'm missing something, I welcome any slaps to the head. (what were you thinking!?!?!) 8)

- D

Posted: Tue May 13, 2003 11:49 am
by volka
a) in the php doc, it says to run a phpinfo() to see what environment variables are available. If 'HTTP_REFERER' does not show in the list, then does this mean the command will not work?
How did you request that page? By typing the url into the nav-bar of a new browser windows? Then there was no referer to be set. Try

Code: Select all

<html>
	<body>
		<a href="<?php echo $_SERVER['PHP_SELF']; ?>">reload</a>
		<pre><?php print_r($_SERVER) ?></pre>
	</body>
</html>
and press the link once you see the page.