Page 1 of 1

$HTTP_Referer

Posted: Fri May 23, 2003 8:31 am
by asdf
I need to check what the referer is to a certain page, and if it isn't a specific page, or domain, bounce the result elsewhere. I'm not entirely sure about how to go about this, or the syntax, as I'm just beginning with PHP, and I've been thrown in at the deepend. So I figure that I want something like this:

Code: Select all

if (!$HTTP_Referer == "page or domain") { header ("Location: $varurl"); }
I imagine that this is fairly wrong, but am I going in the right direction, or not? Will the exclamation mark work in the situation, or should I do an else statement?

Cheers.

Posted: Fri May 23, 2003 10:08 am
by volka
you may use == to compare strings.
! is the negation of an expression, but do not want to negate a string but the result of the comparison

Code: Select all

if (!($HTTP_Referer == "page or domain"))
you may also use the unequal operator

Code: Select all

if ($HTTP_Referer != "page or domain")
also note that $HTTP_REFERER is deprecated*, use $_SERVER['HTTP_REFER'] instead (depending on your php's version)
http://www.php.net/manual/en/language.o ... arison.php
http://www.php.net/manual/en/reserved.variables.php


*btw: variable names are case sensitive.

Posted: Tue May 27, 2003 4:54 am
by asdf
Thanks for the clarification, volka.

I'll give it a go.

Posted: Tue May 27, 2003 8:31 am
by asdf
Alrighty, I've given it a bash, and I'm still doing something wrong. I'll explain a little.

If I have a form, that submits something to say, redirect.php, which then redirects (using the header function) based on the input of the form, will the referer be the form, or the subsequent redirect.php? This is largely my intention - its a dirty simple login script, that I'm using to get to grips with PHP.

The statement I have, is

Code: Select all

$ok = "url/of/required/referer";
if ($_SERVER['HTTP_REFER'] != "$ok") { print(go fish); }
I've tried having $ok as the form page (login.php) and as the redirection page (redirect.php), but both print go fish when arriving at the page, which they shouldn't, right? My understanding is that if HTTP_REFER isn't equal to $ok's value, it will print go fish, otherwise it will continue with the script. But at least one instance of the referrer must be equal to $ok's value, because there's only two pages to choose from.

All this headache for what is essentially a horridly ungraceful login script. I'm going to go and try == now, just in case that magically works.

Cheers.

(edit: the code above is on the destination page, not the redirect or login page.)

Posted: Tue May 27, 2003 8:52 am
by sleepingdanny
Try using a full address, like: http://www.site.com/....
I think that you better ask if the reffer came from a php page and not from a folder like you writed. (url/of/required/referer) :P

Posted: Tue May 27, 2003 9:06 am
by asdf
The value of $ok was infact a fully qualified URL, I was just using the old foo/bar filler. Anyway.

I had planned on editing the above message, but it might throw your statement out of place, so I'll just pretend like nothing happened.

I did a phpinfo query and discovered my version is 4.2.3, I then did print("$HTTP_REFERER"); and print($_SERVER['HTTP_REFER']); to test which worked - the former, as it turns out. The referer is infact, login.php, as far as I can tell. Still, its still not working as I'd like. More investigating is afoot.

Posted: Tue May 27, 2003 9:28 am
by asdf
Well, I got there in the end. I don't know why it took so long - I'm sure I've tried the exact syntax below before (ie, this morning), but obviously not.

Code: Select all

if ($HTTP_REFERER == "foo://bar/login.php") { print("the referer was correct - login.php"); } //check for referer success
else { exit; } //kill all scripts
Seems to work.

Cheers.