I'd like to make sure no one can access my webpage.php unless it is from my original referring page (menu.php). That is, no one can capture the URL and paste it into their browser. Is there a function in PHP that checks the referring page?

TIA!

The referer is set to

$_SERVER['HTTP_REFERER']

However...
-Snib - http://www.snibworks.com
Where will you be in 100 years?

You could use sessions, or have menu.php send something via POST and have webpage.php check the content of POST before displaying its content...

In addition, just relying on the referrer is very insecure, and can be spoofed very easily.

Many shoes,

Jamez/SiliconFuRy

I decided to use Snib's suggestion and it works fine. I'm not trying to keep serious hackers out (they wouldn't be interested) just keeping the casual user from viewing the page source and capturing my training session URLs.

Thank you!

My code has been working like a charm until I got the bright idea to open the new page in a popup window instead of a new browser window (I couldn't afford the real estate lost to the browser's menu bar, tool bar, etc.).

Now the check for a proper referrer page fails in IE6 while it still behaves normally in Firefox. Arghh....

Any ideas?

TIA!

My suggestion would be to set some type of session variable with the first page and then check for it with the popup page.

Hope this helps...

-ben

Thanks for the sugestion. Only problem is that my host doesn't have sessions enabled. That's why I used the referrer page solution.

Basic to my understanding of PHP, I'd still like to know why $_SERVER['HTTP_REFERER'] doesn't work from a pop-up window when it does from a full browser window.

TIA!