Wrox Programmer Forums
Go Back   Wrox Programmer Forums > PHP/MySQL > Beginning PHP
|
Beginning PHP Beginning-level PHP discussions. More advanced coders should post to the Pro PHP forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Beginning PHP section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old December 14th, 2004, 10:23 AM
Authorized User
 
Join Date: Dec 2004
Posts: 18
Thanks: 0
Thanked 0 Times in 0 Posts
Default How to check referring page?

I'd like to make sure no one can access my webpage.php unless it is from my original referring page (menu.php). That is, no one can capture the URL and paste it into their browser. Is there a function in PHP that checks the referring page?

TIA!

 
Old December 14th, 2004, 11:03 AM
Friend of Wrox
 
Join Date: Nov 2003
Posts: 1,285
Thanks: 0
Thanked 2 Times in 2 Posts
Default

The referer is set to

$_SERVER['HTTP_REFERER']

However...
Quote:
quote:Originally found in the PHP Manual
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
-Snib - http://www.snibworks.com
Where will you be in 100 years?
 
Old December 14th, 2004, 11:12 AM
Authorized User
 
Join Date: Oct 2004
Posts: 84
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to SiliconFuRy
Default

You could use sessions, or have menu.php send something via POST and have webpage.php check the content of POST before displaying its content...

In addition, just relying on the referrer is very insecure, and can be spoofed very easily.

Many shoes,

Jamez/SiliconFuRy
 
Old December 16th, 2004, 11:32 AM
Authorized User
 
Join Date: Dec 2004
Posts: 18
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I decided to use Snib's suggestion and it works fine. I'm not trying to keep serious hackers out (they wouldn't be interested) just keeping the casual user from viewing the page source and capturing my training session URLs.

Thank you!

 
Old January 31st, 2005, 10:04 PM
Authorized User
 
Join Date: Dec 2004
Posts: 18
Thanks: 0
Thanked 0 Times in 0 Posts
Default

My code has been working like a charm until I got the bright idea to open the new page in a popup window instead of a new browser window (I couldn't afford the real estate lost to the browser's menu bar, tool bar, etc.).

Now the check for a proper referrer page fails in IE6 while it still behaves normally in Firefox. Arghh....

Any ideas?

TIA!
 
Old February 5th, 2005, 11:12 PM
Registered User
 
Join Date: Feb 2005
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

My suggestion would be to set some type of session variable with the first page and then check for it with the popup page.

Hope this helps...

-ben

Quote:
quote:Originally posted by Dave Brown
 My code has been working like a charm until I got the bright idea to open the new page in a popup window instead of a new browser window (I couldn't afford the real estate lost to the browser's menu bar, tool bar, etc.).

Now the check for a proper referrer page fails in IE6 while it still behaves normally in Firefox. Arghh....

Any ideas?

TIA!

 
Old February 7th, 2005, 12:01 PM
Authorized User
 
Join Date: Dec 2004
Posts: 18
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks for the sugestion. Only problem is that my host doesn't have sessions enabled. That's why I used the referrer page solution.

Basic to my understanding of PHP, I'd still like to know why $_SERVER['HTTP_REFERER'] doesn't work from a pop-up window when it does from a full browser window.

TIA!








Similar Threads
Thread Thread Starter Forum Replies Last Post
referring to the active project tarongeta VBScript 0 February 21st, 2008 04:52 AM
referring methods from different project in VS ajindal General .NET 1 August 17th, 2006 05:42 AM
Check the referring page and decide on opening a n pkballa Javascript 1 March 29th, 2006 02:02 AM
Referring to a Subform mikericc Access 1 April 9th, 2004 04:50 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.