Hi,

How can I get the refering page's url with php script.

I tried this:

if (!isset($_SERVER['HTTP_REFERER'])) {
 $referer = "No Referer";
}
else {
 $referer = $_SERVER['HTTP_REFERER'];
}

It's working, but it's just get the requested url in my page.

I need refering page's url. Is it possible?

xZs

It is $_SERVER['HTTP_REFERER']

But, remember that there is no refering page if you load up the page directly. It is also possible to spoof the HTTP_REFERER, since this is provided by the browser. So it shouldn't be relied upon too heavily. And a third variable, the name of the variable may change depending on your HTTP server, that should work if the HTTP server is Apache. It may be the same for IIs, Xitami, etc, but I'm not sure.

HTH!

Regards,
Rich

--
[http://www.smilingsouls.net]
Mail_IMAP: A PHP/C-Client/PEAR solution for webmail
Author: Beginning CSS: Cascading Style Sheets For Web Design

spoof the HTTP_REFERER (???)

Certainly. In fact any information a browser provides can be spoofed. I could write a robot, in PHP in fact, that announces I am Firefox 1.0 or MSIE 6 and just came from a URL on your site, when really I am an evil spam bot harvesting email addresses or malware of some kind launching a DOS attack, or something else equally as evil. That information (User agent string and referring url) is sent in the HTTP request headers. Not terribly difficult information to forge for the motivated programmer.

One possible use of the HTTP_REFERER variable is to ensure that a form has been posted from a page on the same website. This is done to keep malware from posting to the form from elsewhere, or to prevent DOS attacks, or whatever else a hacker might do. However, it is a pretty flimsy authentication that is easily bypassed.

It can also be pretty useful for other more benign things too though. For instance forwarding requests from a dynamic 404 error page. Remembering the URL that requested a login page, so that after login the user can be sent back to that page.

Regards,
Rich

--
[http://www.smilingsouls.net]
Mail_IMAP: A PHP/C-Client/PEAR solution for webmail
Author: Beginning CSS: Cascading Style Sheets For Web Design

Another use for it is in sessions.

I made a session class that passed the session ID (SID) from page to page without the need for cookies and without the need to append the SID to the end of every URL in the page.

How it works:

When a user logs in (or otherwise begins their session) they are redirected to a page with the SID amended to the end of the URL. When they click on a link, the requested page gets the SID from the HTTP_REFERER URL, and redirects the user to $_SERVER['PHP_SELF']."?SID=$sid".

In theory it allowed users with cookies disabled to be able to use sessions, even if the webmaster didn't manually add the SID to the end of each URL, but it would cause infinite loops if someone had both cookies AND HTTP_REFERERs turned off in their browser (it's possible to stop your browser from sending the HTTP_REFERER when it requests pages).

If you're interested to see just what your browser is sending to web pages, then you might consider running a packet sniffer (such as ethereal) while you request a page. You can also go to http://www.colinhorne.co.uk/~colin/p...fined_vars.php (view the pages source), to see all the variables that are set when you view my webpage.

You'll probably be most interested in the $_SERVER array.

Cheers

--
Please contact me at:
Colin (dot) Horne (at) gmail (dot) com