Solved

CGI referer dilemma

Posted on 1998-07-17
13
280 Views
Last Modified: 2013-12-25
Hello!

I have a shopping cart CGI program that I have customized to fit my needs.  In the store, when you click on the order image it orders the product (of course) except when there are other options (i.e. different sizes, colors, etc.) for the product.  The options are shown via pop-up window.  In this pop up window, there are more order images for each product option.  Upon clicking one of these images, the pop-up window disappears and the main window proceeds to the shopping cart.
My dilemma is this:  There is a referer in the CGI to allow the shopper to continue shopping from the page they came from.  When an item is ordered from a pop-up window, the referer is the pop-up window rather than the main page.  Therefore, when the shopper "continues shopping", the referer places the pop-up window's contents in the main browser window rather than the main shoping page's contents.  

Is there a way to program the CGI script to send them to another specific page if they have come from a certain page(rather than just a plain referer)?

If the above will not work, is there possibly something else that I could do to solve this problem?  

We do not want to get rid of the pop-up windows as they are vital to the "feel" of the site.

I hope I have explained my problem so as not to confuse anyone too terribly!  <g>  Thanks so much in advance for your time.
Warmest regards,
H. Poston
 
0
Comment
Question by:heather8
  • 5
  • 4
  • 2
  • +2
13 Comments
 

Author Comment

by:heather8
ID: 1830809
Edited text of question
0
 
LVL 6

Expert Comment

by:alamo
ID: 1830810
Do I correctly assume that clicking on an image does a form submit (rather than being a simple link?)

If so- when you pop up the window, place a hidden field, let's call it RealReferer, into the form, with the address of the main page. In your CGI script look for the form field RealReferer and if it's present, use it instead of HTTP_REFERER.

Hope this helps, if it does I'll repost it as an answer rather than as a comment.
0
 
LVL 6

Expert Comment

by:alamo
ID: 1830811
For that matter, if the images are a simple links (generally a bad idea, anyway) you could either encode the RealReferer in the link or possibly turn them into form submittals.
0
 
LVL 1

Expert Comment

by:mikegrb
ID: 1830812
additionaly in answer to your question about alternate methods the following two lines of perl will acomplish a redirection:
print "Status: 302\n";
print "Location: $location_to_send_to\n\n";

0
 

Author Comment

by:heather8
ID: 1830813
Hi alamo!

Thanks so much for your timely response!  I think that it sounds *exactly* like what I am looking for but I am still unsure how to go about implementing that.  You are correct about the images performing a form submit.  Basically, you are saying to add a line such as this:
<INPUT TYPE=hidden NAME=RealReferer VALUE=http://www.whatever.com>

Am I correct so far?

Then you stated:
"In your CGI script look for the form field RealReferer and if it's present, use it instead of HTTP_REFERER."

Do you mean to change all occurances of the text phrase 'HTTP_REFERER' to the phrase 'RealReferer'?  Or am I misreading that.  In my CGI script there is no form field RealReferer as it stands now.

Please forgive my ignorance.  I am fairly new at CGI and haven't quite mastered it yet!  <VBG>  If this seems like a very complex question (it does to me!) I would be happy to increase the points if you feel that it is necessary.

Thanks again!
0
 
LVL 84

Expert Comment

by:ozo
ID: 1830814
How does your script use HTTP_REFERER now?
How are you getting form fields now?
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 1

Expert Comment

by:mikegrb
ID: 1830815
<INPUT TYPE=hidden NAME=RealReferer VALUE=http://www.whatever.com>
should be
<INPUT TYPE=hidden NAME="RealReferer" VALUE="http://www.whatever.com">
and if, for example you are using cgi-lib.pl to get input then you could say:
$ReferTo = $input{RealReferer} || $ENV{HTTP_REFERER};
of corse that is assuming that it is in perl :)

Good Luck and keep the info coming!
0
 
LVL 6

Expert Comment

by:alamo
ID: 1830816
Hi Heather,

>Do you mean to change all occurances of the text phrase 'HTTP_REFERER' to the phrase 'RealReferer'?

(I will use perl syntax for convenience, you haven't said what language you are using)

At the point near the end of your program where you tell the browser to go to the next page, it right now probably says something like:
print "Location: $ENV{HTTP_REFERER}\n\n";

I am saying to change to
if (exists $formfield{RealReferer}) {
   print "Location: $formfield{RealReferer}\n\n";
}
else {
   print "Location: $ENV{HTTP_REFERER}\n\n";
}
(this is similar to what mikegrb just posted, but a little more plainly)

I am making the assumption that when you parse the form fields passed to the script, you do it in a general-purpose manner, storing the results so the rest of the program need just check what it needs to. (This is how you should be doing it, anyway).

You had the hidden field syntax right. (The "" around field names and values are usually unnecessary, though they don't hurt).

If you aren't using perl, let us know what language you are using, and what CGI program you started with (if it's available on the net).
0
 

Expert Comment

by:rstabl
ID: 1830817
In the context of a similar project I did the following:
Encode all the information you want to keep during the navigation of the user into the url. A CGI script is part of the url and evaluates the rest of the url.

For example:
  "http://some.where/iam/thescript/and/get/the/info"
looks like a "nice" url, but "thescript" is actually a CGI scripts that uses "and/get/the/info" to decide what to do next.

The user isn't confused by a strange url and no forms or cookies have to be used.

In your case the popup window would be generated by "http://somewhere/the/popup/showsthis/from/here". It contains links back to "http://some.where/the/cart/was/here". "cart" and "popup" are CGI scripts, resp., "here" is the placeholder for the "refering" page.

0
 

Author Comment

by:heather8
ID: 1830818
Hello rstabl!

Thank you for your answer.  However, I was already following the advice of alamo because alamo had already answered my question.  I am new to Experts Exchange and so I am not quite sure how to proceed.  Could someone please advise?  If you would prefer to e-mail me, that would be great too.

I apologize for the inconvenience.
H. Poston
heather8@zdnetmail.com
0
 
LVL 6

Accepted Solution

by:
alamo earned 170 total points
ID: 1830819
Heather,

It sounds like you are well on your way to getting this to work... so the next step is for me to lock the question so you can grade me, once your problem is solved.

If there's anything that's unclear or not working, just ask!
0
 

Author Comment

by:heather8
ID: 1830820
Hi again!
I know that this is what I need to solve my problem, although I am still having trouble with it. <sigh>

Here is a sample of my code so that you can see where my dilemma is:

sub Add_to_cart
{
   $referer = $ENV{'HTTP_REFERER'};
   if ($display_table_every_time)
   {
      print "Content-type: text/html\n\n";
      &Display_Table;
   }
   else
   {
      print "location: $referer\n\n";
   }
}

sub Display_cart
{
   print "Content-type: text/html\n\n";
   $referer = $ENV{'HTTP_REFERER'};
   &Display_Table;
}

I an not sure how to implement an if/else statement within an existing if/else statement or even if that is 'appropriate'.
If you have any ideas about this I would appreciate it very much.

Thanks for all of your help,
Heather
0
 
LVL 6

Expert Comment

by:alamo
ID: 1830821
Hi,

Just to keep the changes to a minimum, we'll use the very simple but slightly-more-cryptic version:

If we assume that your form fields are in $input{} then change the lines which look like

$referer = $ENV{'HTTP_REFERER'};

so they look like

$referer = $input{'RealReferer'} || $ENV{'HTTP_REFERER'};

What this does is use the value of $input{'RealReferer'} unless there is nothing there, in which case it uses the value of $ENV{'HTTP_REFERER'}.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

This tutorial will discuss fancy secure registration forms, with AJAX technology support. In this article I assume you already know HTML and some JS. I will write the code using WhizBase Server Pages, so you need to know some basics in WBSP (you mig…
If you get a (Blue Screen of Death), your system writes a small file called a minidump. Your first step is to make certain your computer is setup to record memory dumps. Right click My Computer, choose properties. Click on the advanced tab, an…
Learn the basics of strings in Python: declaration, operations, indices, and slicing. Strings are declared with quotations; for example: s = "string": Strings are immutable.: Strings may be concatenated or multiplied using the addition and multiplic…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now