How do I check referrer from php ?

Posted on 2003-03-13
Medium Priority
Last Modified: 2007-12-19

I have a piece of php that sends out an email, but I only need it to send this email if the referrer site was say www.testsite.com, how do I incorporate this ?

Question by:MirageSF
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

LLMorrisson earned 200 total points
ID: 8126673
Heres a function that should help you out...

function check_referer($addr) {
     global $HTTP_REFERER;
     if (substr_count($_SERVER["HTTP_REFERER"], $addr)) return true;      // PHP 4.2 and above
     if (substr_count($HTTP_REFERER, $addr)) return true;                 // pre PHP 4.2

return false;


Basically the function checks the referer string for any occurance of $addr. If found then it returns true else it returns false.

Due to the changes made to PHP 4.2 I have included both methods of accessing the referer variable, however you can remove the one you don't need depending on your version.

Leaving them both in regardless will not cause any problems.

You will notice that $_SERVER is not defined as being global within the function. This is because it is a "superglobal" variable, and is automatically global in all scopes.

If you have any questions let me know.

LVL 40

Expert Comment

by:Richard Quadling
ID: 8126744
I have had SOME servers not provide HTTP_REFERER.

Instead I've found that HTTP_REFERER_http works.

You can use ...

<?php phpinfo(); ?>

to see all the variables available to you. It is worth checking to see what the name is.

If you create a link to this file, you will see the referer easily.


Richard Quadling.

Expert Comment

ID: 8127706
HTTP_REFERER is not trusted. Some firewalls/browser omit the referer or change its content (the referer is a client thing)
WordPress Tutorial 3: Plugins, Themes, and Widgets

The three most common changes you will make to your website involve the look (themes), the functionality (plugins), and modular elements (widgets).

In this article we will briefly define each again, and give you directions on how to install them.

LVL 40

Expert Comment

by:Richard Quadling
ID: 8127924
Oh yes.

To truly check the source user, use sessions.

Expert Comment

ID: 8142557
The best way is to compare $_SERVER['HTTP_REFERER'] value with the desired one. Most of the hosting providers now have PHP version above 4.1.0 , that supports this mechanism.

Expert Comment

ID: 8168849

You have two choices:

1)  Trust the HTTP_REFERRER and do what LLMorison suggests.
2)  Modify the refering site a bit to pass some information to your page, specifying that an email should be generated.  Obviously this only works if you have control over the refering site.

Oliver_Dornauf is correct, HTTP_REFERRER cannot be trusted.  Ie. I wouldn't make a login or something contingent on the referrer.  However, just to generate an email, you can probably get away with trusting it.

Also, from a usability point of view, it might be better than you 'ask' the user if they want the email generated, instead of just automatically sending it.

LVL 33

Expert Comment

ID: 11934609
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup topic area:
    Accept: LLMorrisson {http:#8126673}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

EE Cleanup Volunteer

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question