Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How do I check referrer from php ?

Posted on 2003-03-13
8
Medium Priority
?
1,819 Views
Last Modified: 2007-12-19
Hi,

I have a piece of php that sends out an email, but I only need it to send this email if the referrer site was say www.testsite.com, how do I incorporate this ?

Cheers
0
Comment
Question by:MirageSF
7 Comments
 
LVL 5

Accepted Solution

by:
LLMorrisson earned 200 total points
ID: 8126673
Heres a function that should help you out...



function check_referer($addr) {
     
     global $HTTP_REFERER;
     
     if (substr_count($_SERVER["HTTP_REFERER"], $addr)) return true;      // PHP 4.2 and above
     if (substr_count($HTTP_REFERER, $addr)) return true;                 // pre PHP 4.2

return false;

}




Basically the function checks the referer string for any occurance of $addr. If found then it returns true else it returns false.

Due to the changes made to PHP 4.2 I have included both methods of accessing the referer variable, however you can remove the one you don't need depending on your version.

Leaving them both in regardless will not cause any problems.

You will notice that $_SERVER is not defined as being global within the function. This is because it is a "superglobal" variable, and is automatically global in all scopes.

If you have any questions let me know.

LLMorisson.
0
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 8126744
I have had SOME servers not provide HTTP_REFERER.

Instead I've found that HTTP_REFERER_http works.

You can use ...

<?php phpinfo(); ?>

to see all the variables available to you. It is worth checking to see what the name is.

If you create a link to this file, you will see the referer easily.

Regards,

Richard Quadling.
0
 
LVL 4

Expert Comment

by:Oliver_Dornauf
ID: 8127706
HTTP_REFERER is not trusted. Some firewalls/browser omit the referer or change its content (the referer is a client thing)
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 40

Expert Comment

by:Richard Quadling
ID: 8127924
Oh yes.

To truly check the source user, use sessions.
0
 
LVL 2

Expert Comment

by:sumitamar
ID: 8142557
The best way is to compare $_SERVER['HTTP_REFERER'] value with the desired one. Most of the hosting providers now have PHP version above 4.1.0 , that supports this mechanism.
0
 
LVL 2

Expert Comment

by:bobsledbob
ID: 8168849

You have two choices:

1)  Trust the HTTP_REFERRER and do what LLMorison suggests.
2)  Modify the refering site a bit to pass some information to your page, specifying that an email should be generated.  Obviously this only works if you have control over the refering site.

Oliver_Dornauf is correct, HTTP_REFERRER cannot be trusted.  Ie. I wouldn't make a login or something contingent on the referrer.  However, just to generate an email, you can probably get away with trusting it.

Also, from a usability point of view, it might be better than you 'ask' the user if they want the email generated, instead of just automatically sending it.

0
 
LVL 33

Expert Comment

by:snoyes_jw
ID: 11934609
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup topic area:
    Accept: LLMorrisson {http:#8126673}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

snoyes_jw
EE Cleanup Volunteer
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question