[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Check Referring URL

Posted on 2005-04-17
7
Medium Priority
?
551 Views
Last Modified: 2012-06-27
Hi Guys:


I just want to check at the top of the page to see if the website the user has come from, was within my domain ? If not, redirect to a specific URL ?

Anyone able to help me here ? :) Thanks in advance...
0
Comment
Question by:SR301
7 Comments
 
LVL 6

Expert Comment

by:alextr2003fr
ID: 13803215
something like this, should help you :
example :
   if (!ereg($_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'], $_SERVER['HTTP_REFERER'])) {
           echo 'another host';
   } else {
           echo 'same host';
   }
0
 
LVL 32

Expert Comment

by:ldbkutty
ID: 13803228
I normally store the pagename in session and in the next pages, check if the page is coming from the previous page. If not, redirect to somewhere (say to index page)

Here's an example:

page1.php
=======

<?php
session_start();
$_SESSION['auth_page'] = basename($_SERVER['PHP_SELF']);
// Your stuff
?>

page2.php
=======

<?php
session_start();
if(!isset($_SESSION['auth_page']) || $_SESSION['auth_page'] != 'page1.php')
{
    header("Location: redirectpage.php");
    exit();
}
// Your stuff
?>

// In most cases, you might want page2.php to be accessed from pages other than page1.php. In that situation, define an array of allowable pages and use in_array to check the authentication of page accessing.

// If you dont want to do page-by-page authentication, $_SERVER['HTTP_HOST'] will return the current host name with which you can identify from where the page is getting accessed.
0
 
LVL 32

Expert Comment

by:ldbkutty
ID: 13803233
The problem with $_SERVER['HTTP_REFERER'] is that it is client side dependant and not recommended to use. That is one reason I store the pages in session.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 6

Expert Comment

by:alextr2003fr
ID: 13803258
yes I agree with you ldbkutty, your method is more secure and reliable, need little bit more space on the disk though (not a lot) if there is a lot of requests on the server, but it is not a problem at all.
0
 

Author Comment

by:SR301
ID: 13803434
ldbkutty : All I want to check is if the page before hand, was within my domain, if not, direct to another page... Thanks!
0
 
LVL 2

Expert Comment

by:donel
ID: 13804381
try this
ob_start(); // set it on the top of your php page

// here for PHP 4.3.4 or above
if (!ereg($_SERVER['HTTP_HOST'],$_SERVER['HTTP_REFERER'])) {
           header("location:".$_SERVER['HTTP_REFERER']);
   }

// here for PHP 4.0 or below

if (!ereg($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['HTTP_REFERER'])) {
           header("location:".$HTTP_SERVER_VARS['HTTP_REFERER']);
   }

thanks & best regards,
donel
0
 
LVL 32

Accepted Solution

by:
ldbkutty earned 200 total points
ID: 13808070
The only safe method which I think is to set a session variable in the "previous" pages of the secured page. For example, if mypage.php is the page where you want to check it comes from your domain.

If index.php, page1.php and page3.php are the pages which occurs before the mypage.php, do like this in index.php, page1.php and page3.php:

<?php
session_start();
$_SESSION['auth_page'] = basename($_SERVER['HTTP_HOST']);
// Your stuff here..
?>

and in mypage.php:

<?php
session_start();
if(!isset($_SESSION['auth_page']) || empty($_SESSION['auth_page']))
{
    header("Location: redirectpage.php");
    exit();
}
// your stuff
?>
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses four methods for overlaying images in a container on a web page
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses
Course of the Month18 days, 8 hours left to enroll

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question