[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Check for referring page

Posted on 2006-04-25
5
Medium Priority
?
1,736 Views
Last Modified: 2012-06-27
Morning PHP Experts!

How can I check this code to be sure it only works when linked from a specific page on my site?  If the referrer is not mypage.php then I want to set session(errorsession) to "nocheck" and redirect to errorpage.asp


<?php

include("xmlrpc.inc");
define("XMLRPC_DEBUG", 1);
Header("Content-type: text/html");

$array["Channel"]            = "mychan";
$array["StringValue"]       = "hello world"
$array["IntValue"]            =2

        list($success2, $response) = XMLRPC_request('xmlrpc.remotesite.com', '/cgi-bin/xmlrpc.cgi', 'llRemoteData', array(XMLRPC_prepare($array)));
            $resp_key = $response["StringValue"];

    if ($resp_key == 'Confirmed') {
    header('location:complete.asp');
    } else {
      set_time_limit(28);
          header('location:error.asp');
    }
?>
0
Comment
Question by:JuniorBee
  • 3
5 Comments
 
LVL 8

Expert Comment

by:KennyTM
ID: 16534410
Hi.

You can check the content of $_SERVER['HTTP_REFERER'] . If $_SERVER['HTTP_REFERER'] == 'http://www.your-host.com/mypage.php' then the client may proceed. Otherwise set the session and do the redirection.
0
 

Author Comment

by:JuniorBee
ID: 16534498
I am sorry, I know very little about PHP syntax.  Could you possibly copy and paste my code so I can see where it all goes?
I tried just putting that at the top, but it did not work.
=/
0
 
LVL 11

Accepted Solution

by:
siliconbrit earned 2000 total points
ID: 16534597

<?php

include("xmlrpc.inc");
define("XMLRPC_DEBUG", 1);
Header("Content-type: text/html");

if ( $_SERVER['HTTP_REFERER'] == 'http://www.your-host.com/mypage.php' )  {

   $array["Channel"]          = "mychan";
   $array["StringValue"]      = "hello world"
   $array["IntValue"]          =2

   list($success2, $response) = XMLRPC_request('xmlrpc.remotesite.com', '/cgi-bin/xmlrpc.cgi', 'llRemoteData', array(XMLRPC_prepare($array)));

   $resp_key = $response["StringValue"];

   if ($resp_key == 'Confirmed') {
      header('location:complete.asp');
   } else {
      set_time_limit(28);
      header('location:error.asp');
   }

} else {

   echo "<h1>Not from my site</h1>"

}

?>
0
 
LVL 11

Expert Comment

by:siliconbrit
ID: 16534703


It's also worth noting that HTTP_REFERER is not guarenteed to be what you expect.  This is for two reasons:

1) The responsibility for setting it is given to the browser, and some browsers do not set it.

2) It is easy to write code that sets the HTTP_REFERER to whatever value is required to get through your security. Some browsers even provide a feature where you can set this.

A better solution is to host on Apache, and get the headers from the apache server direct:

<?php
 
   $webserver=apache_request_headers();

   if( !eregi ( 'yourdomain.com', $host[Referer]) ) {

      /* Your code goes here */

     
   }else{

      /* Code to reject the call */

   }

?>

0
 
LVL 11

Expert Comment

by:siliconbrit
ID: 16534719

Sorry - typo:

<?php
 
   $webserver=apache_request_headers();

   if( !eregi ( 'yourdomain.com', $webserver[Referer]) ) {

      /* Your code goes here */

     
   }else{

      /* Code to reject the call */

   }

?>
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses
Course of the Month17 days, 16 hours left to enroll

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question