Check for referring page

Morning PHP Experts!

How can I check this code to be sure it only works when linked from a specific page on my site?  If the referrer is not mypage.php then I want to set session(errorsession) to "nocheck" and redirect to errorpage.asp


<?php

include("xmlrpc.inc");
define("XMLRPC_DEBUG", 1);
Header("Content-type: text/html");

$array["Channel"]            = "mychan";
$array["StringValue"]       = "hello world"
$array["IntValue"]            =2

        list($success2, $response) = XMLRPC_request('xmlrpc.remotesite.com', '/cgi-bin/xmlrpc.cgi', 'llRemoteData', array(XMLRPC_prepare($array)));
            $resp_key = $response["StringValue"];

    if ($resp_key == 'Confirmed') {
    header('location:complete.asp');
    } else {
      set_time_limit(28);
          header('location:error.asp');
    }
?>
JuniorBeeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

KennyTMCommented:
Hi.

You can check the content of $_SERVER['HTTP_REFERER'] . If $_SERVER['HTTP_REFERER'] == 'http://www.your-host.com/mypage.php' then the client may proceed. Otherwise set the session and do the redirection.
0
JuniorBeeAuthor Commented:
I am sorry, I know very little about PHP syntax.  Could you possibly copy and paste my code so I can see where it all goes?
I tried just putting that at the top, but it did not work.
=/
0
siliconbritCommented:

<?php

include("xmlrpc.inc");
define("XMLRPC_DEBUG", 1);
Header("Content-type: text/html");

if ( $_SERVER['HTTP_REFERER'] == 'http://www.your-host.com/mypage.php' )  {

   $array["Channel"]          = "mychan";
   $array["StringValue"]      = "hello world"
   $array["IntValue"]          =2

   list($success2, $response) = XMLRPC_request('xmlrpc.remotesite.com', '/cgi-bin/xmlrpc.cgi', 'llRemoteData', array(XMLRPC_prepare($array)));

   $resp_key = $response["StringValue"];

   if ($resp_key == 'Confirmed') {
      header('location:complete.asp');
   } else {
      set_time_limit(28);
      header('location:error.asp');
   }

} else {

   echo "<h1>Not from my site</h1>"

}

?>
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
siliconbritCommented:


It's also worth noting that HTTP_REFERER is not guarenteed to be what you expect.  This is for two reasons:

1) The responsibility for setting it is given to the browser, and some browsers do not set it.

2) It is easy to write code that sets the HTTP_REFERER to whatever value is required to get through your security. Some browsers even provide a feature where you can set this.

A better solution is to host on Apache, and get the headers from the apache server direct:

<?php
 
   $webserver=apache_request_headers();

   if( !eregi ( 'yourdomain.com', $host[Referer]) ) {

      /* Your code goes here */

     
   }else{

      /* Code to reject the call */

   }

?>

0
siliconbritCommented:

Sorry - typo:

<?php
 
   $webserver=apache_request_headers();

   if( !eregi ( 'yourdomain.com', $webserver[Referer]) ) {

      /* Your code goes here */

     
   }else{

      /* Code to reject the call */

   }

?>
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.