Dismounted
59.***.***.***
Show Referer Info
Show Referer Info
This just shows where the visitor came from
Paste this into a PHP file:
<?php echo $_SERVER['HTTP_REFERER']; ?>
Done! :)
penguinmama
12.***.***.***
also, I made some "backend" scripts a little 'safer' using this variable...
if ($_SERVER['HTTP_REFERER'] !== "http://www.domain.com/scriptname.php") { die("You are attempting to access this page incorrectly."); }
(That may not be exactly right; I didn't go back and look)
Dismounted
59.***.***.***
Yes, that is right, but could be more spaced out for easier reading :p.
if ( $_SERVER['HTTP_REFERER'] !== "http://www.domain.com/scriptname.php" )
{
die("You are attempting to access this page incorrectly!");
}
Darkneoboi
68.***.***.***
You guys made one mistake
if ( $_SERVER['HTTP_REFERER'] != "http://www.domain.com/scriptname.php" )
{
die("You are attempting to access this page incorrectly!");
}
There should only be one equal sign, since != mean not equal too. !== means nothing.
Dismounted
59.***.***.***
!= means is true if the first value is not equal to the second.
!== means is true if the first value is not equal to the second or they are not the same type.
So basically they're the same.
Darkneoboi
68.***.***.***
Ok, i didn't realize that, i have learned a lot since i came here already. Thank you for that. Maybe i could help you with some scripting one day.
penguinmama
12.***.***.***
All I know is, it worked! It's good to know *why* though :) Thanks, Dismounted!
penguinmama;160:
also, I made some "backend" scripts a little 'safer' using this variable...
if ($_SERVER['HTTP_REFERER'] !== "http://www.domain.com/scriptname.php") { die("You are attempting to access this page incorrectly."); }
(That may not be exactly right; I didn't go back and look)
what is the purpose of adding this die statement?
Logik;572:
what is the purpose of adding this die statement?
To end access to the page if the referer is not the preset value. Presumably only as an added security measure because there are two big problems with this;
1) That particular script will also flunk visitors who clicked from the legit referer page if it is not referenced the exact same way (www.domain.com vs. domain.com /// scriptname.php? vs scriptname.php /// etc). It would be better to parse_url out the host and then strip any subdomains.
2) The HTTP_REFERER is supplied by the client and can be anything the visitor wants it to be any way, if not with a bare-bones standard browser then with an addon or with a simple script.