PHP: How to get referrer URL?
$_SERVER['HTTP_REFERER']
will give you the referrer page's URL if there exists any. If users use a bookmark or directly visit your site by manually typing in the URL, http_referer will be empty. Also if the users are posting to your page programatically (CURL) then they're not obliged to set the http_referer as well. You're missing all _
, is that a typo?
How can I get Referrer URL with PHP?
I don't have PHP installed at the moment, but you could try using parse_url. This should do it I think:
parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH);
Get original URL referer with PHP?
Store it either in a cookie (if it's acceptable for your situation), or in a session variable.
session_start();
if ( !isset( $_SESSION["origURL"] ) )
$_SESSION["origURL"] = $_SERVER["HTTP_REFERER"];
do something based on referrer URL in php
An easy way is to create an array of allowed values, and use a loop. Create a Boolean value which states if the user is coming from an allowed site, set it to false as default. While looping through the allowed sites, change this Boolean value to true if the referrer matches any of the allowed sites.
$allowed_sites = ['example.com', 'example2.com'];
$referrer_is_allowed = false;
foreach($allowed_sites as $url) {
if(strstr($_SERVER['HTTP_REFERER'], $url)) {
$referrer_is_allowed = true;
}
}
echo $referrer_is_allowed ? 'yes' : 'no';
Keep in mind, this doesn't guarantee that any certain user actually came from the HTTP_REFERER
that you are checking against, for a couple of reasons.
$_SERVER['HTTP_REFERER']
is easily spoofed and can't really be trusted for security.- A referer such as
site_not_allowed.com/example.com
would still pass this check.
You can protect yourself from the second problem at least by checking to see if the referrer website starts with an allowed site, like this:
foreach($allowed_sites as $url) {
$referrer = str_replace(['http://', 'https://'], ['',''], $_SERVER['HTTP_REFERER']);
if(substr($referrer, 0, strlen($url)) === $url) {
$referrer_is_allowed = true;
}
}
How to get the referrer url of post request in php?
Probably the best way to provide security to your Forms are by adding a CSRF Token to your form (http://en.wikipedia.org/wiki/Cross-site_request_forgery).
How it works is every time you render a form you generate a pseudo random code and store it in a session variable and also put the same code as a hidden input in your form.
So when the user posts the form you can validate to see if the csrf tokens are the same.
There is another thread about this so you can maybe take a look at that
(How to properly add CSRF token using PHP)
How to get full referrer url in php
Put this in your script and have a look at it's content;
<pre>
<?php
var_dump($_SERVER);
?>
</pre>
This way you can find out which keys contain 'what'
PHP Allow access to specific referrer url/page only
It will not be safe because referrer data can be easily spoofed. However, if it still fits your needs, then you should be fine with your code already, since $_SERVER['HTTP_REFERER']
contains the full referrer URL and not just the domain. Actually, your present code needs some adjustments because it can't work like that:
<?php
// This is to check if the request is coming from a specific domain
$ref = $_SERVER['HTTP_REFERER'];
$refData = parse_url($ref);
if($refData['host'] !== 'domain.com') {
// Output string and stop execution
die("Hotlinking not permitted");
}
echo "Executing code here";
?>
Note that if you check if HTTP_REFERER is set before checking if it's what you want, people would get to your script without any referrer set at all, so you should check it in any case. Now, checking for a specific URL is much simpler:
<?php
// This is to check if the request is coming from a specific URL
$ref = $_SERVER['HTTP_REFERER'];
if($ref !== 'http://domain.com/page.html') {
die("Hotlinking not permitted");
}
echo "Executing code here";
?>
Related Topics
Byethost Server Passing HTML Values "Checking Your Browser" With Json String
Characters Allowed in PHP Array Keys
How to Find the PHP.Ini For PHP-Cli
How to Remove a Variable from a PHP Session Array
What Exactly Is Path_Info in PHP
PHP How to Start an External Program Running - Having Trouble With System and Exec
How to Strip Trailing Zeros in PHP
Assigning the Return Value of New by Reference Is Deprecated
PHP Getting Domain Name from Subdomain
Find Out How PHP Is Running on Server (Cgi or Fastcgi or Mod_PHP)
Json_Decode Returns Json_Error_Syntax But Online Formatter Says the Json Is Ok
PHP Redirection With Post Parameters
PHP Regex: How to Match \R and \N Without Using [\R\N]
Find Total Number of Results in MySQL Query With Offset+Limit