PHP: How to Get Referrer Url

PHP: How to get referrer URL?

$_SERVER['HTTP_REFERER'] will give you the referrer page's URL if there exists any. If users use a bookmark or directly visit your site by manually typing in the URL, http_referer will be empty. Also if the users are posting to your page programatically (CURL) then they're not obliged to set the http_referer as well. You're missing all _, is that a typo?

How can I get Referrer URL with PHP?

I don't have PHP installed at the moment, but you could try using parse_url. This should do it I think:

parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH);

Get original URL referer with PHP?

Store it either in a cookie (if it's acceptable for your situation), or in a session variable.

session_start();

if ( !isset( $_SESSION["origURL"] ) )
    $_SESSION["origURL"] = $_SERVER["HTTP_REFERER"];

do something based on referrer URL in php

An easy way is to create an array of allowed values, and use a loop. Create a Boolean value which states if the user is coming from an allowed site, set it to false as default. While looping through the allowed sites, change this Boolean value to true if the referrer matches any of the allowed sites.

$allowed_sites = ['example.com', 'example2.com'];

$referrer_is_allowed = false;

foreach($allowed_sites as $url) {
    if(strstr($_SERVER['HTTP_REFERER'], $url)) {
        $referrer_is_allowed = true;
    }
}

echo $referrer_is_allowed ? 'yes' : 'no';

Keep in mind, this doesn't guarantee that any certain user actually came from the HTTP_REFERER that you are checking against, for a couple of reasons.

1. $_SERVER['HTTP_REFERER'] is easily spoofed and can't really be trusted for security.
2. A referer such as site_not_allowed.com/example.com would still pass this check.

You can protect yourself from the second problem at least by checking to see if the referrer website starts with an allowed site, like this:

foreach($allowed_sites as $url) {
    $referrer = str_replace(['http://', 'https://'], ['',''], $_SERVER['HTTP_REFERER']);
    if(substr($referrer, 0, strlen($url)) === $url) {
        $referrer_is_allowed = true;
    }
}

How to get the referrer url of post request in php?

Probably the best way to provide security to your Forms are by adding a CSRF Token to your form (http://en.wikipedia.org/wiki/Cross-site_request_forgery).

How it works is every time you render a form you generate a pseudo random code and store it in a session variable and also put the same code as a hidden input in your form.

So when the user posts the form you can validate to see if the csrf tokens are the same.

There is another thread about this so you can maybe take a look at that
(How to properly add CSRF token using PHP)

How to get full referrer url in php

Put this in your script and have a look at it's content;

<pre>
<?php
var_dump($_SERVER);
?>
</pre>

This way you can find out which keys contain 'what'

PHP Allow access to specific referrer url/page only

It will not be safe because referrer data can be easily spoofed. However, if it still fits your needs, then you should be fine with your code already, since $_SERVER['HTTP_REFERER'] contains the full referrer URL and not just the domain. Actually, your present code needs some adjustments because it can't work like that:

<?php
// This is to check if the request is coming from a specific domain
$ref = $_SERVER['HTTP_REFERER'];
$refData = parse_url($ref);

if($refData['host'] !== 'domain.com') {
  // Output string and stop execution
  die("Hotlinking not permitted");
}

echo "Executing code here";
?>

Note that if you check if HTTP_REFERER is set before checking if it's what you want, people would get to your script without any referrer set at all, so you should check it in any case. Now, checking for a specific URL is much simpler:

<?php
// This is to check if the request is coming from a specific URL
$ref = $_SERVER['HTTP_REFERER'];

if($ref !== 'http://domain.com/page.html') {
  die("Hotlinking not permitted");
}

echo "Executing code here";
?>

---

Related Topics