Http_referer?

[ivalea]

Hello,
A while ago I thought that I read somewhere that HTTP_REFERER could be used to make sure that visitors are coming from a certain page. For example, I want visitors to not gain acces to 2.php unless they've clicked on a link to it from 1.php. I thought that I could use something like:
[code]
<?php

if ($_SERVER['HTTP_REFERER'] != "http://domain.com/1.php") {
    
    header("Location: http://www.domain.com/2.php");

}
?>[/code]

But that is not working. Even when clicking on the link placed in 1.php, 2.php never loads. Any insight on how to accomplish this would be so appreciated. Thanks!

[AV1611]

I log $_SERVER['HTTP_REFERER'] to every visitor to my site, and have found that you often times do not get anything in that data field... don't know if it depends on what os they have or what...

I don't think you can do what you are doing reliably unless on an intranet

[!--quoteo(post=388884:date=Jun 28 2006, 12:08 PM:name=ivalea)--][div class=\'quotetop\']QUOTE(ivalea @ Jun 28 2006, 12:08 PM) [snapback]388884[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Hello,
A while ago I thought that I read somewhere that HTTP_REFERER could be used to make sure that visitors are coming from a certain page. For example, I want visitors to not gain acces to 2.php unless they've clicked on a link to it from 1.php. I thought that I could use something like:
[code]
<?php

if ($_SERVER['HTTP_REFERER'] != "http://domain.com/1.php") {
    
    header("Location: http://www.domain.com/2.php");

}
?>[/code]

But that is not working. Even when clicking on the link placed in 1.php, 2.php never loads. Any insight on how to accomplish this would be so appreciated. Thanks!
[/quote]

[nogray]

Try to print out your $_SERVER['HTTP_REFERER'] in the second page so you know exactly how it looks like (it could be http://domain.com or http://www.domain.com, etc)

[ivalea]

Thanks nogray - I'll give that a try. So is there any other way to accomplish this using PHP?

[curtis_b]

[!--quoteo(post=388907:date=Jun 28 2006, 12:10 PM:name=ivalea)--][div class=\'quotetop\']QUOTE(ivalea @ Jun 28 2006, 12:10 PM) [snapback]388907[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Thanks nogray - I'll give that a try. So is there any other way to accomplish this using PHP?
[/quote]

It's a browser setting, people can turn off http_referer information in their browser.

Yes, there are numerous ways to control content access. One way could be to add a hidden form field with a default value on page 1 (your next button would be a submit button), then on page 2 you could have the script reset the header if that hidden variable doesn't exist / isn't correct.

Personally, I wouldn't even bother with multiple php files, you can accomplish the same functionality all in one php script. Your script would first check which 'step' the user is on and grab the relavent content from a database (or hardcoded in conditional includes), at the end of the script you can reset which 'step' the user will go on to the next time the script reloads itself. The 'step' variable could be a session variable or a hidden field in POST.

hope that helps, there are many other ways to accomplish the same thing.

Curt

[.josh]

make a session variable with a certain value on page1.php and check for it in page2.php