kaiman Posted October 14, 2011 Share Posted October 14, 2011 Hi Everyone, I have a script (displayed below) that is supposed to block direct access to certain directories using HTTP_REFERER but is proving to be unreliable due to the fact that many modern browsers (such as Firefox) and firewalls don't pass this information on correctly (or at all). My question is is there a better way to do this and does anyone have examples of code that has worked for them in the past? Thanks for the help, kaiman <? $referrer = $_SERVER['HTTP_REFERER']; // set page that it is okay to access from if (preg_match("http://www.domain.com/scripts/php/contactform.php",$referrer)) { header('Location: http://www.domain.com/contact/error/'); } // otherwise redirect to another page else { header('Location: http://www.domain.com/contact/'); }; ?> Link to comment https://forums.phpfreaks.com/topic/249152-better-way-to-do-this/ Share on other sites More sharing options...
KevinM1 Posted October 14, 2011 Share Posted October 14, 2011 Why not use a session variable? Set the session variable in your contact form page, and then when the user is redirected, check for it. Link to comment https://forums.phpfreaks.com/topic/249152-better-way-to-do-this/#findComment-1279479 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.