can i check for http_referrer on my site somehow without people spoofing it?

[arianhojat]

hmmm maybe my memory is shot but i coulda swore i posted this a couple hours ago.

Admins please let me know if this is viewed as a 'hacker' question and maybe that is why it was removed, i assure it is not.

 

I want to be able to NOT let users come into my site if they come anywhere but from certain websites.

So the user is anonymous but as long as he browses from site A to mine, then i will let him in.

 

Otherwise I send him to like a "Sorry, it seems you did not come from 'site A'" message.

 

Thanks,

Arian

[trq]

Sorry, but there is no reliable way of doing this because the HTTP_REFERER is created (and can be changed) by the client.

[arianhojat]

poop. maybe ill take the risk only max 1% of people would even know how to do it, and cant do anything malicious in my site.