I have develop a simple modal box and I added $_SERVER["HTTP_REFERER"] so from specific referrer to do not appear. It works fine but the $_SERVER["HTTP_REFERER"] is not working on Mozilla. Is there any other way to do this?
I am using the simple PHP code:
if ($_SERVER["HTTP_REFERER"] == "www.thedomain.com/article.php"){
//Code to do not show the modal box
}else{
//code to show the modal box
}
As explained, you can't rely on the referrer. Some users choose to disable the referrer altogether, and over HTTPS it's always blank.
Just use a query string parameter, like &modal=true.
'HTTP_REFERER' -
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
http://php.net/manual/en/reserved.variables.server.php
In other words, you should not be relying on this value in your code. That said there is not really a better reliable way to get this information. You simply do not always have access to this information from the user's browser.
Related
This is what I'm using after every form to go back to the previous page in a multi-page form:
$url = htmlspecialchars($_SERVER['HTTP_REFERER']);
echo "<a href='$url'>GO BACK</a>";
But I'm not sure if it will work fine. Is there any better method for going back to the previous page. I don't want to use header (location:), maybe multiple submit, i.e. one to submit the form and another for going. But I'm not sure how to implement it properly.
As it is said in the documentation, not all user agents set referer:
'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
In other words, $_SERVER['HTTP_REFERER'] may be empty.
I would rather use JavaScript:
Back
Sometimes it is possible to determine the previous page by the logic of your application. For example, if a page "Step 2" goes after a page "Step 1", then I would generate a URL according to the logic: /registration/step1, /registration/step2, etc. This is the most reliable way.
I looked up the manual on php.net for $_SERVER['HTTP_REFERER'] and it explicity says that it is unreliable depending on the browser being used on the client side. Is there a consistent replacement that I can use to redirect websites to the referring link?
EDIT: I didn't realize the error in my question until someone pointed it out in the comments - this is for an internal url as I'm trying to auto-redirect the sign-out button so a user doesn't have to see a separate message like 'you have been successfully logged out'
you can pass the location to go back to in the sign-out link\button. if its a link you can add it to the url, if a button a hidden form field.
<a href="/sign-out.php?back=CURRENT_URL">
form
<input type="hidden" name="back" value="CURRENT_URL">
CURRENT_URL =$_SERVER['PHP_SELF'], or what ever is appropriate for your system.
In short no, and do not rely on HTTP_REFERER either as its unreliable and unsafe.
From the PHP manual:
The address of the page (if any) which referred the user agent to the
current page. This is set by the user agent. Not all user agents will
set this, and some provide the ability to modify HTTP_REFERER as a
feature. In short, it cannot really be trusted.
Other solution is to use javascript for that, something like this:
<?php
echo "<script>history.go(-1);</script>";
?>
I thought this would be simple, but I can't figure it out or find any relavent search results.
I have a Page Tab on my Facebook Page that loads a page from my server in an iframe. I want the page to only be served if Facebook is requesting it.
I've heard of looking at the User Agent, but that doesn't work. With PHP at least... I think.
If I have to I'll resort to redirecting with JavaScript, but that's just sloppy.
Ideally it would look something like this;
<?php
...
if ( ! $is_facebook )
{
header("HTTP/1.1 404 Not Found");
}
?>
You could just check the signed_request parameter as described at http://developers.facebook.com/docs/authentication/signed_request/ . If you don't need much security just checking for its presence should be enough. If you need more certainty you can decode it to verify it really came from Facebook.
You don't want to check the user agent you want to check for the referrer but its not entirely reliable
$_SERVER['HTTP_REFERER']
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
is there a way for php to tell if an address is directly typed by user or coming from a click or any other method that in the end will result a php-generated page?
this question is purely out of curiosity so the urgency is very, very low. but thank you if you want to spare sometime to answer. :D
You could use $_SERVER['HTTP_REFERER']. It should be set to the page that referred the user to your page. If the user typed the address in, it will be empty.
However, beware, it is not reliable, and can be easily modified by the user. As the PHP doc says, you can't really trust it.
In general, you can't.
0) typed (or copy-pasted!) links - REFERER will be empty
1) links clicked on a webpage - REFERER will be set
2) links clicked in an email client (not web based like gmail) - REFERER will be empty
3) links loaded as a home page - REFERER will be empty
4) links loaded from bookmarks - REFERER will be empty
So using PHP $_SERVER['HTTP_REFERER'] variable you can only distinguish case 1 from all the other cases...
You can look at the http_referrer, for a webpage loaded by directly typing in address bar it should not have any referrer but the page that was loaded by some click will have a referrer.
Using http_referrer for this purpose is very unreliable. HTTP_REFERRER is empty when the user types the URL in some browsers. It is NULL in Chrome 19, it is NOT NULL in IE8.
$direct = (bool)$_SERVER['HTTP_REFERER'];
So, I can use getenv('HTTP_REFERER') to get an URL which the member has visited previously, but it works only if it's the same website. I want this:
for example. the member firstly visits google.com then goes to my website. I want to show him, that previously he visited a google.com website. How can I do it if it's possible?
$_SERVER['HTTP_REFERER'] works fine for either case, as long as they followed a link from google.com to get to your site. Example: http://mrozekma.com/referer.php
You can only use the HTTP_REFERER header, and capture it the moment the visitor comes to your site. It might not be set, it might be false. There is no other way (and rightly so, I value my privacy). If you need to 'remember' the data store it in a session.
The simple answer is this is not possible. You can get the direct referrer if you're lucky, but nothing else (i.e. not the referrer of the referrer for example). Being able to retrieve the full history of a browser tab via JavaScript or post-back would be a major security issue.
Grabbing a browser's history is considered a breach of privacy, so any method that might exist to grab it would be considered a security bug in the browser.
Note that even the HTTP_REFERER header is considered to be a privacy issue by many people, so it's either disabled or filtered quite often (http://en.wikipedia.org/wiki/HTTP_referrer#Referrer_hiding).