Find person referring to my website - php

If someone sends my website link to another in facebook and that user visits my page using that link
Is there a way to find the person who sent him that link?

You can add additional parameter with your link and using that parameter you can detect who referred that link to the other person.
For example original link:
home/xyx/play.php?gameId=10
modified link with refId=10
home/xyx/play.php?gameId=10&refId=10

The first answer might work (if the link is shared keeping the "refid" parameter, yet you can't be sure it will be kept).
The answer I would provide is to use $_SERVER['HTTP_REFERER'] which contains the referer site (so you just check if there's a match between $_SERVER['HTTP_REFERER'] and facebook.com using string comparison functions or even regular expressions if you need a higher precision), yet as PHP states:
This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
So even this method might not work at all, my suggestion is to use both (reference parameter and http_referer) to achieve higher possibilities.

Related

get referer from e-mail link

Is it possible (and if yes, how) to get a referer, when a user clicks on a link in an e-mail? I can't use <form> tags in my e-mail, only pure links.
I want to display a special message, if a user visits my site when coming from my newsletter. I noticed however, that no referer ist provided when clicking on a link in (lets say outlook).
echo "Refererer " . ($_SERVER["HTTP_REFERER"] ? $_SERVER["HTTP_REFERER"] : "Not provided");
When coming from another site, the referer works. I assume that there is no referer then? Is there a way to tell "yes, this user comes from the newsletter-link"?
One workaround I was thinking about is using get-params.
Visit now
Without testing it, it should work, when I explicitly look for that get-param. This however is a way I don't want to go, since I'd like to have a clean url
mysite.com/
Any other ideas? Is it even doable with other approaches?
The easiest way to achieve this is to use a custom referrer parameter, since many email clients (gmail being one) explicitly removes any referer information to prevent sites from tracking that you clicked the link from an email.
If you look at any newsletter you've received via email, you will see that this is the way it is usually done.
What you could do (if you haven't already done so) is to extract the functionality to get the "referer" into a common method that you can call, which will search through any available referrer information and pick the correct one.

Set conditional on template based on a refering page

I am trying to create a conditional template in wordpres where the condition should only be passed if the referring page is the search page:
I am aware that url_to_postid(wp_get_referer()) would get me the page id of the refering page but in my case this does not work as the search page does not have an id. Is there any other way I can do this?
EDIT: the wordpress url for the search would be http:/mywebsite.com/?s=aaa where is the search term
Depending what your using this for and how reliable it needs to be you could use $_SERVER['HTTP_REFERER']
Taken from PHP Manual
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
You might be better off either using post/get to send a parameter to the next page, or using a session if you need more reliability and or control.

Maximum possible security with a fixed link

First of all; I'm aware that this question is strange and I will probably get a lot of downvotes for it, but I still need some more information...
Here's the problem; The company I work for maintains a webshop (PHP, MySQL, IIS). The webshop is going to give a discount to people how came from some other, third party website. After logging in to the third party website, the users are presented with a static link to the webshop (the link can contain some sort of code) [UPDATE we can provide the link, that's all we can do, we have no privileges whatsoever on the third party server]. If they use that link to go to the webshop they have to get the discount. If a user uses another link, or goes to the webshop directly the shouldn't get the discount.
I was thinking of using PHPs HTTP_REFERER to check if the users comes from the third party website, but that is not reliable. Is there another way to make this a bit more secure? I'm aware that we won't be able to create something that makes it completely safe, but we should at least do something that keeps the user from posting the link to a forum or sharing it by e-mail.
I hope you can help me, please don't burn me down for having to implement the request of a customer. I know this is stupid, I just need to do it and I want to do it in the best way possible.
...we should at least do something that keeps the user from posting
the link to a forum or sharing it by e-mail.
Not really. The best you can do is use a combination of HTTP_REFERER and a secret code embedded in the link, but the former is simple to fake and the latter is simple to copy. You're essentially asking to publish a phone number without letting anybody know what the phone number is.
Edit: If you've got some influence over the remote 3rd party site, you could make a joint agreement to change the secret code on a regular (daily?) basis. Or better, if you can both do this programatically, then you can set the code expiry to a very short time (e.g. one minute) -- this would make forum postings useless.
First of all, I don't think it's a stupid question at all :)
The HTTP_REFERER approach doesn't sound too bad.. You're right it's not completely waterproof, but you have to rely the user's browser to tell you where he's coming from anyway - there's no other way. I'd say a combination of a special link and checking the HTTP_REFERER on your end should do pretty good.
Have the link call a javascript function that forms a url to your PHP script that passes the window location href as a parameter. Then in the php script, test that the href matches the expected origination point.
Here is a suggestion:
Your affiliate-site generates a unique-string which is embeded in the link to your site.
$link=md5($_SERVER["HTTP_USER_AGENT"].$_SERVER["REMOTE_ADDR"]."Very secret string");
echo 'Claim your rebate now!';
On the receiver side:
if($_GET["ref"]==md5($_SERVER["HTTP_USER_AGENT"].$_SERVER["REMOTE_ADDR"]."Very secret string")){
applyRebate();
}

php how to know that a click came from google

My adsense ad have a dedicated land page.
I want to show the content only to those who came through that ad.
The page is coded with PHP so I'm using $_SERVER['HTTP_REFERER'].
Two questions here:
Is there a better alternative to $_SERVER['HTTP_REFERER'] ?
To what strings/domains should I compare the referrer's domain (I'll handle extracting it)? I mean, I'm guessing that google has more than one domain they're using for the ads, or not? There's doubleclick.com.... any other domain? How can I check it, besides try/fail?
$_SERVER['HTTP_REFERER'] is the canonical way to determine where a click came from generally. There are more reliable (and complicated) methods for clicks within a site you fully control, but that's not much help for clicks from Google. Yes, it can be spoofed, and yes, it can be null, but as long as you're not targeting nuclear weapons based on that data, and you can handle null values gracefully, it should be good enough.
As for domains, you have to consider the international google domains, as well as all the google*.com domains.
I suggest adding a parameter on the link you give to Google. i.e. instead of yoursite.com/landing, do yoursite.com/landing?campaign=12.
If you are concerned that curious users will play with this parameter, the fix is simple-- redirect via a server 301 redirect when they hit that URL.
That is, if I request yoursite.com/landing?campaign=12, your server--before serving a page-- should log my visit to campaign 12 and redirect me to the plain url yoursite.com/landing. This has the added advantage that reloads won't increment your campaign hit count.
Yes, users could still mess with the original link if they are clever or curious enough to look at it before they click on it, but I think this is going to be far more effective than sniffing the referer.
Rather than trying to work out on your own how to measure your page views, you can consider using an existing system for that, like Google Analytics

How can I know which website the member has visited previously?

So, I can use getenv('HTTP_REFERER') to get an URL which the member has visited previously, but it works only if it's the same website. I want this:
for example. the member firstly visits google.com then goes to my website. I want to show him, that previously he visited a google.com website. How can I do it if it's possible?
$_SERVER['HTTP_REFERER'] works fine for either case, as long as they followed a link from google.com to get to your site. Example: http://mrozekma.com/referer.php
You can only use the HTTP_REFERER header, and capture it the moment the visitor comes to your site. It might not be set, it might be false. There is no other way (and rightly so, I value my privacy). If you need to 'remember' the data store it in a session.
The simple answer is this is not possible. You can get the direct referrer if you're lucky, but nothing else (i.e. not the referrer of the referrer for example). Being able to retrieve the full history of a browser tab via JavaScript or post-back would be a major security issue.
Grabbing a browser's history is considered a breach of privacy, so any method that might exist to grab it would be considered a security bug in the browser.
Note that even the HTTP_REFERER header is considered to be a privacy issue by many people, so it's either disabled or filtered quite often (http://en.wikipedia.org/wiki/HTTP_referrer#Referrer_hiding).

Categories