PHP get URL of page iframe is located on inside the iframe - php

I've been looking around on the web and I can't find a solution to my issue.
Lets say on the following page I have an iframe.
http://www.mysite.com/cakes.php - this is the url of the page the iframe is on
This is the iframe code on that page
<iframe src = "http://www.mysite.com/secret_frame.php"></iframe>
In the iframe (the file secret.php), how would I get the URL of the page the iframe is situated on, so in this case it would be http://www.mysite.com/cakes.php.
Thanks
Frank

The iframed page, secret_frame.php, can access the parent-page including it through the $_SERVER['HTTP_REFERER'] variable.
As mentioned in #Sven's answer, you can't completely trust the Referrer sent to the page though. Directly from the manual:
The address of the page (if any) which referred the user agent to the
current page. This is set by the user agent. Not all user agents will
set this, and some provide the ability to modify HTTP_REFERER as a
feature. In short, it cannot really be trusted.

It would usually be in the referrer - but remember referrers cannot be trusted, they might be changed or missing alltogether.

Related

How can I determine if a page is loaded in a Facebook iframe using PHP

I thought this would be simple, but I can't figure it out or find any relavent search results.
I have a Page Tab on my Facebook Page that loads a page from my server in an iframe. I want the page to only be served if Facebook is requesting it.
I've heard of looking at the User Agent, but that doesn't work. With PHP at least... I think.
If I have to I'll resort to redirecting with JavaScript, but that's just sloppy.
Ideally it would look something like this;
<?php
...
if ( ! $is_facebook )
{
header("HTTP/1.1 404 Not Found");
}
?>
You could just check the signed_request parameter as described at http://developers.facebook.com/docs/authentication/signed_request/ . If you don't need much security just checking for its presence should be enough. If you need more certainty you can decode it to verify it really came from Facebook.
You don't want to check the user agent you want to check for the referrer but its not entirely reliable
$_SERVER['HTTP_REFERER']
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.

how to check if a url is typed or coming from a click in php?

is there a way for php to tell if an address is directly typed by user or coming from a click or any other method that in the end will result a php-generated page?
this question is purely out of curiosity so the urgency is very, very low. but thank you if you want to spare sometime to answer. :D
You could use $_SERVER['HTTP_REFERER']. It should be set to the page that referred the user to your page. If the user typed the address in, it will be empty.
However, beware, it is not reliable, and can be easily modified by the user. As the PHP doc says, you can't really trust it.
In general, you can't.
0) typed (or copy-pasted!) links - REFERER will be empty
1) links clicked on a webpage - REFERER will be set
2) links clicked in an email client (not web based like gmail) - REFERER will be empty
3) links loaded as a home page - REFERER will be empty
4) links loaded from bookmarks - REFERER will be empty
So using PHP $_SERVER['HTTP_REFERER'] variable you can only distinguish case 1 from all the other cases...
You can look at the http_referrer, for a webpage loaded by directly typing in address bar it should not have any referrer but the page that was loaded by some click will have a referrer.
Using http_referrer for this purpose is very unreliable. HTTP_REFERRER is empty when the user types the URL in some browsers. It is NULL in Chrome 19, it is NOT NULL in IE8.
$direct = (bool)$_SERVER['HTTP_REFERER'];

php how to find the location where a user came from?

simple question:
how to find the location (url) where a user came from before accessing my page?
and
how to find the location (url) where a user goes after exiting my webpage?
any ideas where i should start?
thanks
In PHP, you can use the $_SERVER['HTTP_REFERER'] to know where the user came from.
There is no mechanism to know where the user is going, unless they clicked a link on your site to leave your page. (If that is the kind of exit that you want to track, you'll need to rely on javascript and implement something like Google Analytics outbound link tracking: http://www.google.com/support/analytics/bin/answer.py?answer=55527)
To the first question:
Usually if someone comes to your page via a link or something like this a HTTP referer entry points to the refering page. See rfc2616
Second question:
If you have a link which links to an external page you may notice this by wrapping these links with some script. If someone types in a page by hand you will not be able to determine the location where the user went.
If the from page and destination pages are made by you, You can send the source page's url within GET or POST method and grab it in the destination and redirect user back to that url.

Detect Domain Change?

Is it possible to detect source of web forwarding?
For example,
Domain A redirects to Domain B where Domain B has PHP hosting?
Basically I would like something like the following:
if ($was_redirected_from_domain_a) { ... }
As #MoarCodePlz and #Christopher Armstrong point out, $_SERVER["HTTP_REFERER"] is the solution.
However, in your specific case, two redirects take place:
http://fhc.quickmediasolutions.com/image/-1457172086.png
This way, the original referrer info is lost. You will need to disable the second redirect, and run your PHP in my-art-gallery.co.uk's index page.
Update after seeing the phpinfo() output:
$_SERVER["HTTP_REFER"] is indeed completely non-existent.
I suspect the culprit is this configuration setting:
suhosin.server.strip = On
your hosting company is running the Suhosin PHP patch, which allows removing certain data from the PHP page for enhanced security. You may need to ask them to activate HTTP_REFERER.
The only other way would be redirecting domain A to something like
domainb.co.uk/index.php?camefrom=domainA
You could then fetch the domainA argument through $_GET["camefrom"] - if the hosting provider's control panel allows that sort of redirection.
What you need to look at is known as the url referrer of the page. The url referrer is the url from which the current user made it to the site. Be careful, though, as the url referrer will be nonexistent if the user opened up a tab and simply typed in the url.
The url referrer should be able to be found using the following:
$myVar = $_SERVER['HTTP_REFERER'];
As Pekka said, it depends on how the user was forwarded. Try checking the $_SERVER['http_referrer'] value:
if ($_SERVER['HTTP_REFERER'] == 'mydomain.com/mypage'){
echo 'Came from mydomain';
}
$_SERVER["HTTP_REFERER"] is not a reliable solution. There are different cases where it does not work.
HTTP_REFERER does not contain the URL of the page that redirected, but the URL of the page where the user clicked.
E.g. On the page example.com is a link to t.co/somelink, which redirects to yoursite.com.
$_SERVER["HTTP_REFER"] will contain http://example.com, and there is no way to know that your visitor was redirected on your site from a twitter short URL.
The only way to know that the user came from your twitter link, is to include a $_GET parameter, like already proposed: Let the link t.co/somelink redirect to yoursite.com/?camefrom=twitter.

Get url of the page in php

I am working on "Email this page" Popup page. I want to send url of base page as an email, but it should be a popup window.
I have used HTTP_REFERER, it is working fine on Firefox, but not working on Internet Explorer.
I am getting the url of current page but I want that url in new popup window page.
Is there any alternative than HTTP_REFERER.
On the page you wish to grab the URL of, you can use $_SERVER['REQUEST_URI'] to get the requested URI (except the scheme & hostname; in other words, you get the path and query string). Pass this to your other page either using a query string or sessions. The former is preferable, as the latter isn't RESTful. There may be times when it's OK to break REST's rule against server side state, but this probably isn't it.
There is no way unless you store it or send it yourself. This page has one example of how to do it, but only really if you set it beforehand. If the site is your own then you should be ok. If not then you will struggle.
That happens because the HTTP_REFERER is sent by the client browser, which means that it's value can be totally manipulated or can even be null. This means that this variable isn't very reliable. But if the site is yours, there are other solutions.
You can send the url or any other identification like an ID by QueryStrings. So you'll have the link URL like this the_send_page_name.php?ref=index.php
Be aware that this method only works if you're opening the Pop-up in a site that's yours.

Categories