Let say we've the following
Objective : User will post certain exact URL $refere to lock viewing text content and only be allowed for view if the viwer is coming from the same exact URL $refere.
$refere = "http://www.site_site.com"; // User will post it
$r = $_SERVER['HTTP_REFERER']; // To get real referral
and i want to do the following
<?PHP
if(stripos($r, $refere) == false){
echo "Wrong";
} else { ?>
echo "Go";
}
?>
It always gives me $r = $_SERVER['HTTP_REFERER']; blank ! so does it deprecated on any PHP version 4 or 5 whatever !
Also
what is the user posted $refere like https:// or missed www. or only posted site_site.com while the $r = $_SERVER['HTTP_REFERER']; showing www.site_site.com
so can anyone help me to adjust this code to be working fine no matter the user posted the $refere link fully or only site_site.com.
The $_SERVER['REFERER'] variable will only be set when you click a link to your page from another page and if the browser (or an eventual proxy or firewall you're on) isn't removing the referer header.
To your second question: do some string comparisons. The functions strpos() and substr() will be of great help.
Related
I need a code to display referrer URL (full URL if possible, like example.com/1234). if full URL is not possible, then at least the domain is fine. Also, I want to see if the referrer is NOT coming from somewhere for example: if referer is NOT example2.com then //do action
I have a code but it's not working properly. If you can help, that would be great. Thanks
<?php
// Check if Referral URL exists
if (isset($_SERVER['HTTP_REFERER'])) {
// Store Referral URL in a variable
$refURL = $_SERVER['HTTP_REFERER'];
// Display the Referral URL on web page
echo $refURL;
} else {
if (( $refURL == !'https://example2.com' ) ) {
// sorry, you didnt come from example2.com, you NEED to come from example2.com}
?>
This doesnt seem to work. Also, http refer only displays domain of referrer without path like example.com/1234/321. If its possible to get the full URL please share, otherwise i can do without it.
I have a page that will show multiple content, depending on what ID the user has in their URL.
e.g:-
If they have accessed https://stackoverflow.com/#cars - I want to show cars only.
If they have accessed https://stackoverflow.com/#trains - I want to show trains only.
I would like to do this in PHP, as I do not want the other information displayed.
I have tried the following, but with no luck:-
<?php
$url = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
if (strpos($url,'cars') !== false) {
echo 'Car exists.';
} else {
echo 'No cars.';
}
?>
Can anyone please help?
The # part of a URL is an instruction to the browser to navigate to that element of the page as soon as it loads. It's never sent to the server.
If you want to pass information to the server then use query parameters e.g. https://www.example.com?section=trains and then you can use $_GET["section"] in PHP to retrieve the submitted value.
But as someone has noted in the comments, that's a generic way to do this in a web/PHP context, however Wordpress probably has better methods built in to accomplish the specific filtering task you're interested in here.
Hello and thanks in advance for any suggestions you can lend.
What I am trying to accomplish: When a user clicks a link I want to add an auto-increment id, clicked URL and time stamp to the database and then send them to the URL links landing page.
The problem I am having: When the link is clicked the URL is not added to the database and the redirect also fails.
Here is the code I am working on:
ad_click_tracking.php
<?php
include ("admin/includes/connect.php");
mysql_select_db("$database") or die(mysql_error());
//Collecting the destination URL from the clicked link
$redirect = mysql_real_escape_string($_GET['page']);
//Insert destination URL and time stamp into MySQL
$page_insert = mysql_query("INSERT INTO ad_click_tracking (`url`, `date`) VALUES ('$redirect', now())") or die(mysql_error());
//Redirecting user to the clicked URL
header("Location: $redirect");
//Debugging to see if we collected the URL
echo "Redirect URL: $redirect";
?>
header.php (Contains the links to be tracked - the first link is internal the second link is external)
<img src="/images/header_banner/recycling_kansas_city_header.png" width="620px" height="340px" alt="Recycling Banner" title="Recycling Kansas City"></li>
<img src="/images/header_banner/funny_bunny_5k_autism_egg_hunt.png" width="620px" height="340px" alt="Paws 4 Autism" title="Paws 4 Autism Easter Event"></li>
When I click the internal or external link the browser displays the URL as recyclingkansascity.com/ad_click_tracking.php?page= and then when I check the database the id has been auto-incremented and the timestamp is inserted but the URL is null. For some reason the ($_GET['page']) seems to be failing to grab the page URL and I have not been able to figure out why as of yet. I read through relevant "similar questions" and was not able to find an answer.
A better way to create your links would be with PHP code such as this:
$url = 'http://paws4autism.org';
echo '<a href="http://recyclingkansascity.com/ad_click_tracking.php?page='
. htmlspecialchars(urlencode($url)) . '" target="_blank">...</a>';
This will escape the url as a query string. It may or may not work without doing this, but this is the proper way to do it. For example, http://paws4autism.org would become http%3A%2F%2Fpaws4autism.org. If you are wondering about the double escaping, here it is broken down a bit:
$url = 'http://paws4autism.org';
// escape query string when constructing url:
// (this would be necessary even if you weren't rendering it as a link in html)
$href = 'http://recyclingkansascity.com/ad_click_tracking.php?page=' . urlencode($url);
// escape for html rendering:
echo '...';
In ad_click_tracking.php, you ought to check whether $_GET['page'] is set at all before you continue. Also, it doesn't make sense to be redirecting to the MySQL-escaped version of the page parameter. So, instead of this:
$redirect = mysql_real_escape_string($_GET['page']);
// (...insert with $redirect...)
header("Location: $redirect");
I would do this:
if (!isset($_GET['page'])) {
// this is a little bit more informative than just dying
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
die('No page specified');
}
$redirect = $_GET['page'];
$s_redirect = mysql_real_escape_string($redirect);
// (...insert with $s_redirect...)
header("Location: $redirect");
Lastly, the plain mysql library for PHP isn't really recommended for use. Mysqli (which uses nearly the same syntax) or PDO is preferred. See here: MySQL vs MySQLi when using PHP
Oh, and as for the security of doing the HTTP redirect, see this page (I recommend reading through all the answers). The only real issue is related to phishing scams. You aren't serving a file that the user normally wouldn't have access to.
php security for location header injection via $_GET
I've written some simple code in PHP which save slug from my 301 redirect URL so I know how many visitors come from that advertisement. However, it's not working when user comes from 301/307.
Example: if user comes from 301 redirect url example.com/example to redirect url to example.com/example1 now in example1 page not showing referral from this link example.com/example:
$url = example.com/example;
$data = "$url";
$j=0;
foreach (count_chars($data, 1) as $i => $val) {
$j=$j+$val;
}
$result = substr(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '',$j);
echo $result;
Hope this makes sense.
Dont rely on $_SERVER['HTTP_REFERER'] it is purely optional for a browser to send it, and some security software blocks it in requests. Read more here
Thats a normal problem of Referer Tracking. You should use other methodes to track ads.
The most used option are Get Parameters (offer.php?ref=sitexy)
So I am trying to get the page where a visitor came from. I inserted this code into a php file and I am trying to see the page's URL but it is not working, any suggestions?
<?php
$ref = getenv("HTTP_REFERER");
echo $ref;
?>
(added this after some answers)
I have also tried
print $_SERVER["HTTP_REFERER"];
and that doesn't work either
it worked after i updated the website many times, not sure why was there a problem in the first place, thanks anyway :)
Have you tried accessing through the $_SERVER superglobal?
print $_SERVER["HTTP_REFERER"];
$_SERVER['HTTP_REFERER'] is the best way to access this information.
Based on your comments on other responses:
Are you actually coming from somewhere? If you refresh your browser this value will likely not be sent. So make sure your browser is sending the header. If you put this script on a public url, I'll be happy to check it out and verify.
You should really turn on all errors. If the header is not sent and you access it anyway, PHP will emit an E_NOTICE. If you're debugging your code you should turn on all error message and make sure there are no E_NOTICE's or worse.
Maybe a stupid remark, but $_SERVER["HTTP_REFERER"] only works if you enter the page using a hyperlink.
e.g.
/goto.html
go to refer
/refer.php
<?php
print "You entered using a link on ".$_SERVER["HTTP_REFERER"];
?>
HTTP_REFERER doesn't work if you enter the link location directly in your browser.
getenv() is used if it's being run as a CGI script. With a SAPI you use $_SERVER["HTTP_REFERER"].
<?php
echo $_SERVER['HTTP_REFERER'];
?>
The above code works! However, many of my students find it hard, at first, to grasp that $_SERVER['HTTP_REFERER'] requires arriving from a link.
I give them the below (tested) code (or "web page") to demonstrate. The above code is at the bottom.
show-referer.php
<?php
if ( isset( $_SERVER['HTTP_REFERER'] ) ) {
$referer = $_SERVER['HTTP_REFERER'];
} else {
$referer = 'No Link - No Referer - Direct URL Entry';
}
echo $referer;
?>
<p>See the referer in action
from this page!
</p>
<?php
echo $_SERVER['HTTP_REFERER'];
?>
The show-referer.php page links to itself when you click the link, which should cause the browser to generate an HTTP_REFERER.
$ref = $_SERVER['HTTP_REFERER'];
Relevant manual page: http://php.net/manual/en/reserved.variables.server.php
If you compute all these answers, you end up with something looking like :
<?php
if isset($_SERVER['HTTP_REFERER']) {
$ref = $_SERVER['HTTP_REFERER'];
}
else {
$ref = "Direct Entry";
}
?>
Again, read http://php.net/manual/en/reserved.variables.server.php:
With HTTP_REFERER there is a comment:
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.