Creating session from referrer - php

Background: I have a website, which we'll call AwesomeSite.com; it handles all of my traffic. Additionally, for the purposes of marketing I have a second domain, which we'll call PromoForAwesomeSite.com; it redirects all traffic straight to AwesomeSite. Both sites are built using PHP, MySQL, and Apache.
Problem: I want to serve up different content to users based on how they came to my site. Specifically, I want to show promos if the user was redirected from PromoForAwesomeSite.
Question: How can I detect that a user came from PromoForAwesomeSite and thus create a different session state for them?
p.s. I am well aware of the shortcomings of this approach, in that once a session cookie is deleted promo users cannot see the promo content unless they revisit the redirect site (not likely). Unfortunately, this cannot be helped.

You can utilize the $_SERVER['HTTP_REFERER'] and see if contains the PromoForAwesomeSite.com in the referrer string. For instance something like this:
session_start();
if(substr_count($_SERVER['HTTP_REFERER'] , 'PromoForAwesomeSite.com')){
$_SESSION['from_promo'] = 1;
}
As referrers can be blocked by the browsers, so you might look into the possibility of sending a GET param in the redirect string from the promo site. Not sure how you are redirecting from your promo site but if its PHP you can do something like this , if not you will get the idea what I mean :)
HEADER('Location: http://AwesomeSite.com/index.php?from=promo');
So instead of (or in additional to) checking the referrer you can also check for this string and save in the session.

In your case the referrer won't be carried on if you do an automatic redirect at the landing time. Thus, If I were you, I would handle it like this:
1. On PromoForAwesomeSite.com
header('Location: http://www.awesomesite.com/promo.php');
2. On AwesomeSite.com
a. Create a promo.php gateway page
b. On the gateway page
setcookie('Promo', '1', time()+(5 * (24 * 3600))); // five days promotion cookie - adjust it
header('Location: http://www.awesomesite.com/index.php');
c. On the index.php
if($_COOKIE['Promo']){
// show promotion
}
This way you will solve the issue with the session as well.

Related

Check if user comes from a certain url

I am offering my users a key in order to access my program.
I have a key page like this https://example.com/key
My program redirects them to a common link shortener with ads, after they've skipped through the ads they will be redirected to the key page (https://example.com/key)
However my users can avoid this step by simply going to https://example.com/key directy instead of using the link shortener.
I've tried this in php already:
$referer = $_SERVER['HTTP_REFERER'];
if (strpos($referer, 'www.linkshortenerexample.com') === FALSE)
{
header('Location: https://example.com/key');
exit();
}
This hasn't worked due to the fact that it doesn't support https redirects.
Also HTTP_REFERER can be spoofed quite easily therefore I'd need something better either way.
I was also thinking about a timer which starts on the first page, then redirects to the linkshortener and after the linkshortener has been completed it redirects to the second page where it gets the timer from the first page and checks if the user has spent a certain amount of time on this page and if not it won't redirect them to the key page. Sadly I have no idea where to start there and if it'd even work.
Help would be highly appreciated!

Allowing the access to the page only if redirected from another website with another domain

I use specific page to give members special abilities on the web
I want members to be able to access this page only if they are redirected from another specific website.
How can I do that?
Use HTTP_REFERER
$_SERVER['HTTP_REFERER']
You can use it like this:
if($_SERVER['HTTP_REFERER'] == "specific website"){
...
}
I'd implement this that way (but I suppose there are more possibilies):
Website A generates links with a random (but stored) token.
When Website B receives a request it askes website A if the token is from A, then allows the request.
If the token is wrong/outdated or not even there reject the request.
You can use construction as #dieter-kräutl mentioned with Referrer.
But some browsers or their configuration can't guarantee that it will filled at all.
if($_SERVER['HTTP_REFERER'] == "specific website"){
...
}
Another option is to set some special cookie on this specific website and check if it is set on your site. This way has more chances to correctly, but it is harder to implement than previous option.

How to determine from which url a PHP header was called

I've got a page under http://www.example.com/abc/def/a/ where a user can buy products.
For a marketing activity (printed paper) the customer should type in a shorter url
http://www.example.com/order/
When this url is called, the server executes this script:
<?php
header("Location: http://www.example.de/abc/def/a/");
exit;
?>
The page under http://www.example.com/abc/def/a/ contains some
informations (rebate-code etc.) which should only be visible to users
coming from http://www.example.com/order/
$_SERVER['HTTP_REFERER'] seems to be not reliable from what I've read.
I checked with phpinfo(); if there is any info variable which contains "order" but I haven't found one.
Is it possible or do you recommend an alternative approach?
HTTP is in it's pure form a stateless-protocol, so you won't find anything in the protocol itself that will help you with your current problem.
Using $_SESSION to store data in-between requests is the easiest route to walk, and what I recommend.
As said; since the protocol used to transfer information is stateless you have no choice but to create a method for your web-application to recognize which request is done by which user.. this is a perfect problem solved by php-sessions.
php.net - PHP: Sessions - Manual
As you have discovered, the HTTP Referer, along with all of the other headers, can easily be faked. The only reliable way I see of accomplishing this is logging users as they visit the orders page and when they visit the /abc/def/a/ page, verify that the log entry exists. This kind of log could be stored in $_SESSION, however be sure that when using multiple servers you have the proper setup to ensure all servers share the same session information (you can use a redis server to store session data).
On the order page:
session_start();
$_SESSION['order_visited'] = true;
On the rebate code page:
session_start();
if(!isset($_SESSION['order_visited']) || !$_SESSION['order_visited']) {
header('Location: /order'); // Must visit order first
die();
}

Go back to calling website

after searching (and testing) a way to offer a kind of go-back button I am asking that question here (maybe there is an easy solution).
I have a description about orienteering on my website (5 pages): http://www.uhebeisen.net/o-def/o-definition_ge.php
There are many websites from abroad having a link to this pages. Now I'd like to get their URL if a websurfer is entering my pages. Then I can place a button go-back to my navigation list that brings him back to his page from where he clicked the link to my description-pages.
I've seen solutions using javascript:history.go(-1) or $_SERVER['HTTP_REFERER'] with PHP but problem is that a websurfer can move around my pages and if finishing his reading from any page should be provided with his (calling) URL, e.g. the one of his University.
So I need to catch his URL and store it in a safe place until he decides to leave. And if he returns to the starting page while surfing on my pages his URL shouldn't be overwritten.
Since I do not program - just copy&paste and try to understand what happens. Any suggestion on how this can be done is welcome.
thank you George, that one worked
I wasn't aware to place the session_start at the very beginning of the file that's why I get the two warnings.
While testing this function I found that the session variables were not always cleared by the browser. Especially with Firefox, it keeps the calling URL almost forever (WinXP, FF 5.x) whereas Firefox 5 on the Mac, Safari (Mac) and Camino (Mac) work as expected: after restarting the program I can test successfully with another website.
Does Firefox have different setting possibilities in regard of sessions than other browsers?
You should store $_SERVER['HTTP_REFERER'] in the user's session upon arrival. Using this method, the value won't be overritten when the user browses within your site.
session_start();
if ( !isset( $_SESSION['referrer'] ) ) {
if ( !empty( $_SERVER['HTTP_REFERER'] ) ) { // Because not all browsers set this
$_SESSION['referrer'] = $_SERVER['HTTP_REFERER'];
}
}
One way to do it would be to store somewhere (perhaps in a cookie or session, which easy to do with your PHP page) the page they're coming from, but only if that page is not on your website's domain. This would require some if-statements to set the cookie/session value appropriately, but it can be done relatively easily using particular parts of the referrer variable. There is probably a more efficient way to store this, but this is one that jumps to mind right away.
EDIT: I highly recommend George's solution, much better way to do this.
Have you tried using a session?
session_start();
if( !isset($_SESSION['refer']) )
{
$_SESSION['refer'] = $_SERVER['HTTP_REFERER'];
}
then, once your ready to make the button, set the link to $_SESSION['refer'].
In my past projects I usually stores the redirect url following this process:
search for a query string parameter url (www.yoursite.com/?redirect_url=my_encoded_url)
If search at point 1 doesn't return any results, then I checks for the HTTP_REFERER
In both cases, I stores that value in a SESSION variable after verified that the url belongs to my site's domain.

PHP or Javascript to read clickbank hoplink cookie?

I need to write a PHP or javascript that can read the clickbank cookie that's set when a user has clicked on one of my affiliate's hoplinks prior to reaching any of my sales pages.
How can one do this?
Here's my example:
I have a main salespage that I direct my referred users to (users who already know me and were not referred by an affiliate). It does not use ClickBank as a payment gateway.
I also have a salespage specifically for clickbank referrals. It uses ClickBank to clear transactions.
I would like to add script to MY salespage that will check to see if the user has an active cookie that denotes they've been referred to my product page by a hoplink. If so, I want to redirect them to the clickbank sales page for my product.
Any help much appreciated.
I know how the clickbank works and he tried to explain something different.
When affiliates sending visitors to his sale page, it adds the affiliate id at the end (fx mysite.com/?id=nick)
People can also come to his sale page directly(like mysite.com) simply typing his url. So he wants to check if the visitor come directly or with an affilate link.
So you have to answer first :
-Are you saving cookies at visitor browser(if not, you don't have to worry about your problem)?
-If not, then #Robert answer is going to help you...
You can't read cookies for a domain that isn't yours. So if ClickBank sets cookies for clickbank.com then you can't access them from yourdomain.com.
If you share part of a domain then you can. Eg. clickbank.example.com and yoursite.example.com the cookies could be set to example.com and be read by both. However clickbank would have to make this change so I think you're probably out of luck.
#Balir McMillan summed it up pretty well, cookies are locked to the domain that set it, that includes sub domains etc.
I am not fully shore how ClickBank works but it seems to me that you want to check to make sure that the referral was from a clickbank hop.
What you can do in PHP is check the $_SERVER['HTTP_REFERER'] to check the referrer, but I will tell you this can be faked and should be used with caution
Or you could get the hop variable directly from the URL and redirect to your affiliate sales page.
<?php
if(isset($_GET['hop'])) {
$cbid = htmlentities($_GET['hop']);
header('location: affiliatesalespage.php?a='.$cbid);
}
?>

Categories