11

Hi I'm trying to get the referrer url but it doesn't work when the visitor comes to the site from Paypal

$ref = $_SERVER['HTTP_REFERER'];
echo $ref;

Is there a simple way to get the paypal url if the visitor land on the site coming from Paypal ?

Edit and Clarification: I'm not looking to have any special settings on the Paypal site (including but not limited to: IPN, set the return URL, Payment Data Transfer or any other special settings on the Paypal site) All that I'm looking is to get the URL referer when visitors come to the site from Paypal, regardles of the status of a transaction (if there was one).

As pointed by Bob from the manual

$_SERVER is an array containing information such as headers, paths, and script locations. The >entries in this array are created by the web server. There is no guarantee that every web >server will provide any of these; servers may omit some, or provide others not listed here.

So the only question left is - Is there any workaround to this without set something on the paypal site ?

hakre
  • 193,403
  • 52
  • 435
  • 836
user983248
  • 2,588
  • 7
  • 24
  • 44
  • 4
    Why do you need the referer? You can set the return URL through PayPal. – Devator May 03 '12 at 11:52
  • 2
    Mmmm, that is not what I ask or what I need... – user983248 May 03 '12 at 15:13
  • 3
    I'm fully aware that is not what you ask, but if you tell us what you are trying to achieve, we might think of something you didn't and solve your problem in the first place. – Devator May 03 '12 at 15:37
  • @Devator: Thanks, I'm not trying to be annoying, I'm aware of Paypal IPN and how to set the return URL through Paypal, My idea was to get the referrer, and if it was Paypal execute a script, regardless of the state of the transaction (Pending, Canceled, etc). As Bob pointed from the PHP manual There is no guarantee that every web will provide the information that I'm looking for. – user983248 May 03 '12 at 15:49
  • Alternatively to Devator's answer, you could enable [Payment Data Transfer](https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/howto_html_paymentdatatransfer), validate the data sent from Paypal to ensure that it was accurate and from PayPal. – Josh May 04 '12 at 02:08
  • Still, all of these alternatives involves to have some setting on the Paypal side. All that I'm looking is to get the paypal url referer without any special setings on the paypal side. – user983248 May 04 '12 at 10:35
  • @user983248: At least you show commitment with the bounty! +1 (but [stewe is right](http://stackoverflow.com/a/10549894/367456)). – hakre May 11 '12 at 10:54

7 Answers7

27

In case your site uses HTTP (not HTTPS) and PayPal uses HTTPS, there is no Referrer being sent!

HTTP RFC - 15.1.3 Encoding Sensitive Information in URI's states:

Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.

So the only way to get the Referrer is to use HTTPS on your site.

Community
  • 1
  • 1
stewe
  • 41,820
  • 13
  • 79
  • 75
  • Maybe hosting the own site via HTTPS helps? – hakre May 11 '12 at 10:57
  • If your site uses HTTPS, does that mean you can get the referrer URL of any other site that linked to your site if they also use HTTPS (even if the URL contains `?u=username&pw=password`)? For example: http://stackoverflow.com/questions/499591/are-https-urls-encrypted#comment37812273_17905738 – trusktr Jun 26 '14 at 18:38
  • Sorry but I have tried that and change my site to HTTPS, and still can't get Referrer when it comes from Paypal. As long as server decides if include or not referer info I beleive it isn't the solution because Paypal isn't sending that info. – Moisés Briseño Estrello Jan 25 '16 at 06:49
9

You can examine IPN. It sends notification when a transaction is affected.
URL : https://www.paypal.com/ipn

4

The referer is unfortunatly set BY the client and some browser (or plugins) allow the user to edit what referer is sent to the server. It's never a good idea to trust "critical" (in your case I guess) informations sent by the user. However this is the only information you have regarding where the user comes from (if you decide not to use what paypal can offer).

Pierre Fraisse
  • 970
  • 1
  • 11
  • 21
3

Quoted from PHP.net:

$_SERVER is an array containing information such as headers, paths, and script locations. The >entries in this array are created by the web server. There is no guarantee that every web >server will provide any of these; servers may omit some, or provide others not listed here.

PenguinCoder
  • 4,335
  • 1
  • 26
  • 37
Bob
  • 49
  • 1
  • @user983248: The workaround is to check your server configuration and ensure that the variable you're looking for is set. However, it's not enough to blame the server if the referrer is missing, because if the browser does not send it, the server won't have it (which is especially normal as browser often do not send that info if the previous site was server over HTTPS which is the case for paypal). – hakre May 11 '12 at 10:52
2

Thanks for your enlightment (in the comment). As Bob stated, you cannot rely on the information sent by the server. What I would do, is create a page an user has to go to before the payment, set a cookie (or session), redirect the user to the PayPal website. When the user returns to your website (either through PayPal, some links, or manually) you know the person hit the Pay button (as you set the cookie or session) and perform the actions you want to.

It's not what you asked, but might be an acceptable workaround.

Devator
  • 3,686
  • 4
  • 33
  • 52
1

You can use document.referrer in javascript and send that to the server through ajax or something if you need

Stranger
  • 10,332
  • 18
  • 78
  • 115
0

Looking at this from a different persepective: If you are trying out find outwhere they came from before they went to PayPal, and you're site is sending them to PayPal (or you can get them to redirect via your website on the way to PayPal), set a cookie on your website before you redirect them, and then read the cookie when they return.

Sorry if again not what you need, but just checking you've considered it (as I also don't think you're going to win with the referrer).

Robbie
  • 17,605
  • 4
  • 35
  • 72