-2

I am filtering a page with $_SERVER['HTTP_REFERER'].

Let "pageb.php" filter whether a user have come from "pagea.php" (although it is not reliable) by $_SERVER['HTTP_REFERER'].

It works well until "pagea.php" has a preceding query string like "pagea.php?q=10". Then if a user goes from "pagea.php?q=10" to "pageb.php" it is not detected by "pageb.php":

if($_SERVER['HTTP_REFERER']='http://pagea.php'){
 echo 'This user has come from page a';
}else{
 echo 'This user has come from another page';
}

How can I detect a user came from "pagea.php" even with preceding query string q=10?

halfer
  • 19,824
  • 17
  • 99
  • 186
stockBoi
  • 287
  • 2
  • 9
  • 26
  • If both files are on your server, why don't you keep a `$_SESSION` variable with "last visited page"? – h2ooooooo Dec 07 '13 at 15:34
  • 1
    Here's a discussion on the matter. tl;dr: you cannot rely on HTTP_REFERER: http://stackoverflow.com/questions/5934747/is-serverhttp-referer-safe - do you want to check where your users are coming from within your own domain or from other domains? if stricly the former you could use sessions to track pages for instance. – Darragh Enright Dec 07 '13 at 15:35
  • In your pseudo-URL-code, something like `if(strpos($_SERVER['HTTP_REFERER'], 'http://pagea.php') === 0)` perhaps? – Joachim Isaksson Dec 07 '13 at 15:35
  • You do realize that that is sent by the client and it won't necessarily get sent and won't necessarily be telling the truth when it does, right? – Wyatt Barnett Dec 07 '13 at 15:37
  • `HTTP_REFERER` is unreliable and can be manipulated, so if your script deals with sensitive information, this is not the way to go. Also use `strpos` for searching words/characters inside a string. – aborted Dec 07 '13 at 17:04
  • Look mom! I am coming from [http://superduperawesomereferer.com](https://requestable.pieterhordijk.com/bBg2b)! TL;DC (too long didn't click). The referer header is useless. – PeeHaa Dec 07 '13 at 18:24

2 Answers2

0

Use strpos() to check if a string contains another string:

<?php
if (strpos($_SERVER['HTTP_REFERER'], 'pagea.php') !== false) {
  echo 'from page a';
}
Joel L
  • 3,031
  • 1
  • 20
  • 33
0

use comparision operator not assignment if($_SERVER['HTTP_REFERER']='http://pagea.php'){

= will be ==

James Franklin
  • 1