HTTP REFERER for parameter url

Question

Lets say i add this code below in a page. So, this code below only work if i open that page from http://www.example.com/page.php right?

if ($_SERVER['HTTP_REFERER'] != 'http://www.example.com/page.php') {
echo ('Direct Access is not allowed');
exit();
}

The problem now is, how do i set link in code above if page.php have url parameter that always change to another number? for example http://www.example.com/page.php?no=101&name=item0252

Thanks.

[How to remove the querystring and get only the url?](http://stackoverflow.com/questions/6969645/how-to-remove-the-querystring-and-get-only-the-url) — Dan, Aug 29 '14 at 18:58
Why exactly do you need this? That's not really a typical or typically sensible thing to do. — deceze, Aug 29 '14 at 18:59
@deceze this is because page i set is connect to API that required points to use it. i want only visitor that come from my site can access that page because every points i spend when my user request is money since points is not free :) — afzulnizam, Aug 29 '14 at 19:07
@afzulnizam, you should know that most `$_SERVER["HTTP_x"]` variables can be [spoofed](http://stackoverflow.com/questions/616980/how-do-you-spoof-http-referer). There's no problem by using them if they cant really hurt you, but simply relying on them is no good. — , Aug 29 '14 at 19:20

score 0 · Answer 1 · answered Aug 29 '14 at 19:00

0

To get just the portion of the referer before the query string:

array_shift(explode('?',$_SERVER["HTTP_REFERER"]))

But know that the referrer can be easily faked

answered Aug 29 '14 at 19:00

dave

1 Answers1