How to use check for session and http referer?

Question

I'd like to check for both session and http referer but it's not working for me.

First page:

<?php
session_start();
$_SESSION['something'] = '1';
?>

Second page:

<?php
session_start();
  if(!strpos($_SERVER["HTTP_REFERER"], "some referer")){

    die(header("Location: my site"));
  }

  if(!isset($_SESSION['something'])){

      die(header("Location: my site"));
  }

session_destroy();
// rest code

What am I doing wrong?

score 1 · Accepted Answer · answered Oct 12 '18 at 18:50

Looks like you are experiencing unwanted type conversion.

strpos returns the index of the (partial) match inside the string. If you are checking for exactly the referer you want, it's returning 0 and evaluating to false, thus entering the condition.

Check for the return type of strpos explicitly either by:

if (is_bool(strpos($_SERVER["HTTP_REFERER"], "some referer")))

This means it returned false so it wasn't found, or more to the point:

if (strpos($_SERVER["HTTP_REFERER"], "some referer") === FALSE)

score 0 · Answer 2 · answered Oct 12 '18 at 18:47

0

if((!strpos($_SERVER["HTTP_REFERER"], "some referer")) || !isset($_SESSION['something'])){
    die(header("Location: my site"));
}

i think you need this condition

answered Oct 12 '18 at 18:47

vivek modi

487
1
5
19

How to use check for session and http referer?

2 Answers2