Menu
Community /Pin to ProfileBookmark
@NogDogOct 23.2009 — #Best I can think of right now would be to use a random token in the link, and keep a copy in the session data. You could then use that as a fall-back if the HTTP_REFERER header is empty, checking to see if that token is present.
Then in the second page, if the HTTP_REFERER is not present, check to see if both $_GET['token'] and $_SESSION['token'] are not empty and have the same value. You might also save the current time() in another $_SESSION variable to verify that it's not too old.
[RESOLVED] HTTP_REFERRER – something more reliable?
Hi,
I have some links to download images from my site, and I don’t want any other site linking directly to those image download links other than from a page on my site.
So I wrote something like this:
[code=php]<?php
$referrer = $_SERVER[‘HTTP_REFERER’];
// CLEAN URL FACTOR
$url2 = strip_tags($referrer);
$url2_array = explode(“/”, $url2);
array_shift($url2_array); // First one is empty
if($url2_array[1] != “mydomain.com”) {
echo ”
<script language=”JavaScript”>
<!–
window.top.location.href=”http://mydomain.com”
–>
</script>
“;
}
?>
The script works fine, but the problem is that I’ve heard HTTP_REFERER is not all that reliable – that there will be some browsers that do not support it, and thus the variable $referrer will turn up null even when they were referred to the download page from a page on my site.
Is there a way around this?
Thanks for your time!
Sign in
to post a comment3 Comments(s) ↴
0
@NogDogOct 23.2009 — #Best I can think of right now would be to use a random token in the link, and keep a copy in the session data. You could then use that as a fall-back if the HTTP_REFERER header is empty, checking to see if that token is present.[code=php]
<?php
session_start()
$token = uniquid();
?>
<a href="/page2.php?token=<?php echo $token; ?>">Click Me</a>
[/code]Then in the second page, if the HTTP_REFERER is not present, check to see if both $_GET['token'] and $_SESSION['token'] are not empty and have the same value. You might also save the current time() in another $_SESSION variable to verify that it's not too old.