I am trying to restrict direct access to my pages. I want to force the users to come through a specific URL. What would be the best way to implement this using PHP? New to PHP here.. anyone?
This superglobal might not always be available though, or the URL might be hidden or modified. If you want them to come through a specific URL, perhaps you could redirect them, or use cookies/sessions to ensure they visited the page you want them to visit first.
Thanks for your reply. I have two apache web servers running on two different boxes. The main website is on one server using perl and some of the pages are on the other server using php. I just want to make sure that the users access the pages from the main website and do not go directly to specific pages. HTTP REFERER is not reliable and can be facked. Can you guys suggest a way to do this without using the referer?
Put a cookie on the page you want visitors to see first. Then check on the page you want to block. If cookie exists, show the page else display error message. But again not very reliable as many people turn off cookies... Another thing that came in mind, Set a variable. Let people click a button instead of using a link. The button submits a hidden form field. Check the value on page you want to block. If value found, load page else display error. Not sure how reliable this would be... bye
The fact remains that the Referer: HTTP header is the only mechanism that HTTP provides for tracking which page a user came from. Even this can be faked, though. There's really not a 100% effective way to force someone to visit another page before going to your page.