PHP Referer Help Hi all Having a bit of trouble with a referer check - hopefully some can help me out Have the following code on a register page, i only want it to appear if the user comes from reg.php. If on reg.php i post a direct link to this page (as in <a href="register.php">sd</a> Then the code works fine and the user sees the message, if ( eregi ( "www.daryllsheridan.com/student/reg.php", $_SERVER['HTTP_REFERER'] ) ) { certain code } Thing is i have reg.php setup to use users via a header back to register.php and when its setup this way the code dosent work the way the form works is that register.php is a form and when submitted it gets processed on reg.php, if there is an error the user gets brought back to register.php and the above code would kick in and give them an error Any ideas on how to get this working? Or a better way of achieving the same result?
<? function check_referer( ) { $valid = "www.daryllsheridan.com/student/reg.php"; return strstr( @$_SERVER['HTTP_REFERER'], $valid ); } if( check_referer( ) ): print( "Do some stuff" ); else: die("GO AWAY"); endif; PHP:
You can't rely on the referer, 'cause it's sent by the browser, and not all browsers send it. And it can be disabled and modified easily. A better solution: Set a session variable in reg.php, for example: $_SESSION['comes_from_reg'] = true; PHP: And in the other page you check for this variable if ($_SESSION['comes_from_reg']) { // Do whatever } else { // Go away } PHP: