Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 13 of 13
  1. #1
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    852
    Thanks
    173
    Thanked 94 Times in 94 Posts

    checking referer

    Hi all

    I have some pages on mysite which are extra information only pages
    which open in a new page and do not contain a menu or link back to
    index page.

    I only want these pages to be accessed via the referring page (index in this case)
    for example I don't want them accessed via a google search

    so far I have done this and i'm wondering if there is any issue
    with this method and is it correct?

    PHP Code:
    <?php
    //if no referer
    if (!isset($_SERVER['HTTP_REFERER'])) {
    header('Location: http://www.mysite.com/');
    exit;
    }
    //if not refered from mysite
    if (isset($_SERVER['HTTP_REFERER'])) {
    $ref=@$_SERVER['HTTP_REFERER']; 
    if (
    $ref != 'http://www.mysite.com'){
    header('Location: http://www.mysite.com');
    exit;
    } else {
    //do nothing continue
    }
    }
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    basically i'm looking for confirmation that what I have done is ok or not

    help appreciated

    LT
    "The greatest revenge is to accomplish what others say you cannot do."
    ~ Unknown

    I used to be indecisive, but now I'm not so sure.

  • #2
    Regular Coder djh101's Avatar
    Join Date
    May 2009
    Location
    California
    Posts
    616
    Thanks
    48
    Thanked 65 Times in 65 Posts
    It depends on what your intention is. Your code should work to physically do what it is intended to do, but HTTP_REFERRER can't be relied on for security. To quote php.net:
    The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
    On a side note, most search engines won't index your pages, anyway, if they redirect somewhere.
    "Yeah science!"
    Online Science Tools

  • Users who have thanked djh101 for this post:

    low tech (01-17-2012)

  • #3
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,642
    Thanks
    0
    Thanked 649 Times in 639 Posts
    The developer tools built into most browsers will allow anyone to modify the headers (including that one) before the request is sent to the server. Since references from your own site is the most likely expected value it would only take someone about 2 seconds to bypass your test - depending on how fast they can type.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • Users who have thanked felgall for this post:

    low tech (01-17-2012)

  • #4
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    852
    Thanks
    173
    Thanked 94 Times in 94 Posts
    Hi guys

    Thanks for that info

    Yeh, I read about security issues but there is no security involved here.

    These pages are supplement info pages that really only make sense to anyone who has landed on my index page and requests that info page by clicking on it.

    If a person just happened to land on one of those pages from a google search for example they would probably wonder what's going on since there is no navigation and I doubt they would be looking for the info contained on the page.

    So my intention is to make sure they go via the index page and if my site is not useful to them they will quickly realize that and navigate away or they will be interested and follow the info links.


    On a side note, most search engines won't index your pages, anyway, if they redirect somewhere.
    Hah very interesting, didn't know that. It could work to my advantage in this case or I will redesign the pages in light of that info.

    many thanks

    LT
    "The greatest revenge is to accomplish what others say you cannot do."
    ~ Unknown

    I used to be indecisive, but now I'm not so sure.

  • #5
    Regular Coder djh101's Avatar
    Join Date
    May 2009
    Location
    California
    Posts
    616
    Thanks
    48
    Thanked 65 Times in 65 Posts
    Well if search engines are your main problem, you can just add a nofollow metatag to your pages and your page won't be indexed (see http://www.robotstxt.org/meta.html).
    "Yeah science!"
    Online Science Tools

  • #6
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    852
    Thanks
    173
    Thanked 94 Times in 94 Posts
    Hi djh101


    I'm now thinking a small redesign of these pages with some JS to check referer page and display a notice with a link to my main page if not from index

    idea in progress hahahaha

    Thanks again

    LT
    "The greatest revenge is to accomplish what others say you cannot do."
    ~ Unknown

    I used to be indecisive, but now I'm not so sure.

  • #7
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,642
    Thanks
    0
    Thanked 649 Times in 639 Posts
    What about all the people who end up on those pages who have JavaScript disabled?

    You really need at least one navigation link on the page anyway that takes people to your home page - there are lots of people who don't know their browser has a back button and so can only get to pages that have navigation inside the current page.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #8
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    852
    Thanks
    173
    Thanked 94 Times in 94 Posts
    Hi felgal

    These pages open in a new window and should be closed after reading hence no navigation.

    Now my plan is to provide a link and hide it via JS and also check the referer with JS.

    If JS is turned off --> the link will show plus a noscript message.

    If js is on --> If the referer is index page the link stays hidden. (they should close the window as intended)

    If js is on --> If the referer is not index the link will show plus message to view index page

    LT
    "The greatest revenge is to accomplish what others say you cannot do."
    ~ Unknown

    I used to be indecisive, but now I'm not so sure.

  • #9
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,642
    Thanks
    0
    Thanked 649 Times in 639 Posts
    Quote Originally Posted by low tech View Post
    These pages open in a new window and should be closed after reading hence no navigation.
    You have no control over whether they open in a new window or not - that is entirely up to how your visitor has their browser configured. It is as likely that the page will open in the same window as the preceding page as that it will open in a new window.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #10
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    852
    Thanks
    173
    Thanked 94 Times in 94 Posts
    Hi

    You have no control over whether they open in a new window or not
    True, but as far as I know it will either be a new window or a new tab which is fine.

    LT
    "The greatest revenge is to accomplish what others say you cannot do."
    ~ Unknown

    I used to be indecisive, but now I'm not so sure.

  • #11
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,642
    Thanks
    0
    Thanked 649 Times in 639 Posts
    Quote Originally Posted by low tech View Post
    Hi



    True, but as far as I know it will either be a new window or a new tab which is fine.

    LT
    Your visitors have three options on where it opens - in addition to the two you mention they could also select to open it in the same tab as the prior page.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #12
    Regular Coder djh101's Avatar
    Join Date
    May 2009
    Location
    California
    Posts
    616
    Thanks
    48
    Thanked 65 Times in 65 Posts
    It really doesn't matter that much where it opens...
    "Yeah science!"
    Online Science Tools

  • #13
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    852
    Thanks
    173
    Thanked 94 Times in 94 Posts
    Hi

    It really doesn't matter that much where it opens...
    Agreed

    My original concern was what to do about a user inadvertantly
    landing on one of these pages other than via the link from my index
    and I think the solution in post8 should be fine.

    If the user opens link from index it doesn't matter where the page opens
    since they will be aware of the main page which is what I want.

    This discussion really made me consider things more and I would like
    to thank both felgal and djh101 for their input.


    Thanks

    LT
    "The greatest revenge is to accomplish what others say you cannot do."
    ~ Unknown

    I used to be indecisive, but now I'm not so sure.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •