Log in

View Full Version : PHP check reffering URL


calumogg
08-06-2007, 10:00 PM
Hi, I dont know if this is at all possible, but I was looking for a PHP script that checks the referring URL and only runs the rest of the script if a user came from a specific site. e.g if someone was browsing the web and went on a certain page on my site it wouldnt do anything, but if they came to the page directly from paypal then it would run the script.
If you are still with me do you know if this is possible, and if it is how would I go about this? Cheers in advance for any help.
djr33
08-06-2007, 10:40 PM
<?php
if (strpos('google',$_SERVER['HTTP_REFERER'])!==FALSE) {
dostuff();
}
else {
die();
}
?>

Something like that.

That would check if google existed within the referring URI. It would, however, allow for any use of the word, such as something.com/google, etc.
You could use 'http://google', but that wouldn't allow for 'http://www.google', etc. Just think about how you want to do it, and then it's fine.
You could also use regular expressions to match a pattern (such as 'http://', then something with only 1 dot, then 'google')
calumogg
08-06-2007, 10:46 PM
Thanks so much for the code and the fast reply! Really appreciate it.
djr33
08-07-2007, 12:48 AM
Sure. No problem.

A couple more things to note, though--
Using the referring URI is ok, but you shouldn't entirely rely on it because some browsers strip this (it isn't required by the server), some things, like just typing the URL directly won't have a referrer at all, and there are some ways to fake this.
It generally can work, though, and is useful in some cases. Just be a bit wary.
calumogg
08-07-2007, 06:00 PM
Thanks for the info, but it should be ok, I am just using it as part of my shop system to make sure people only go to a page after being to paypal and not just skipping straight to the end page. I dont think people will anyway because they dont know what the end page it called so its more just for my piece of mind! :)
Cheers again.
Josh Connerty
01-28-2009, 11:29 AM
Just thought I would add a little to it...

Ok so you said you wanted to check if the paypal website was the refering URI?

If so don't, this is extremely unsafe and could lead to people getting your products for free.

For example, if I was to purchase a 10p sweet from paypal the use javascripts location.href="youraddress" then this would trick your system into thinking they have used paypal to buy your product.

I'm not sure how you would get around this but I just thought I would let you know it can be an issue.