Reputation: 91
Detect where the user came from using php
I have this code on members.php
<?php
if (!isset($_SERVER['HTTP_REFERER'])){
header( 'Location: http://www.mywebsite.com/index.php' ) ; }
else {
echo "Ok";
}
I am trying to avoid people access my members.php without being redirected by my domain but if a user clicks on a link from facebook for example... he can access the members.php
How can I make the HTTP_REFERER to check if he is being redirected by mywebsite.com ?!
This way I made its working on people who tries to make a direct access by typing the url. But its not checking the source it came from.
Upvotes: 0
Views: 1542
Answers (2)
Reputation: 4621
I think you can use preg_match() to match the whether the user was redirected form facebook or not
<?php
if(preg_match('#https?\://(?:www\.)?facebook\.com#',$_SERVER['HTTP_REFERER'])){
// facebook refered user
}
else{
// else part
}
?>
Upvotes: 2
Reputation: 4783
There are numerous reasons and circumstances where $_SERVER['HTTP_REFERER'] has no value.
You can "attempt" to use it, and if you have a value in there use it precariously to do something.
But given the chances of it being empty, or inaccurate, you shouldn't do something as hardened as a redirect if it's empty.
i.e. You could use it on a 404 not found page to attempt to see where the user came from, and from there attempt to see where they might have tried to go/come from, and serve them some links on your site which they might find useful.
But simply don't trust it as anything other than a bit of potentially useful info which can very easily be inaccurate and (most likely) empty.
EDIT:
Reading your comment, I see you were trying to use this to prevent access to a members area.
This is a really bad approach, as it tells you nothing of value in terms of managing access to a member area.
I'm not even sure why you thought someone coming from another page from your site should warrant them access to a "members area".
Surely there's no real difference (in terms of "member") from: 1) Coming from external site to your members area, than 2) Coming from external site to some page on your site then the members area?
You are going to have to learn to use $_SESSIONS, and if the member area is a secure area, then you will need a register and login system too.
It depends on what you're trying to protect really. That's out of the scope of this question now, however.
If you search Stack for login system and $_SESSION you'll be able to get some info.
Upvotes: 0
Related Questions
- How to find out from what URL a user came from
- php how to find the location where a user came from?
- check if user didnt come from url
- Determine where user came from when address is manually entered
- Track where users come from in PHP?
- How to determine location of a user?
- Find out which the user filled out
- How to detect the site a user came from before mine in PHP?
- trying to track where my visitor comes from using php
- How to determine where a user came from to my site?