CODEWITHSUNDEEP
phphttp-referer
kaceydawson
kaceydawson

Reputation: 11

$_SERVER['HTTP_REFERER'] returning correct value but not passing conditional

I have a contact form and a product form. I want to check to verify there is product value ONLY on product form BUT I can get the conditional to pass.

Broken Code

// If visitor filled out the form on the "Contact Us" page (/contact/index.php) then no 'product' field is required.
if ($_SERVER['HTTP_REFERER'] != "http://www.url.com/contact/index.php" || "http://url.com/contact/index.php") {
    if(strlen($product) < 2) {
        $errors[] = "<font color='red'>Please enter the product requesting.</font>";
    }
}

Troubleshooting / Debugging Code

$serverValue = $_SERVER['HTTP_REFERER'];
print "The value of SERVER is ". $serverValue;
echo "<br />";
print $_SERVER['DOCUMENT_ROOT']."/contact/index.php";               
echo "<br />";

if ($_SERVER['HTTP_REFERER'] != "http://www.url.com/contact/index.php" || "http://url.com/contact/index.php" || "/home/url/public_html/contact/index.php") {
//if ($_SERVER['HTTP_REFERER'] != $_SERVER['DOCUMENT_ROOT']."/contact/index.php") { 
print "This is NOT the Contact page";
} else {
print "This IS the Contact page";
}

Troubleshooting / Debugging Output

The value of SERVER is http://url.com/contact/index.php /home/url/public_html/contact/index.php This is NOT the Contact page

You can see by the output that the correct HTTP_REFERER is being passed but it just won't evaluate correctly. There is a commented out line in there where I was trying other things. Please go easy on me Im new at PHP.

Alright, I understood what I was doing wrong and tried this with no success

if ($_SERVER['HTTP_REFERER'] != "http://www.url.com/contact/index.php" || $_SERVER['HTTP_REFERER'] != "http://url.com/contact/index.php") { 
if(strlen($product) < 2) {
$errors[] = "<font color='red'>Please enter the product requesting.</font>";
}
}

Any other thoughts?

Upvotes: 0

Views: 490

Answers (1)

jeroen
jeroen

Reputation: 91792

It does evaluate correctly as a non-empty string evaluates to true.

So with:

if ($_SERVER['HTTP_REFERER'] != "http://www.url.com/contact/index.php" 
   || "http://url.com/contact/index.php" 
   || "/home/url/public_html/contact/index.php") {

it does not matter what the first condition is because the second and the third always evaluate to true:

if ($_SERVER['HTTP_REFERER'] != "http://www.url.com/contact/index.php" 
   || true 
   || true) {

Results in:

if (true) {

If you don't want the referrer to be any of these 3 strings, you can use something like:

if (!in_array($_SERVER['HTTP_REFERER'] , [
    'http://www.url.com/contact/index.php', 
    'http://url.com/contact/index.php', 
    '/home/url/public_html/contact/index.php'
]) {

Upvotes: 1

Related Questions