CODEWITHSUNDEEP
phppostreferrer
aaronfarr
aaronfarr

Reputation: 676

PHP HTTP Referrer

I have a page which accepts POSTs from a remote site. I would like to detect the domain that these POSTs are coming from. I realize that it can be spoofed but it is better than nothing. I have tried accessing the HTTP_REFERER variable but it just returns null.

The page accepts POSTs from sources like PayPal (instant payment notifications) and other payment gateways.

How can I get the referring call?

Upvotes: 9

Views: 26268

Answers (4)

Maxim Lavrov
Maxim Lavrov

Reputation: 61

This works for me pretty well:

https://stackoverflow.com/a/17958676/2635701

<form action="http://www.yourdomain.com/subscribe" 
   method="POST" 
   onsubmit=
      "document.getElementById('www.yourdomain.com.referrer').value=window.location;" >
    <!-- hidden input for field starts with a domain registered by you 
    just so that it's unlikely to clash with anything else on the page -->
    <input type="hidden" id="www.yourdomain.com.referrer" name="referrer"/>
    your email: <input name="email" type="text"/>
    ... rest of form ...
    <input type="submit" value="Subscribe"/>
</form>

Upvotes: 2

Mike Lewis
Mike Lewis

Reputation: 64177

You are right that the referrer is easy to spoof, however there is a better solution. Read the ipn documentation in which they mention validation mechanisms. Never trust the user.

Upvotes: 2

AbiusX
AbiusX

Reputation: 2404

$_SERVER['HTTP_REFERER']

with a single R, try var_dump($_SERVER) for more info.

Upvotes: 6

Matthew Flaschen
Matthew Flaschen

Reputation: 285027

You spelled Referer correctly. It should be:

$_SERVER['HTTP_REFERER']

Upvotes: 10

Related Questions