calling url.

On Mon, 08 May 2006 09:52:36 -0500, Ron Croonenberg wrote:

Hello,

Is it possible, with php, to figure out what the "calling url" is ?

Let's say I have a track.html (with some php code) and if someone clicks
on a link to track.html I want to see the url where that visitor came
from.

can that be done ?

Not 100% reliably (it's up to the browser to send it) but check out
$_SERVER["HTTP_REFERER"]

Cheers,
Andy

--
Andy Jeffries MBCS CITP ZCE | gPHPEdit Lead Developer
http://www.gphpedit.org | PHP editor for Gnome 2
http://www.andyjeffries.co.uk | Personal site and photos

>Is it possible, with php, to figure out what the "calling url" is ?

Let's say I have a track.html (with some php code) and if someone
clicks on a link to track.html I want to see the url where that visitor
came from.

can that be done ?

$_SERVER['HTTP_REFERER'] can be used BUT it's sent by the browser
so it can easily be faked or deleted. This is one of the most
mucked-with variables on the web, even more than cookies. Many
Windows firewalls delete it and their owners couldn't re-enable it
to save their lives (even though that setting is usually in there
somewhere). CURL provides a way to send a fake one. And, of course,
a fake one can be sent by manually typing HTTP headers into telnet.

If you're trying to use it to get an idea where visitors come from,
it might work well enough for your purposes. If you're trying to
prevent references to images on your site from other sites, it's
easy to defeat and it will break your site for legitimate users.
If you think it's a way to detect bots, it's doomed to failure. If
you think it's a way to secure your site with Javascript input
parameter checking only on YOUR form and you can prevent people
from copying your form and altering it, your security is hopelessly
broken.
Gordon L. Burditt

Neah not trying to do anything fancy like that

Just wanted to see (a bit) where users were coming from
thanks...

Gordon Burditt wrote:

Is it possible, with php, to figure out what the "calling url" is ?

Let's say I have a track.html (with some php code) and if someone
clicks on a link to track.html I want to see the url where that visitor
came from.

can that be done ?

$_SERVER['HTTP_REFERER'] can be used BUT it's sent by the browser
so it can easily be faked or deleted. This is one of the most
mucked-with variables on the web, even more than cookies. Many
Windows firewalls delete it and their owners couldn't re-enable it
to save their lives (even though that setting is usually in there
somewhere). CURL provides a way to send a fake one. And, of course,
a fake one can be sent by manually typing HTTP headers into telnet.

If you're trying to use it to get an idea where visitors come from,
it might work well enough for your purposes. If you're trying to
prevent references to images on your site from other sites, it's
easy to defeat and it will break your site for legitimate users.
If you think it's a way to detect bots, it's doomed to failure. If
you think it's a way to secure your site with Javascript input
parameter checking only on YOUR form and you can prevent people
from copying your form and altering it, your security is hopelessly
broken.
Gordon L. Burditt