470,870 Members | 1,400 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 470,870 developers. It's quick & easy.

How to redirect based on $_SERVER["HTTP_REFERER"]?

I have a page that I don't want anyone to be able to link directly to. The
page should only be accessed from gatepage.php. I tried this code, but keep
getting errors - "header info already sent", or something like that... Am I
missing something, or is there a better way to do this?

<?php
$ref = $_SERVER["HTTP_REFERER"];
//echo $ref;
if ( $ref == 'http://www.mydomain.com/gatepage.php' )
{
//record visit
}
else
{
//send to gatepage.php
header("Location:http://www.somegatepage.com");
exit;
}
?>

Thanks.
Jul 17 '05 #1
9 28079
deko wrote:
I have a page that I don't want anyone to be able to link directly to. The
page should only be accessed from gatepage.php. I tried this code, but keep
getting errors - "header info already sent", or something like that... Am I
missing something, or is there a better way to do this?

<?php
$ref = $_SERVER["HTTP_REFERER"];
//echo $ref;
if ( $ref == 'http://www.mydomain.com/gatepage.php' )
{
//record visit
}
else
{
//send to gatepage.php
header("Location:http://www.somegatepage.com");
exit;
}
?>


The error "headers already sent" means that you've outputted content before
sending HTTP headers. Check your PHP script for whitespace before <?php etc.

By the way, HTTP_REFERER is not reliable for determining where a user come from
as for example firewalls can prevent that kind of information from being sent.
You could however check if the referer starts with http:// but isn't
http://www.mydomain.com/gatepage.php and then redirect them to the gateway page.

Regards,

Per Gustafson
Jul 17 '05 #2
>I have a page that I don't want anyone to be able to link directly to. The
page should only be accessed from gatepage.php. I tried this code, but keep
getting errors - "header info already sent", or something like that... Am I
missing something, or is there a better way to do this?
If you wish to send headers (such as Location:) you must output
them before outputting ANYTHING else. Including the blank line
before <?php . Or a single space. Or any debug output (that
echo $ref will BREAK your script if it's uncommented). ^^blank line (invisible but deadly)<?php
$ref = $_SERVER["HTTP_REFERER"];
//echo $ref;
if ( $ref == 'http://www.mydomain.com/gatepage.php' )
{
//record visit
}
else
{
//send to gatepage.php
header("Location:http://www.somegatepage.com");
exit;
}
?>


Incidentally, HTTP_REFERER is unreliable since it comes from the
user's browser. But it may be better than nothing. Or maybe not.
Lots of things filter HTTP_REFERER so it may break for users
who are trying to use gatepage.php .

Gordon L. Burditt
Jul 17 '05 #3
"deko" wrote:
I have a page that I don’t want anyone to be able to link
directly to. The
page should only be accessed from gatepage.php. I tried this code,
but keep
getting errors - "header info already sent", or something like that... Am I
missing something, or is there a better way to do this?

<?php
$ref = $_SERVER["HTTP_REFERER"];
//echo $ref;
if ( $ref == ’http://www.mydomain.com/gatepage.php’ )
{
//record visit
}
else
{
//send to gatepage.php
header("Location:http://www.somegatepage.com");
exit;
}
?>

Thanks.


Deko, the problem you are experiencing relates to some header
information having been sent before you did the redirect. Easy to fix:
just cache all the output via ob_start (see php manual).

The other way, less recommended, is to use a javascript redirect.

--
http://www.dbForumz.com/ This article was posted by author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.dbForumz.com/PHP-redirect...ict135845.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.dbForumz.com/eform.php?p=453690
Jul 17 '05 #4
> By the way, HTTP_REFERER is not reliable for determining where a user come
from
as for example firewalls can prevent that kind of information from being sent. You could however check if the referer starts with http:// but isn't
http://www.mydomain.com/gatepage.php and then redirect them to the gateway

page

Well, if HTTP_REFERER is unreliable, I may be asking for trouble. Perhaps
another option is to plant a cookie on the gateway page and then check for
it on the login page. This means the user's browser needs to be able to
process my cookie... do you think that's more reliable than HTTP_REFERER?
Jul 17 '05 #5
> If you wish to send headers (such as Location:) you must output
them before outputting ANYTHING else. Including the blank line
before <?php . Or a single space. Or any debug output (that
echo $ref will BREAK your script if it's uncommented).


Thanks for the tip - that was it...
Jul 17 '05 #6
In article <cT*****************@newssvr21.news.prodigy.com> , deko wrote:
I have a page that I don't want anyone to be able to link directly to. The
page should only be accessed from gatepage.php. I tried this code, but keep
getting errors - "header info already sent", or something like that... Am I
missing something, or is there a better way to do this?


At gatepage.php you start a session, and you save the gatepage.php in
it. Now when the visitor moves on to foo.php you can check if
gatepage.php is in the session.

--
Tim Van Wassenhove <http://home.mysth.be/~timvw>
Jul 17 '05 #7
> At gatepage.php you start a session, and you save the gatepage.php in
it. Now when the visitor moves on to foo.php you can check if
gatepage.php is in the session.


Sounds good. I'm new to php and have not yet used sessions. Time to
learn...
Jul 17 '05 #8
deko wrote:
By the way, HTTP_REFERER is not reliable for determining where a user come


from
as for example firewalls can prevent that kind of information from being


sent.
You could however check if the referer starts with http:// but isn't
http://www.mydomain.com/gatepage.php and then redirect them to the gateway


page

Well, if HTTP_REFERER is unreliable, I may be asking for trouble. Perhaps
another option is to plant a cookie on the gateway page and then check for
it on the login page. This means the user's browser needs to be able to
process my cookie... do you think that's more reliable than HTTP_REFERER?


You could eliminate the risk of locking out users (which I presume is what's
most important) by calculating some kind of checksum based on time and other
factors which aren't subject to change (HTTP_USER_AGENT is, for intance, seldom
changed) and then redirect the user with that checksum in a GET variable.

You could also combine cookies and HTTP_REFERER so you'd have a fall-back if
cookies aren't enabled.

There's actually a few different approaches depending on what you want to
achieve, what's most important (to get all users in okey which comes from the
gateway or to prevent those coming from other pages from getting in) and so on.

/p

--
http://www.pergustafsson.com/
Jul 17 '05 #9
> There's actually a few different approaches depending on what you want to
achieve, what's most important (to get all users in okey which comes from the gateway or to prevent those coming from other pages from getting in) and

so on.

Someone suggested using a session. I thought I might explore that. Other
suggestion?
Jul 17 '05 #10

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by Google Mike | last post: by
1 post views Thread by ldixon789 | last post: by
1 post views Thread by Andrew | last post: by
1 post views Thread by jonathanthio | last post: by
3 posts views Thread by neil_pat | last post: by
1 post views Thread by Trev | last post: by
1 post views Thread by THG | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.