Hi all,

Treat me as thick. I am having a problem setting up what I think I should be useing to solve the following issue.

I have a page which I want to block access to if the referer is one other than the one I set.

Should I be useing "session_referer_check and if so am I using the correct syntax as below.

session_start();
function (session.referer_check) "ssl.paytrack.com";

Any help anyone can give.

Kind regards. Keep safe and well.

Dereck

How about,

if ($_SERVER['HTTP_REFERRER'] != "source.html") {
// redirect or whatever
exit();
}

Hi,

I am useing the script below. Is there a reason why the page that the redirect points to seem to load and loop.

Your help is needed.

if ($_SERVER['HTTP_REFERRER'] != "source.html") {
echo "<meta http-equiv=\"refresh\" content=\"0\" url=http://www.translation.academy-life.com/index.htm\">";
exit();
}

?>

Many thanks if you can.

Regards

Dereck

Hi all,

Adam, I have used the script you kindly posted but if I goto

http://www.translation.academy-life.com/index.htm

a blank page loades.

If i approach the URl from my source I get the same blank page.

Any ideas why this should be.

Regards

Dereck

I went to http://www.translation.academy-life.com/index.htm and the page loaded... of course that's a just a HTML page, and not the php script with the code in it so I don't know what that shows....

What's the script you're working on? Maybe post some more of the code.

In anycase the code that people have posted in these replies are not working solutions... you need to still use the ideas to code your own function.

Anyway, if you know what the valid referers should be, then just compare them to $_SERVER["HTTP_REFERER"], which is the current referer.

$validreferer = "http://www.site.com/jfkdls";

if($_SERVER["HTTP_REFERRER"] != $validreferer){
Header("Location: http://www.translation.academy-life.com/index.htm");
exit;
}

Come up with your own way of implementing it which suits what you're trying to accomplish... the important details are $_SERVER["HTTP_REFERRER"] is the current referrer, and Header() can be used to redirect.

k, good luck.
-Adam

Hi Adam,

What I have is a page which contains both PHP and HTML code.

I use the PHP as and when required.

The script is clalled translate3.php and the start of the script is:

<?

$validreferer = "https://ssl.paytrack.com/cbank/4.cgi";

if($_SERVER["HTTP_REFERRER"] != $validreferer){
Header("Location: http://www.translation.academy-life.com/index.htm");
exit;
}

?>

After which I have lots of HTML code which displays a form for user submission.

The $validreferer is as above and never changes. At the moment if the script is accessed direct i.e http://www.translation.academy-life.com/translate3.php the user gets redirected to http://www.translation.academy-life.com/index.htm. That the way I want it to work.

But, if the translate3.php is accessed from https://ssl.paytrack.com/cbank/4.cgi I want the rest of the script to run.

At the moment if the script is accessed from https://ssl.paytrack.com/cbank/4.cgi it also redirects to http://www.translation.academy-life.com/index.htm.

I have played around with this with no success as yet.

My kind regards to you all

Dereck

I think you might be spelling referer right...or wrong depending on how you look at it.

It's spelt like this in PHP anyway:

$_SERVER["HTTP_REFERER"]

So that is why the condition could be failing even when the referer is https://ssl.paytrack.com/cbank/4.cgi.

Just do simple test: echo $_SERVER["HTTP_REFERER"] in your script and see what it produces... it should produce "https://ssl.paytrack.com/cbank/4.cgi" when coming from that page.

If not you've prolly spelling the variable wrong or are using some really odd version of PHP

Don't worry, it trips me up all the time too... fancy them spelling it wrong!

cya
-Adam

Hi Adam,

Am I going nuts or what.

This is the server info

Server OS: Linux 2.4.21-grsec-20030730a

HTTP Server: Apache/1.3.29 (Unix)
PHP Version: 4.2.3 (Zend: 1.2.0)

If I run the following line only, I get a blank page, no output:

<?

echo $_SERVER["HTTP_REFERER"];

?>

I am spelling REFERER correctly/ I can't see what is wrong here. If you could help just a little more, please.

You can run the script from

http://www.translation.academy-life.com/redirect.php

This is just a test script

HANG ON, I JUST POSTED THIS AND TESTED THE LINK AND IT PRODUCED OUTPUT

http://www.phpbuilder.com/board/showthread.php?s=&postid=10451520

so why does it not produce output if I run it from my script, I don't understand what's going no here.

Regards

Dereck

Hi All

Hi Adam.

This is the start of my script:

<?
$validreferer = "https://ssl.paytrack.com/cbank/4.cgi";
if($_SERVER["HTTP_REFERER"] != $validreferer){
Header("Location: http://www.translation.academy-life.com/index.htm");
exit;
}
?>
<html>
<head>
<title>Academy-life - translation results</title>
<meta http-equiv="Content-Type" content="">
<link href="style.css" rel="stylesheet" type="text/css">

When it runs it just show no output.

If I try to echo the $_SERVER["HTTP_REFERER"]; it shows no output.

This is driving me mad.

Regards

Dereck

... "If I run the following line only, I get a blank page, no output: "

<?
echo $_SERVER["HTTP_REFERER"];
?>

Well of course! lol. Don't you know what a referer is? The $_SERVER["HTTP_REFERER"] variable is only created if the script you are running has was started by someone clicking a hyperlink.

I.e. If I am on page "script1.php" and I click a link on that page that goes to "script2.php" then the $_SERVER["HTTP_REFERER"] will be the URL to the "script1.php" page.

If I just run the "script2.php" page on it's own without having came from somewhere, $_SERVER["HTTP_REFERER"] will be empty.

So of course if you just run that script that's what will happen. I meant try the echo after you've clicked a link to get to the script...

So, if you are on the page https://ssl.paytrack.com/cbank/4.cgi and you click a link to get to this script you are working on, it shouldn't redirect as that is the referer you are testing against.

Otherwise the page should redirect to http://www.translation.academy-life.com/index.htm. If it doesn't redirect for some reason (maybe there's a problem in the URL) then the page will just stop. (That's what the exit; statement does)

So that's why your page is producing no output if you are not coming from the https://ssl.paytrack.com/cbank/4.cgi page.

Make sense?

Good luck man.
-Adam