Hi All,

I would like to restrict a php page so that it can only be accessed via a certain referral url.

Something like this:


if (you_are_coming_from_yourpage) {

my code

} else {
die ("You can't access this file directly...");
}


Thanks,

HedgeHog

not a very good way to do it because some browsers don't report the referer but you can do this

<?
$referer = strtolower($_SERVER['HTTP_REFERER']);
if(ereg("yoursite.com", $referer)) {

my code

} else {
die ("You can't access this file directly...");
}
?>

Scoutt....Is there a better way to do it? and what if the referring url is "HTTPS"

Thanks,

HedgeHog

it doesn't matter if it was https, just enter it like that.

if(ereg("https://www.yoursite.com", $referer)) {

of the http://www.yoursite.com

either one would do it.

and what other way did you hav ein mind because the last time I checked ther eis any other way to get the referer. again some browser/sites don't send the referer.

Thanks Scoutt,

If this is not the best way to do this, would it be better to maybe pass a variable or something and only grant access if that variable is present?

If so what would be the correct way to do that.

Thanks,

HedgeHog

yeah like a password protected page or something or a variable klike you say is the best way. that way you get it no matter what and no relying on browsers.

If possible, I would use sessions. This would have to use a username/password combo though.

I didn't use the php. Now, I just learn it. I hoped that you can provide more info.

traveling, please create your own thread and ask your question. This thread is 4 years old and long forgotten.

scoutt, thanks for advicing. But I didn't know how about I should write it.

Just tell what your problem is then we can go from there.

$referer = strtolower($_SERVER['HTTP_REFERER']);
if(ereg("yoursite.com", $referer)) {
ereg() isn't the best choice of function for this case. Regular expressions are not required, and the period in regexp means any character (almost). It could be rewritten as yoursite\.com, but a much faster string function would be the better choice.

if (strpos('yoursite.com', $referer) !== false) {

When using regular expressions in PHP the PCRE should be used. These are the preg_* functions. ereg() is replaced by preg_match().

erisco, as I told traveling, why did you post to a 4 year old thread? the thread has been solved.... 4 years ago.

ereg has not been replaced by preg_match, it is just said that preg_match is faster

I never check the post dates :P