...

View Full Version : Referring URL from redirects...



erdubya
01-04-2007, 07:47 AM
Hey folks.

I know how $HTTP_SERVER_VARS['HTTP_REFERER'] works...

BUT..

Is there a way to get the referring page when it's being automatically re-routed via the <meta http-equiv="refresh"> tag?

for instance,
page1.php

<meta http-equiv="refresh" content="5;url=page2.php">

page2.php


<?php
//CHECK REFERRAL
$referringURL = $HTTP_SERVER_VARS['HTTP_REFERER'];
$referURL = getenv(HTTP_REFERER);
?>


Both $referringURL AND $referURL return blank values. My guess is because it's not a link click but a meta refresh.

How can I accomplish getting the referring URL from the meta tag?

Thanks for your help!

SELF_TAUGHT
01-04-2007, 08:09 AM
Yes. There is a very simple way to do this. Here is how to do this.

1st. The first page refers you to a second page.
2nd. Have the second page get it's referrer and put that into a variable. and pass that variable along to the third page via the address bar.
3rd. Have the third page get ITS referrer and use a GET statement to get the other referrer out of the addrss bar. You now have both referrers.

If you would like I could take your pages and put that in there for you. Of course there would be a small price attached but it wouldn't be much given the fact that it would only be a couple lines of code I would have to add.

Shaffer
01-04-2007, 08:52 AM
Self_taught, you're a greedy *******. All he wants is some 3 code line help and you can't do that for him? What kind of person are you? Don't reply me: "The one who tries to make a living", since this is a helping forum, not a hiring one.


Shaffer.

koyama
01-04-2007, 11:04 AM
Well, this method might be ok if it is your own page and you can paste code into it. But are you asking for the case where it is a 3rd party site that has the meta refresh?

As for the referrer sent by the user agent, there is some variation among user agents when it comes to meta refresh. There are 2 candidates for the referrer. The original page you came from (A) or the page with the meta refresh (B).

Furthermore the referrer sent by user agent depends on whether it is a HTTP redirect or a META refresh.

I tried on FF2, IE6 and Opera9. Here is what I got for the referrer.

HTTP redirect
-------
FF2: A
IE6: A
OP9: B

META refresh
-------
FF2: blank
IE6: blank
OP9: B

A: original page
B: redirecting/refreshing page

erdubya
01-04-2007, 04:08 PM
Yes. There is a very simple way to do this. Here is how to do this.

1st. The first page refers you to a second page.
2nd. Have the second page get it's referrer and put that into a variable. and pass that variable along to the third page via the address bar.
3rd. Have the third page get ITS referrer and use a GET statement to get the other referrer out of the addrss bar. You now have both referrers.

If you would like I could take your pages and put that in there for you. Of course there would be a small price attached but it wouldn't be much given the fact that it would only be a couple lines of code I would have to add.

WOW! 1st. I'm shocked too that you're trying to get me for some $$$.. .for some lines of code that I already have!!! Rediculous.
2nd. Why would I need a 3rd page involved in this?

erdubya
01-04-2007, 04:15 PM
Well, this method might be ok if it is your own page and you can paste code into it. But are you asking for the case where it is a 3rd party site that has the meta refresh?



Both are my pages.


I tried on FF2, IE6 and Opera9. Here is what I got for the referrer.

HTTP redirect
-------
FF2: A
IE6: A
OP9: B

META refresh
-------
FF2: blank
IE6: blank
OP9: B

A: original page
B: redirecting/refreshing page



Yes...I'm beginning to think that it can't be done... Only Opera gets it right...

How about this? How can I get the previous page? Doesn't necessarily have to be the referring URL.

koyama
01-04-2007, 05:14 PM
Well, if both of the pages are yours I think you could do something like this:


<?php
$ref1 = urlencode($_SERVER['HTTP_REFERER']);
$ref2 = urlencode('http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
echo '<meta http-equiv="refresh" content="5;url=page2.php?ref1='.$ref1.'&amp;ref2='.$ref2.'">';
?>

You should then have both referrers available through


$_GET['ref1'] /* very first referrer */
$_GET['ref2'] /* ordinary referrer */

It is supposed to work in all browsers.

erdubya
01-04-2007, 06:38 PM
Well, if both of the pages are yours I think you could do something like this:


<?php
$ref1 = urlencode($_SERVER['HTTP_REFERER']);
$ref2 = urlencode('http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
echo '<meta http-equiv="refresh" content="5;url=page2.php?ref1='.$ref1.'&amp;ref2='.$ref2.'">';
?>

You should then have both referrers available through


$_GET['ref1'] /* very first referrer */
$_GET['ref2'] /* ordinary referrer */

It is supposed to work in all browsers.


I see... let me give that a try..

erdubya
01-04-2007, 06:48 PM
having the referrer in the url makes it visible for the user to possibly hack into.

Is there a way to pass the variables $ref1 and $ref2 so that they are hidden?

(I know how to do it with a form but since there is no form involved, just a meta tag re-direct, is it possible??)

dumpfi
01-04-2007, 09:35 PM
No, you can never be sure that any data from userland is valid.

Even if you use a form with hidden inputs or the like, anybody could easily create a form with normal text inputs with the same name as your hidden inputs and target that form to your processing page. Then one could simply type in values as one likes and send it to your page.

Any Javascript solution can also be circumvented / manipulated.

You cannot prevent people from sending you bogus input.

dumpfi

erdubya
01-04-2007, 11:41 PM
I'm not trying to eliminate malicious activity... just trying to make it harder to do so.

If I'm putting the variables in the URL, I'm basically giving away all my goodies...
===============================

So is there a way to send $_POST variables without using a form or a link?

OR...

Is there a way to detect the PREVIOUS page...not necessarily the referring URL??

That's all I'm trying to do here.


Thanks!

felgall
01-04-2007, 11:59 PM
Of course anything with referrers is dependent on your visitor allowing you access to that info in the first place. Many firewalls are configured to rewrite that dfield either with blanks or a contant text and some browsers allow you to turn off that field as well.

marek_mar
01-05-2007, 12:13 AM
1) http://www.zend.com/zend/spotlight/mimocsumissions.php
2) You could use sessions to track a user's last page on your site.

erdubya
01-05-2007, 01:13 AM
1) http://www.zend.com/zend/spotlight/mimocsumissions.php
2) You could use sessions to track a user's last page on your site.


In the grand scheme of things... here's an example of my site's flow...

[page1.php] ---> [page2.php] ----> [page3.php]

Now, I'm trying to prevent the user from going directly to page2 or page3... even if they figure it out and type in page2.php or page3.php directly into their browsers, I want to be able to say:

on page2.php
if the previous page is NOT page1.php then
do not show page2.php... instead, show some kind of error message and direct them back to page1.php

on page3.php
if the previous page is NOT page2.php then
do not show page3.php... instead, show some kind of error message and direct them back to page1.php

I now know that HTTP_REFERER is not suitable for this(earlier posts in the thread). How reliable are session variables in handling this situation?

If I use sessions, is it possible that the user's browser/firewall/etc. can turn them off as well?

marek_mar
01-05-2007, 02:36 PM
Sessions use sessions id's (sid) to identify the user. The sid is either in a cookie or in the querystring (parto of the URL).
In theory it is always possible to have the sid in the querystring, unless someone will be deleting it.
You can restrict access to users with a new session (that is users without the session id will get a new session and sid).

SELF_TAUGHT
01-10-2007, 08:01 AM
So you guys show bad karma by posting bad rep on my account huh? did any of you ever ask yourselves "What is the small price for?" NO none of you **************************** did not. The small price was for ME TO PUT THE CODE IN FOR HIM. It just so happens that I have exactly the scripts he needs. However, since you guys have seen fit to post bad rep on my account without knowing ALL the details or reading very carefully what I wrote, those scripts just acquired a price tag to even get them. If he had asked for the code so HE could put it in, I would have given for free.

Isn't it a shame when people jump to conclusions.

I happen to run 2 other coding forums too. The only thing is that NONE of the scripts on those forums cost a single thing. Not even so much as a penny. When people request scripts like that I write for free and put them on there for others who may want them too. If they want ME to put that code in THEIR pages then a cost is incurred.

And one last thing. This is a helping forum. Is it really helping to do the pages for him? Or is it helping to ask to see what he has so far and suggest changes to make and guide him to getting it working himself?

Damn. And you guys want to JUDGE ME!!!!! Let's get real here people. I know I am knew here and probably have a lot to learn But I highly doubt YOU have ANYTHING to teach ME about beeing helpful!!!!!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum