Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10
  1. #1
    New Coder
    Join Date
    Jun 2013
    Posts
    34
    Thanks
    18
    Thanked 0 Times in 0 Posts

    $_SERVER['HTTP_REFERER'] with Post method

    This is file1.php
    PHP Code:
    <?php
    echo $_SERVER['HTTP_REFERER'];

    ?>
    This is file2.php

    PHP Code:
    <form name="spendfrm" action="file1.php" method="POST">
      
        <
    input type="hidden" name="something" value="something">
      
      
      <
    input type="submit" value="Go to file1.php" />  
      
    </
    form
    After clicking to Submit button, I don't see anything in file1.php?
    How can I get REFERER site to my site from POST method ?
    Thanks

  • #2
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,091
    Thanks
    51
    Thanked 506 Times in 493 Posts
    In file1.php use this:

    var_dump($_SERVER);

    Report back with your findings.
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!

  • Users who have thanked tangoforce for this post:

    hoangthi (06-12-2013)

  • #3
    Junsee
    Guest
    'HTTP_REFERER'
    The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
    http://php.net/manual/en/reserved.variables.server.php


    what are you trying to accomplish here?
    because you are posting from your own site -> to your own site.


    you could
    <input type="hidden" name="something" value="<?php echo $_SERVER['HTTP_REFERER']; ?>">

    then echo $_POST['something'];

  • Users who have thanked Junsee for this post:

    hoangthi (06-12-2013)

  • #4
    New Coder
    Join Date
    Jun 2013
    Posts
    34
    Thanks
    18
    Thanked 0 Times in 0 Posts
    Yes, I use a money online system.
    Is payment is ok, they will redirect me to done.php
    I use $_SERVER['HTTP_REFERER'] in done.php but nothing happened.

    But thanks to tangoforce, I use $_SERVER["HTTP_ORIGIN"], it shows me the money online webpage.

    Why ?

  • #5
    New Coder
    Join Date
    Jun 2013
    Posts
    34
    Thanks
    18
    Thanked 0 Times in 0 Posts
    EDIT: And $_SERVER["HTTP_ORIGIN"] only works on GOOGLE CHROME, Not on FIRE FOX

  • #6
    Junsee
    Guest
    Quote Originally Posted by hoangthi View Post
    EDIT: And $_SERVER["HTTP_ORIGIN"] only works on GOOGLE CHROME, Not on FIRE FOX
    C'est la vie

  • #7
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    2,960
    Thanks
    2
    Thanked 304 Times in 296 Posts
    If you are trying to detect if payment was successful, that the visitor got to your done.php only after they paid, you cannot rely on any piece of data that comes from the visitor.

    All the $_SERVER['HTTP_xxxxxx'] values come from the visitor and cannot be trusted.

    When the payment gateway redirects the visitor back to your site, all the means is that the visitor went through the payment process. It doesn't mean that payment was successful. So, your done.php page should not permit the visitor to actually do anything yet. It's just a 'thank you, you have completed the payment process' page.

    You must rely ONLY on information that you get from the payment gateway. A gateway like paypal will send you payment confirmation using IPN, where the payment gateway sends your server payment status information directly that is totally separate and independent of what the visitor is doing on your site.

    You would store (in a database) the payment status you get back from the payment gateway as a record that the payment by that visitor for whatever he purchased in the transaction was complete. If this is for real products, you would then process the order. If this is for digital products, you would send him an email that he can now download the digital product.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • Users who have thanked CFMaBiSmAd for this post:

    hoangthi (06-12-2013)

  • #8
    New Coder
    Join Date
    Jun 2013
    Posts
    34
    Thanks
    18
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by CFMaBiSmAd View Post
    If you are trying to detect if payment was successful, that the visitor got to your done.php only after they paid, you cannot rely on any piece of data that comes from the visitor.

    All the $_SERVER['HTTP_xxxxxx'] values come from the visitor and cannot be trusted.

    When the payment gateway redirects the visitor back to your site, all the means is that the visitor went through the payment process. It doesn't mean that payment was successful. So, your done.php page should not permit the visitor to actually do anything yet. It's just a 'thank you, you have completed the payment process' page.

    You must rely ONLY on information that you get from the payment gateway. A gateway like paypal will send you payment confirmation using IPN, where the payment gateway sends your server payment status information directly that is totally separate and independent of what the visitor is doing on your site.

    You would store (in a database) the payment status you get back from the payment gateway as a record that the payment by that visitor for whatever he purchased in the transaction was complete. If this is for real products, you would then process the order. If this is for digital products, you would send him an email that he can now download the digital product.
    Do you use perfect money?
    In sci form, I set Status is verify.php
    and success payment is done. php

    but verify.php is not received anything from Perfect money. I tried to put some codes which wrote something to file.txt, if verify.php could be open.
    then, I made a test payment and confirmed it, and perfect money redirected to done.php. however the file.txt was empty...

  • #9
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    2,960
    Thanks
    2
    Thanked 304 Times in 296 Posts
    but verify.php is not received anything from Perfect money. I tried to put some codes which wrote something to file.txt, if verify.php could be open.
    then, I made a test payment and confirmed it, and perfect money redirected to done.php. however the file.txt was empty...
    You need to troubleshoot and find out why your code didn't do what you expect and if you want us to help troubleshoot what your code is doing, you will need to post your code.

    If you are doing this for real (it's not just a class project), and you are dealing with real money, if you are not an experienced programmer that already knows how to do this and can troubleshoot your own code, you should be hiring an experienced programmer to do this for you.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • Users who have thanked CFMaBiSmAd for this post:

    hoangthi (06-12-2013)

  • #10
    New Coder
    Join Date
    Jun 2013
    Posts
    34
    Thanks
    18
    Thanked 0 Times in 0 Posts
    Yes, thanks, I found the problems...


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •