Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    New Coder
    Join Date
    Jun 2005
    Location
    San Diego, CA
    Posts
    39
    Thanks
    0
    Thanked 0 Times in 0 Posts

    getenv(HTTP_REFERER)

    Hi, I'm having a problem with some php that I've written to check to see if the site calling my PHP script is in fact from my site, and if they're not I have it read a document to tell them that they can't call the script from outside of my site. The below section of the script works absolutely fine, but the problem is that getenv(HTTP_REFERER) doesn't return anything. From what I'm guessing this is because I am calling the php script from a javascript function (semi ajax using xmlhttprequest). I don't understand why getenv(HTTP_REFERER) doesn't return a value though because it's still being called from within my site... Can anyone help me?

    P.S. The fact that getenv(HTTP_REFERER) doesn't return a value makes it so that no matter what every time my script is called I get the "outside.html" file.

    PHP Code:
    $homeurl "www.somewebsite.com";
    $callinghttp getenv("HTTP_REFERER");

    $callingurl ereg_replace("http://"""$callinghttp);
    $url stristr($callinghttp$homeurl);

    if (
    $url === false) {
        
    readfile("outside.html");
        exit;

    P.P.S. My page that calls my javascript function is html, and the function is called from a form onSubmit.
    Last edited by entint; 06-09-2005 at 07:12 AM.

  • #2
    Regular Coder
    Join Date
    May 2005
    Posts
    563
    Thanks
    0
    Thanked 3 Times in 3 Posts
    have you tried using
    PHP Code:
    $_SERVER['HTTP_REFERRER'
    ?

    also, you have referrer spelt incorrectly.

  • #3
    New Coder
    Join Date
    Jun 2005
    Location
    San Diego, CA
    Posts
    39
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yeah I tried that a few moments ago as well, still no luck...Any other ideas? maybe something that would parse on the html page and then send through the javascript to the php? I don't know how that would work but it would solve the problem because it wouldn't have to be called from the php script and could be called on the actual referring page...

    Yes I know referrer is spelt wrong, but in php (among other coding languages) this is the spelling that they use since the mispelled word somehow made it into the HTTP standard...don't ask me why it's just the way they did it...
    Last edited by entint; 06-09-2005 at 08:30 AM.

  • #4
    New Coder
    Join Date
    Jun 2005
    Location
    San Diego, CA
    Posts
    39
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Just for reference, and to make sure that I'm not doing anything wrong in my html and javascript to accomplish this, here's the relevant parts of all of my code. Can somenoe please help me out?

    Relevant HTML Code:
    Code:
    <div id="content">
    	<h2>Email Us:</h2>
    	<form name="formmail" action="mail.php" method="get" onsubmit="sendMail(this.action); return false;">
    		<input type="hidden" name="to" value="info@entintdesign.com" />
    						
    		<div><label for="name">Name:</label></div>
    		<input type="text" name="name" />
    						
    		<div><label for="email">Email:</label></div>
    		<input type="text" name="email" />
    						
    		<div><label for="subject">Subject:</label></div>
    		<input type="text" name="subject" />
    						
    		<div><label for="message">Message:</label></div>
    		<textarea name="message" rows="" cols=""></textarea>
    						
    		<div>&nbsp;</div>
    		<input type="submit" name="submit" value="Send" class="btn" />
    	</form>
    </div>
    Relevant Javascript:
    Code:
    // HTTPRequest Object
    function loadXMLDoc(url) 
    {
        if (window.XMLHttpRequest) {    // branch for native XMLHttpRequest object
            req = new XMLHttpRequest();
            req.onreadystatechange = processReqChange;
            req.open("GET", url, true);
            req.send(null);
        } else if (window.ActiveXObject) {    // branch for IE/Windows ActiveX version
            req = new ActiveXObject("Microsoft.XMLHTTP");
            if (req) {
                req.onreadystatechange = processReqChange;
                req.open("GET", url, true);
                req.send();
            }
        }
    }
    // req Change processor
    function processReqChange() 
    {
        if (req.readyState == 4) {    // readyState = Complete
            if (req.status == 200) {        // status = Okay
    			if(document.getElementById) {
    	            document.getElementById("content").innerHTML = req.responseText;
    			}
            } else {
                alert("There was a problem retrieving the data you requested:\n\n" + req.status + ": " + req.statusText);
    			closeArrow();
            }
        }
    }
    // Mail Form Page Call
    function sendMail(whichURL) {
    	var to = document.formmail.to.value;
    	var from = document.formmail.name.value;
    	var email = document.formmail.email.value;
    	var subject = document.formmail.subject.value;
    	var message = document.formmail.message.value;
    	thisURL = whichURL + "?to=" + to + "&name=" + from + "&email=" + email + "&subject=" + subject + "&message=" + message;
    	loadXMLDoc(thisURL);
    }
    Relevant PHP where problem arises
    PHP Code:
    $callingurl getenv("HTTP_REFERER");
    $callingurl ereg_replace("http://"""$callinghttp);
    $url stristr($callinghttp$homeurl);

    if (
    $url === false) {
        
    readfile("outside.html");
        exit;


  • #5
    Regular Coder
    Join Date
    Feb 2005
    Posts
    400
    Thanks
    0
    Thanked 0 Times in 0 Posts
    In your xmlhttprequest function, you'll have to set ther Referer header yourself.

    req.setRequestHeader("Referer", "http://whatever/etc/");

  • #6
    Regular Coder
    Join Date
    May 2005
    Posts
    563
    Thanks
    0
    Thanked 3 Times in 3 Posts
    did you see my note about referrer being spelt incorrectly?

  • #7
    New Coder
    Join Date
    Jun 2005
    Location
    San Diego, CA
    Posts
    39
    Thanks
    0
    Thanked 0 Times in 0 Posts
    yea I did check the post I responded with I have edited it since

    Is there any other way Harry? That way just doesn't seem very secure...If that is the only way then I guess I have to use it...
    Last edited by entint; 06-09-2005 at 08:34 AM.

  • #8
    Regular Coder
    Join Date
    Feb 2005
    Posts
    400
    Thanks
    0
    Thanked 0 Times in 0 Posts
    xmphttp requests don't send a referer by default; if you want one, you have to send it yourself.

    If you want higher security, sessionid.

  • #9
    New Coder
    Join Date
    Jun 2005
    Location
    San Diego, CA
    Posts
    39
    Thanks
    0
    Thanked 0 Times in 0 Posts
    ok sounds good. thanks a bunch


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •