ansaurus

Question

How would I go about writing a conditional statement to check if visitor is coming from a particular site?

Answer 1

+2 A:

$_SERVER['HTTP_REFERER'] is the most reliable information you'll get about where your visitor came from. And it's not at all reliable. Some browsers may be configured to not send that header at all, and anybody can send misinformation, claiming they came from http://ultra-secure.top-secret.government.gov/ if they feel so inclined.

With that caution in mind, it sounds like perfect reliability isn't a consideration here, and you're just hoping to save some time for visitors with a correct HTTP_REFERER set.

In that case, comparing the beginning portion of that value to the www.example.com address where you expect visitors to originate with pre-filled-out signup information, would be the best way to go.

Here's an example:

$site = "http://www.sample.com/";
if (!empty($_SERVER['HTTP_REFERER']) &&
        substr($_SERVER['HTTP_REFERER'], 0, strlen($site)) == $site) {
    //if execution reaches this point, user claims he came from www.sample.com
}

VoteyDisciple 2010-06-08 19:01:20

I added the example I was writing before you posted your answer. Hope you don't mind.

Artefacto 2010-06-08 19:04:23

Okay... in an effort to avoid using HTTP_REFERER can I have them push into my database a value of SOMETHING.When the visitor that has filled out that form submits they get brought to our site. Now the question is can I check if that value is a part of this persons record upon page load?

Matthew 2010-06-08 19:10:16

If you're able to work with the other site in collaboration, have them insert a unique ID into your database and then redirect to a script on your site **with that in the URL**. Then it's easy to tell exactly who you're seeing.

VoteyDisciple 2010-06-08 19:19:25

@Matthew If the flow is your site -> another site -> your site and you have control over the another site, you create a unique token, forward the user to the other site with that token part of the query string and have the other site pass that token back to you when the user submits the form there (e.g. as part of a 303 forward or, less recommended, with the form action directly your site). You'd have to store the unique token in the database when you generate it and invalidate it once the user returns to your site.

Artefacto 2010-06-08 19:19:26

@Artefacto - Okay we have control over the site and the form that these people are coming from. I just need to know if I take the option of passing a value via a hidden input and check for this value upon them being directed to our site once they submit the form is the best and simplest option.If so I was wondering what that syntax would look like. I'm sorry if this is repetitive but it's a little over my knowledge of php and conditionals.

Matthew 2010-06-08 19:39:33

@Matthew It's the only way you can guarantee the user came from your site, went to the other, and returned to yours.

Artefacto 2010-06-08 20:03:58

Answer 2

+2 A:

Based on your overall use case, I'd say that the best way to do this is to have the website that's referring to you pass a special POST or GET param, whichever is appropriate.

JSBangs 2010-06-08 19:02:25

+1, I agree. If you have control over the referring site, then sending a POST or GET parameter is more reliable than $_SERVER['HTTP_REFERER'].

Steven Oxley 2010-06-08 19:07:47

Really, it's indifferent. If the visitor knows which site he's supposed to come from, he might as well add the special GET or POST parameter. If he knows which site he's supposed to come from, but doesn't know the particular page (and therefore doesn't know which param to add), you could match the `$_SERVER['HTTP_REFERER']` against that specific page and you'd have the same level of ... "security".

Artefacto 2010-06-08 19:11:04

Answer 3

+1 A:

If you don't know if it sounds right, you'll have a hard time implementing it.

What you can do is this:

Check the referer. It's inside the variable $_SERVER['HTTP_REFERER'], but you don't need a mysql_real_escape string around that just to check if the user comes from a particular site. Note that the referer is basically "user-defined", so you can neither rely on it nor trust it.
If they have to fill out a form anyway just add a <input type="hidden" ... Note that this can be faked too.
Add a GET parameter and check it with if( isset($_GET['ref']) ) the form would look like this <form action="http://yoursite/register.php?ref" method="POST">.

svens 2010-06-08 19:07:22

ansaurus

tags:

views:

answers:

How would I go about writing a conditional statement to check if visitor is coming from a particular site?

related questions