views:

52

answers:

4

I need to know the referring server for a page on my site.

Is there any safe method to check where the user "came" to the page FROM?

I tried uploading this to my server, but this wont output anything at all when I write the adress to the file in the browsers adress bar:

    <?php echo $_SERVER['HTTP_REFERER']; ?>

I need to check this in order to display a link on the page or not...

Thanks

+1  A: 

I tried uploading this to my server, but this wont output anything at all when I write the adress to the file in the browsers adress bar:

That's because there's no referrer in that situation - you typed it into the browser address bar.

ceejayoz
+3  A: 

Try using $_SERVER['HTTP_REFERER']. Notice that it is 'HTTP_REFERER', NOT, as one would expect, 'HTTP_REFERRER'

Also, please note the documentation on this variable:

The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.

In addition, ceejayoz is correct in noting that if you go directly to a page and don't follow a link there, most browsers will not set a referrer.

thetaiko
:( You ninja'ed me! >.> <.< +1
pinkgothic
+3  A: 

Two things:

It should be $_SERVER['HTTP_REFERER'] (note first single R). Case of immortalised typo, but that's how it looks. :)

Secondly, an http-referer is only sent if you reach the page by clicking the link. Typing the link into the address bar circumvents it.

But to answer your actual question, there are several people who have their browser set so no referer is ever sent, meaning that there is no reliable way to determine even link-ins, unfortunately. (Not to mention the data can be tampered with, since it's sent by the client.)

pinkgothic
+5  A: 

Is there any safe method to check where the user "came" to the page FROM?

Not really. Like all HTTP headers, this can easily be modified. Additionally, a browser could also choose never to send a referrer.

$_SERVER['HTTP_REFERER']; will work when a browser does send a referrer, but there's no way to validate that it's true.

I tried uploading this to my server, but this wont output anything at all when I write the adress to the file in the browsers adress bar

In this case a browser would not send a referrer because you didn't come FROM anywhere.

Matt