tags:

views:

48

answers:

4
Q: 

Identify whether user manually loaded url on browser or generates URL by server in php

Hi

Thanks for your time.

I am developing application using PHP. In this for some instace I have added logic such that, for certain area matches then redirect to particular url.

if(//statement) {
   redirect to specific URL(e.g. http://www.example.com/testing.php )
}

Above is my basic logic. Here I want to Identify that whether user mannually loaded this URL http://www.example.com/testing.php on browser or it is redirected from webserver and then loaded.

How do I achieve this.

Your suggestions are welcome!!!.

-Pravin.

+1  A: 

You can check the value of $_SERVER['HTTP_REFERER'] (Documentation here)

But that won't give you a 100% guarantee, because some browsers don't send the referrer.

Another way would be setting some kind of "referred from" value in the $_SESSION, before redirecting the user.

DR  2010-10-19 09:19:17
A: 

You can add a special GET param to the redirect URL:

http://www.example.com/testing.php?redirect=1

if $_GET['redirect'] exists then its coming from the redirect otherwise its not. However this can be faked.

You can also set a session variable on the page which redirects $_SESSION['redirect'] = 1 and then check in your testing.php if that session var exists, also dont forget to unset that session var on testing.php.

Sabeen Malik  2010-10-19 09:20:14
+1  A: 

This could be done by checking the referrer ($_SERVER['HTTP_REFERER']), but unfortunately it's not really reliable as you can't ensure, that each browser is sending the referrer.

So maybe it's better to add an additional parameter to your redirection, you could then check on testing.php for existence of that parameter.

To prevent people setting this parameter manually (or accidently by copy/paste) you could check for a variable value of that parameter, e.g. a timestamp.

It's also possible to set a session variable but this means a session cookie is set (which some customers don't like).

edit: as some people actually do disable cookies by default the session is not the best place to set this.

acme  2010-10-19 09:22:27
In this day and age pretty much every website in existence uses cookies and sessions. Some people might have them turned off, but I've never run into any clients who disliked cookies. It does mean that you'll need to gracefully handle the situation where you can't set a cookie.
Travis Leleu  2010-10-19 15:10:34
That's basically true, but as some people *do* disable cookies, it's not a save method to check against.
acme  2010-10-20 10:17:16
+3  A: 

HTTP as a protocol does not include the facility to differentiate how a URL was accessed or what exactly the user did in the browser. A URL request is a URL request, it shouldn't matter whether the user clicked a link, refreshed the page or typed in the URL.

There are indicators that may or may not signal certain behavior (e.g. the Referer header), but they're not reliable, they're not meant for this purpose and they may introduce weird behavior in edge cases if you rely on them.

Please be aware of this whenever you try to implement something like this.
Better, you should architect your application to not rely on RESTless behavior like this.

deceze  2010-10-19 09:46:17
I second this. However, in the interest of providing a solution as well as the advice to not implement it, I'd recommend you use a secret hash with a session value. When you generate the URL, generate a hash. Store that hash in the session array. When the URL is loaded, if it doesn't have the hash it's not likely the one you generated.
Travis Leleu  2010-10-19 15:08:57

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases