Header HTTP_REFERER not working 1

[work4free]

I have a header to check where the individual is coming from before they proceed.

<?php
if($_SERVER['HTTP_REFERER'] != "[URL unfurl="true"]http://www.mysite.com/Question_1.php"[/URL] && $_SERVER['HTTP_REFERER'] != "[URL unfurl="true"]http://www.mysite.com/Question_2_correct.html"){[/URL]
  header("Location: [URL unfurl="true"]http://www.mysite.com/404.html");[/URL]
}
?>

the page

http://www.mysite.com/Question_2_correct.html

has a *.wmv embedded. for some reason, when this page connects the user to my page with the header, the header says it is not coming from

http://www.mysite.com/Question_2_correct.html

and redirects the user to the 404.html page.

however if the user comes from Question_1.php, it loads exactly as it is supposed to.

is there a problem with pages including a *.wmv file not sending a header properly?

we also have some javascript code to test when the video is done, could that throw off the header? here's the javascript:

function teststatus()
{
		if (0 == MediaPlayer1.playState)
				move();
		
		timer = setTimeout ('teststatus()', 3000);
}

function move()  {
		window.location = 'Question_2.php'
		
}

 

[Bastien]

I think the code needs an 'OR' operation. You are asking it 'if http-referer is not from page1 and not from page2

<?php
if(($_SERVER['HTTP_REFERER'] != "[URL unfurl="true"]http://www.mysite.com/Question_1.php")[/URL] || ($_SERVER['HTTP_REFERER'] != "[URL unfurl="true"]http://www.mysite.com/Question_2_correct.html")){[/URL]
  header("Location: [URL unfurl="true"]http://www.mysite.com/404.html");[/URL]
}
?>

Bastien

Cat, the other other white meat

 

[work4free]

when i had an "OR" statement, no matter which page i came from it did not work. when i changed it to an "AND", it worked.

 

[sleipnir214]

With those not-equals in there, "&&" is the appropriate operator. Although I would probably have phrased the condition as:

[tt][ignore]
if($_SERVER['HTTP_REFERER'] == "

http://www.mysite.com/Question_1.php"

|| $_SERVER['HTTP_REFERER'] == "

http://www.mysite.com/Question_2_correct.html")

{
//do something
}
else
{
header("Location:

http://www.mysite.com/404.html");

}[/ignore][/tt]


"*.wmv file embedded" ?


Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[work4free]

here is what i've come up with based on sleipnir214's suggestion:

<?
if ($HTTP_POST_VARS['Submit'])
{
	if ($HTTP_POST_VARS['Q2'] == "B") {
	header ("Location:Question_3.php");
	}else{
  	header("Location:Question_2_correct.php");
   }
}
?>
<?php
if($HTTP_SERVER_VARS['HTTP_REFERER'] == "[URL unfurl="true"]http://www.mysite.com/Question_1.php"[/URL] || $HTTP_SERVER_VARS['HTTP_REFERER'] == "[URL unfurl="true"]http://www.mysite.com/Question_2.php"[/URL] || $HTTP_SERVER_VARS['HTTP_REFERER'] == "[URL unfurl="true"]http://www.mysite.com/Question_2_correct.php"){[/URL]
?>

<html>
<head>
<title>None</title>
</head>
<body>
html code here
</body>
</html>
<?php
}else{
  header("Location: [URL unfurl="true"]http://www.mysite.com/404.html");[/URL]
  }
?>

the only url that can access this page is the first in the conditional statement -

http://www.mysite.com/Question_1.php.

the two other pages, and any other pages for that matter, cannot access this page. is my code above correct, or am i missing something?

 

[cLFlaVA]

If only Question_1.php should have the ability to access this page, then why do you have the other two pages listed in the OR statement? Your If Statement should be:

if ($HTTP_SERVER_VARS['HTTP_REFERER'] == "[URL unfurl="true"]http://www.mysite.com/Question_1.php")[/URL] {
    //html code
} else {
    header("Location: [URL unfurl="true"]http://www.mysite.com/404.html");[/URL]
}

*cLFlaVA
----------------------------
A polar bear walks into a bar and says, "Can I have a ... beer?"
The bartender asks, "What's with the big pause?

 

[work4free]

sorry, what i was trying to say was, i want the other two pages to be able to access the page as well (all three in the conditional statement should have access and not be redirected), however, only the first one works. the other two pages send me to the 404.html page.

 

[sleipnir214]

The only thing I can suggest is to verify that $_SERVER['HTTP_REFERER'] contains what you expect.

Remember, $_SERVER['HTTP_REFERER'] is a funny thing. It will only have a value if the user's browser reports that value -- and some browsers (for example, Opera) allow the user to turn off referer logging.

Also, $_SERVER['HTTP_REFERER'] can only have a value if the user was sent to a page from another page. But not every action which moves a user to a page will be reported. For example, if your code makes use of the "Location" header to move the user to a URL, nothing will be reported in $_SERVER['HTTP_REFERER']. Likewise with the <META http-equiv="Refresh"...> tag.


Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[cLFlaVA]

Sleip -

You're very wise. You get my star. What does TANSTAAFL mean?

*cLFlaVA
----------------------------
A polar bear walks into a bar and says, "Can I have a ... beer?"
The bartender asks, "What's with the big pause?

 

[sleipnir214]

There Ain't No Such Thing As A Free Lunch

It's the eventual motto of the Free Lunar Republic in The Moon is a Harsh Mistress, by Robert Heinlein


Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[work4free]

hhmmmm....this is interesting. i didn't realize all the intricacies of $_SERVER['HTTP_REFERER']. here may be one of my problems...one page has some javascript code (see the very first post in this thread). so based on what sleipnir214 says, this does not pass a value, correct? maybe that is why the Question_2_correct.php page cannot access the page.

 

[cLFlaVA]

According to Sleip's prophecies, yes, your javascript move() function will direct the browser to another page, and therefore not set any $_SERVER referer values.

*cLFlaVA
----------------------------
A polar bear walks into a bar and says, "Can I have a ... beer?"
The bartender asks, "What's with the big pause?

 

[work4free]

is there a way to check to see if the referring page is Question_2_correct.php, despite the fact that it is redirected via javascript? based on what sleipnir214 stated, i have narrowed it down and actually the pages with the javascript are the only pages giving me problems.

any thoughts? thanks for your help.

 

[cLFlaVA]

One possible way is to check for $_GET variables, which you could pass through the window.location call.

function move()  {
    window.location = 'Question_2.php?key=val'
}

And then, rather than test for HTTP_REFERER, you could test for if $_GET['key'] == 'val'.

Keep in mind, however, that a user could potentially jerry-rig the whole process by just typing

http://www.mysite.com/Question_2.php?key=val

into their browser.

*cLFlaVA
----------------------------
A polar bear walks into a bar and says, "Can I have a ... beer?"
The bartender asks, "What's with the big pause?

 

[sleipnir214]

I didn't test JavaScript, but I suspected that would be the case. It seems that browsers will only report the referer when a user input triggers the move to a new page.


I would set a session variable or cookie which holds the script's name. Each script, if need be, can check the value of that session or cookie before setting it to the name of the current script.


Want the best answers? Ask the best questions!

TANSTAAFL!!