[PHP] Page Referer question
Hello all. I am looking to create script will detect the page from which the user just came so that after they do something on the current page (login) it will send them back to the page they wanted. I was thinking about $_SERVER['HTTP_REFERER'], but php.net says: 'HTTP_REFERER' The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted. Is this a big problem? Is there another technique I could use? Thank you all! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Page Referer question
On Thu, 12 Aug 2004 14:34:11 -0600, Jed R. Brubaker [EMAIL PROTECTED] wrote: Hello all. I am looking to create script will detect the page from which the user just came so that after they do something on the current page (login) it will send them back to the page they wanted. I was thinking about $_SERVER['HTTP_REFERER'], but php.net says: 'HTTP_REFERER' The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted. Is this a big problem? Is there another technique I could use? It can be. Some firewalls (and some paranoid people) stop HTTP_REFERER altogether. Also, what would you do if the user failed their login? HTTP_REFERER would be set to the login page. What I've done in this situation is, when the person isn't logged in, before I redirect them to the login page, I store the current URL. (You can use cookies or a session). Once the login is done, redirect them back to the stored URL. -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Page Referer question
On Thu, 2004-08-12 at 13:34, Jed R. Brubaker wrote: Hello all. I am looking to create script will detect the page from which the user just came so that after they do something on the current page (login) it will send them back to the page they wanted. I was thinking about $_SERVER['HTTP_REFERER'], but php.net says: 'HTTP_REFERER' The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted. Is this a big problem? Is there another technique I could use? Thank you all! If a user takes the time to modify this, should it be a concern? If I don't want you to know where I came from and made sure you didn't know, what else can you possibly do aside from snoop? ;-) I'd bet that 99.99% of the people who surf the net do not modify this so the exception is very minimal. -Robby -- /*** * Robby Russell | Owner.Developer.Geek * PLANET ARGON | www.planetargon.com * Portland, OR | [EMAIL PROTECTED] * 503.351.4730 | blog.planetargon.com * PHP/PostgreSQL Hosting Development / signature.asc Description: This is a digitally signed message part
Re: [PHP] Page Referer question
Jed R. Brubaker wrote: Hello all. I am looking to create script will detect the page from which the user just came so that after they do something on the current page (login) it will send them back to the page they wanted. I was thinking about $_SERVER['HTTP_REFERER'], but php.net says: 'HTTP_REFERER' The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted. Is this a big problem? Is there another technique I could use? I would not rely upon REFERER. You have a common function that you use to check for a valid login, right? Within that method/function, save the current request into the session before you redirect to the login page. Upon a successful login, check for a saved page in the session and if it's there, redirect to that page instead of the normal one. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Page Referer question
On Thu, 12 Aug 2004 13:43:04 -0700, Robby Russell [EMAIL PROTECTED] wrote: On Thu, 2004-08-12 at 13:34, Jed R. Brubaker wrote: Hello all. I am looking to create script will detect the page from which the user just came so that after they do something on the current page (login) it will send them back to the page they wanted. I was thinking about $_SERVER['HTTP_REFERER'], but php.net says: 'HTTP_REFERER' The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted. Is this a big problem? Is there another technique I could use? Thank you all! If a user takes the time to modify this, should it be a concern? If I don't want you to know where I came from and made sure you didn't know, what else can you possibly do aside from snoop? ;-) I'd bet that 99.99% of the people who surf the net do not modify this so the exception is very minimal. Except for those with a firewall that blocks this -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Page Referer question
On Thu, 2004-08-12 at 13:55, Justin Patrin wrote: On Thu, 12 Aug 2004 13:43:04 -0700, Robby Russell [EMAIL PROTECTED] wrote: On Thu, 2004-08-12 at 13:34, Jed R. Brubaker wrote: Hello all. I am looking to create script will detect the page from which the user just came so that after they do something on the current page (login) it will send them back to the page they wanted. I was thinking about $_SERVER['HTTP_REFERER'], but php.net says: 'HTTP_REFERER' The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted. Is this a big problem? Is there another technique I could use? Thank you all! If a user takes the time to modify this, should it be a concern? If I don't want you to know where I came from and made sure you didn't know, what else can you possibly do aside from snoop? ;-) I'd bet that 99.99% of the people who surf the net do not modify this so the exception is very minimal. Except for those with a firewall that blocks this Ok, so maybe 97.99% ;-p -- /*** * Robby Russell | Owner.Developer.Geek * PLANET ARGON | www.planetargon.com * Portland, OR | [EMAIL PROTECTED] * 503.351.4730 | blog.planetargon.com * PHP/PostgreSQL Hosting Development / signature.asc Description: This is a digitally signed message part
Re: [PHP] Page Referer question
* Thus wrote Justin Patrin: On Thu, 12 Aug 2004 13:43:04 -0700, Robby Russell [EMAIL PROTECTED] wrote: On Thu, 2004-08-12 at 13:34, Jed R. Brubaker wrote: Hello all. I am looking to create script will detect the page from which the user just came so that after they do something on the current page (login) it will send them back to the page they wanted. I was thinking about $_SERVER['HTTP_REFERER'], but php.net says: 'HTTP_REFERER' The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted. Is this a big problem? Is there another technique I could use? Thank you all! If a user takes the time to modify this, should it be a concern? If I don't want you to know where I came from and made sure you didn't know, what else can you possibly do aside from snoop? ;-) I'd bet that 99.99% of the people who surf the net do not modify this so the exception is very minimal. Except for those with a firewall that blocks this You know.. I still wonder on earth why on hell a firewall has this duty. Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
