How to prevent SERVER['HTTP_REFERER'] switches to the calling page?

Question

Please help. A link obtained by using $_SERVER['HTTP_REFERER'] in form.php like this:

<?php
$link = 'http://' . getenv('HTTP_HOST') . '/';
if (isset($_SERVER['HTTP_REFERER']) and !empty($_SERVER['HTTP_REFERER'])) {
$link = $_SERVER['HTTP_REFERER'];
$refData = parse_url($link); }
if($refData['host'] !== 'domain.com') {
die("server error"); }
?>

<p>Send this link - <?php echo htmlentities($page_url, ENT_QUOTES); ?></P> 

<input name="link" type="hidden" 
value="<?php echo htmlentities($page_url, ENT_QUOTES); ?>" />
<input type="submit" value="submit" />

When the form is submitted, the referer url switches to form.php. Is it something wrong with this code or Are there any specific ways to prevent the referer url from being switched?

don't use `$_SERVER['HTTP_REFERER']` in such a way it is browser set and completely unreliable (mine is always blank) — , Dec 02 '13 at 18:54
What do you expect? the Referer is the page you came FROM. If you're on page A and click a link that leads to page B, then your referer is page A. Once on B, you click a link to C, then your referer is now B. It's not the page you started out on, it's not the page you were on 20 pages ago. It's exactly page N-1 — Marc B, Dec 02 '13 at 18:57
I actually expect page A when click on a link on page A leading to page B. But when it is obtained and submitted from a form in page B or when page B is reloaded, although I have not gone to other pages at all, it turns to the page B url. How to remain the page A url without changing when page B is loaded or when the form is submitted in page B? — Aldilno Jinjalo, Dec 02 '13 at 19:26

score 0 · Answer 1 · answered Dec 02 '13 at 20:29

0

As the comments already pointed out, it works as it should.

You could use sessions to temporarily store the referrer there when the user comes to your site for the first time.

<?php
session_start();

// ...

if( !isset($_SESSION['referrer']) ){
    $_SESSION['referrer'] =  parse_url($_SERVER['HTTP_REFERER']);
}

// ...

if( $_SESSION['referrer'] !== "domain.com"){
    die("Server Error");
}

answered Dec 02 '13 at 20:29

Max

1,505
14
19

I tried adding session as suggested. But the url still switched to the processing page itself after submitting the form. – Aldilno Jinjalo Dec 03 '13 at 13:03

How to prevent SERVER['HTTP_REFERER'] switches to the calling page?

1 Answers1