Posted by ZeldorBlat on 11/18/05 05:26

>I am trying to figure out how to use the referer variable to check what
>domain the orignal request is coming from and if it's not from the domain
>where I placed the link then to deny the user access.
>I know this is not bulletproof security but it will make things a little
>more difficult for the user.

The only way it makes it more difficult for the user is that they have
to copy/paste the link into the address bar and hit enter -- which
typically doesn't (I think the spec even says it shouldn't) set the
referer in the request.

If you really wanted to do it, you could try this:

$validDomains = array('www.foo.com', 'www.bar.com', 'www.baz.com');
$isOk = false;
foreach($validDomains as $domain) {
if(stripos($_SERVER['HTTP_REFERER'], $domain)) {
$isOk = true;
break;
}
}
if(!$isOk) {
//redirect to somewhere else
}

That's untested and certainly not bulletproof.

[Back to original message]