Posted by Ron Croonenberg on 05/09/06 03:50

Neah not trying to do anything fancy like that

Just wanted to see (a bit) where users were coming from


thanks...



Gordon Burditt wrote:
>>Is it possible, with php, to figure out what the "calling url" is ?
>>
>>Let's say I have a track.html (with some php code) and if someone
>>clicks on a link to track.html I want to see the url where that visitor
>>came from.
>>
>>can that be done ?
>
>
> $_SERVER['HTTP_REFERER'] can be used BUT it's sent by the browser
> so it can easily be faked or deleted. This is one of the most
> mucked-with variables on the web, even more than cookies. Many
> Windows firewalls delete it and their owners couldn't re-enable it
> to save their lives (even though that setting is usually in there
> somewhere). CURL provides a way to send a fake one. And, of course,
> a fake one can be sent by manually typing HTTP headers into telnet.
>
> If you're trying to use it to get an idea where visitors come from,
> it might work well enough for your purposes. If you're trying to
> prevent references to images on your site from other sites, it's
> easy to defeat and it will break your site for legitimate users.
> If you think it's a way to detect bots, it's doomed to failure. If
> you think it's a way to secure your site with Javascript input
> parameter checking only on YOUR form and you can prevent people
> from copying your form and altering it, your security is hopelessly
> broken.
> Gordon L. Burditt

[Back to original message]