How to prevent SERVER['HTTP_REFERER'] switches to the calling page?

889 views Asked by At

Please help. A link obtained by using $_SERVER['HTTP_REFERER'] in form.php like this:

<?php
$link = 'http://' . getenv('HTTP_HOST') . '/';
if (isset($_SERVER['HTTP_REFERER']) and !empty($_SERVER['HTTP_REFERER'])) {
$link = $_SERVER['HTTP_REFERER'];
$refData = parse_url($link); }
if($refData['host'] !== 'domain.com') {
die("server error"); }
?>

<p>Send this link - <?php echo htmlentities($page_url, ENT_QUOTES); ?></P> 

<input name="link" type="hidden" 
value="<?php echo htmlentities($page_url, ENT_QUOTES); ?>" />
<input type="submit" value="submit" />

When the form is submitted, the referer url switches to form.php. Is it something wrong with this code or Are there any specific ways to prevent the referer url from being switched?

1

There are 1 answers

1
Max On

As the comments already pointed out, it works as it should.

You could use sessions to temporarily store the referrer there when the user comes to your site for the first time.

<?php
session_start();

// ...

if( !isset($_SESSION['referrer']) ){
    $_SESSION['referrer'] =  parse_url($_SERVER['HTTP_REFERER']);
}

// ...

if( $_SESSION['referrer'] !== "domain.com"){
    die("Server Error");
}