Login

03-20-2008, 03:15 PM

[eluser]taewoo[/eluser]
This might be a generic PHP question but since CI is so smart, I figured there might be a way around this..

According to the PHP official documention, $_SERVER['HTTP_REFERER'] is basically useless:

Quote:'HTTP_REFERER'

The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.

Is there an accurate way of getting the referer with CI? Can this done outside of CI somehow (i.e. maybe with Javascript?)

03-20-2008, 03:21 PM

[eluser]Pascal Kriete[/eluser]
I'm afraid the answer is no. As the manual correctly states it's set by the user agent (the browser). The servers have no way of knowing where you've been. HTTP_REFERER is your best bet, just don't rely on it to work consistently.

03-21-2008, 03:29 AM

[eluser]Glen Swinfield[/eluser]
HTTP_REFERER will not work if the user types the address of a page into their browser.

Also you should probably be using HTTP_REFERER to provide convenience to the user - if they alter the return value and break their experience on your site - that's not your fault.

I always create a 'safe' page that users are redirected to sould HTTP_REFERER not be set - or not contain the data expected.

03-21-2008, 10:56 AM

[eluser]taewoo[/eluser]
Thanks Glen and inparo.
The reason for my question is that I have a embeddable widget written that makes a call to my server... which checks to see if the REFERER is an authorized one.

03-21-2008, 11:04 AM

[eluser]Glen Swinfield[/eluser]
In that case it isn't adequate - you can't rely on something that is so easily spoofable. Perhaps you should be posting to the widget and passing secure data in $_POST (a hash or something) to prove it is a genuine form from your server/specific page. It's more complicated than just using REFERER I'm afraid.

03-21-2008, 12:27 PM

[eluser]beemr[/eluser]
You could always use the session class. Just make sure that you set a variable to $this->session->userdata('lasturi') before you reset the value.

Code:
$this->session->set_userdata('lasturi',$this->CI->uri->uri_string());

03-21-2008, 12:46 PM

[eluser]beemr[/eluser]
[quote author="taewoo" date="1206136561"]Thanks Glen and inparo.
The reason for my question is that I have a embeddable widget written that makes a call to my server... which checks to see if the REFERER is an authorized one.[/quote]

Nevermind. Didn't see why you were looking for referrer.

Couldn't your embed object (is it like a Google gadget?) just render javascript to set a hidden field?

Code:
&lt;input type="hidden" name="referrer" value="" /&gt;

document.getElementsByTagName('input')['referrer'].value=document.location.href

03-21-2008, 02:24 PM

[eluser]taewoo[/eluser]
Thanks beemr.
Yes.. just like Google maps. If you embed it into a site that doesn't match the domain you signed up for originally, it won't run.

09-16-2010, 06:25 PM

[eluser]dalehurley[/eluser]
As I only care about the page the user comes from within the site, I Created a lib referrer.php and auto load it.

Code:
&lt;?php if (!defined('BASEPATH')) exit('No direct script access allowed');

class Referrer {

    public $CI;//call the CI

    function Referrer()

    {

        $this->CI =& get_instance();

        $this->CI->session->set_flashdata('referrer', $this->CI->session->flashdata('currentpage'), ''); //store the previous current page as the referrer

        $this->CI->session->set_flashdata('currentpage', current_url()); //store the current page as the current page for next time

    }

    function getReferrer()

    {

        return $this->CI->session->flashdata('referrer');//this returns the last page

    }

}