如何在 php 中正确使用 $_SERVER['HTTP_REFERER']?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/36240145/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to use $_SERVER['HTTP_REFERER'] correctly in php?
提问by surafel
Lets say i have two pages page1.phpand page2.phpand i want page2.phpto be displayed only if it is redirected form page1.phpand i inserted this code to page2.php
假设我有两页page1.php,page2.php并且我只想page2.php在它是重定向表单时显示page1.php并且我将此代码插入到page2.php
if($_SERVER['HTTP_REFERER'] == "page1.php")
{
//keep displaying page2.php
}else{
//if it is not redirected from page1.php
header('Location:page1.php')
//redirect the user back to page1.php
}
this code worked fine until i have a form and a submit button on page2.phpwhen the submit button is clicked the page refreshes which means the HTTP_REFERERwill change to page2.phpso my if statementfails and it takes me back to page1.phpi don't want that to happen. Is there any way to prevent this from happening?
这段代码工作正常,直到我有一个表单和一个提交按钮,page2.php当点击提交按钮时页面刷新,这意味着HTTP_REFERER将更改为page2.php所以我if statement失败了,它让我回到page1.php我不希望这种情况发生。有什么办法可以防止这种情况发生吗?
Thanks in advance.
提前致谢。
回答by PetrHejda
I wouldn't recommend using HTTP_REFERER:
我不建议使用HTTP_REFERER:
It's fairly simple to manipulable in browser.
Some users might have security settings in their browser to not send this header at all.
It's not accessible over
HTTPS.Some proxies strip this header from the request
Added - See answer to this quesion
在浏览器中操作相当简单。
某些用户可能在其浏览器中设置了安全设置,根本不发送此标头。
它无法通过
HTTPS.一些代理从请求中去除这个标头
添加 - 请参阅此问题的答案
As Charlotte Dunois stated in the comment, better set session value before sending the form and then check it on page2.
正如 Charlotte Dunois 在评论中所说,最好在发送表单之前设置会话值,然后在第 2 页上进行检查。
page1.php:
page1.php:
$_SESSION[ 'display_page2' ] = TRUE;
//rest of the content
page2.php:
page2.php:
if ( (isset( $_SESSION[ 'display_page2' ] ) && $_SESSION[ 'display_page2' ] === TRUE ) || isset( $_POST[ 'some_form_input' ] ) ) {
//keep displaying page2.php
} else {
header('Location:page1.php');
exit;
}
With isset( $_POST[ 'some_form_input' ] ), you can check whether the form has been sent (via POST method).
使用isset( $_POST[ 'some_form_input' ] ),您可以检查表单是否已发送(通过 POST 方法)。
When needed, you can unset the session with unset( $_SESSION[ 'display_page2' ] );or by setting it to different value.
需要时,您可以使用unset( $_SESSION[ 'display_page2' ] );或将其设置为不同的值来取消设置会话。
回答by coban
<?php
if(($_SERVER['HTTP_REFERER'] == "page1.php") || (isset($_POST['submit']) && $_SERVER['HTTP_REFERER']=="page2.php"))
{
//keep displaying page2.php
}else{
//if it is not redirected from page1.php
header('Location:page1.php');
//redirect the user back to page1.php
}
?>
if the referrer is not page 1 you could check the condition if referrer = page2 and post is submitted. or check if the referrer is page1 or post is submitted. this is a possibility to avoid your problem.
如果referrer 不是第1 页,您可以检查条件是否referrer = page2 并且提交了帖子。或检查引用者是否为第 1 页或已提交帖子。这是避免您的问题的一种可能性。
回答by Roshan Bhumbra
I advise against using $_SERVER['HTTP_REFERER']as it can be easily spoofed.
我建议不要使用,$_SERVER['HTTP_REFERER']因为它很容易被欺骗。
Instead , you could set a cookiewhen they load page 1 using setcookie("page1", 1);beforeany markup is output. Then check for it on page 2 using
相反,您可以在输出任何标记之前使用它们加载第 1 页时设置cookie。然后使用第 2 页检查它setcookie("page1", 1);
if(isset($_COOKIE['page1']))
{
//keep displaying page2.php
}else{
//if it is not redirected from page1.php
header('Location:page1.php')
//redirect the user back to page1.php
}
By not specifying the expiry date the cookie will expire when the browser is closed. In this situation, using cookies also makes for much more readable code to others.
通过不指定到期日期,cookie 将在浏览器关闭时到期。在这种情况下,使用 cookie 还可以使代码对其他人更具可读性。
回答by B. Taylor
<?php
/*
this page allows links from the following pages
public.php?id=links
private.php?id=links
don't allow if visitors come from anywhere else
this example would only work if I used the entire URL in the 'if' statement
*/
$referringpage = $_SERVER['HTTP_REFERER'];
if ( $referringpage == "http://www.example.com/public.php?id=links" ) {
$pass = "yes";
} elseif ( $referringpage == "http://www.example.com/private.php?id=links" ) {
$pass = "yes";
} else {
$pass = "no";
}
if ( $pass == "yes" ) {
// do the function this page was made to do
}
header( "Location: http://www.example.com/public.php?id=links" );
?>
