Only Access From Certain Link

[cclloyd9785]

Is it possible to make it so that if they come from any site other than a certain URL, the site won't show up?

[Synook]

Naively, you can check the Referer header using a server-side language, and do something if it doesn't match what you expect. However, it is pretty easy to fake the Referer header (and any request header, in fact), and so there is no foolproof way.

[cclloyd9785]

I just want most of them to be only accessable if you visit it from one certain website (But any page on that website, not just one certain url, but any page on that site).

[Synook]

Yes, you still need to use the referer header. Say I was on the page at http://a.com/b.html, and clicked on a link which pointed to http://c.com/d.html. Then the referer header in the request sent to c.com would usually be "http://a.com/b.html". You could thus pattern match that to check whether "a.com" was part of the URL in the right place.

[cclloyd9785]

You could'nt possible point me to an example/tutorial could you? I've googled and searched and found nothing.

[Synook]

There are several ways, you could do it using PHP and parse_url():

<?php	if (!($url = parse_url($_SERVER['HTTP_REFERER']) && $url["host"] == "certainwebsite.com")) {		die("or redirect, or something");	}?><!-- rest of page here -->

You can also do this using Apache configuration files, though I can't remember how to off the top of my head.

[cclloyd9785]

It seems to be not recognizing the site, either one. I tried adding an elseif statement to fix it not blocking its own site, but that didn't work.

<?php		if (!($url = parse_url($_SERVER['HTTP_REFERER']) && $url["host"] == "pokefarm.org")) {die("notfound.html");}		elseif (!($url = parse_url($_SERVER['HTTP_REFERER']) && $url["host"] == "cclloyd.zxq.net")) {die("notfound.html");}?>

Also how could I have it redirect to the notfound.html? I searched but there was no redirect function.

[Ingolme]

I think it should be something like this:

$url = parse_url($_SERVER['HTTP_REFERER']);if(isset($url['host']) && ($url['host'] != 'pokefarm.org' || $url['host'] != 'cclloyd.zxq.net')) {  header('Location: http://example.com/notfound.html'); // Location headers MUST be a complete URL  exit;}

[cclloyd9785]

When I have it as header, I get an error. When I have it as die, I do not.

[b]Warning[/b]: Cannot modify header information - headers already sent by (output started at /www/zxq.net/c/c/l/cclloyd/htdocs/index.php:8) in[b]/www/zxq.net/c/c/l/cclloyd/htdocs/header.php[/b] on line [b]4

[/b] Line 4:

  header('Location: http://cclloyd.zxq.net/notfound.html');

Also I think we did this in reverse. It blocks it from those two sites when I want it to block all other sites, but I want those two sites to be the only ones that let you in, with all other sites blocked.

[thescientist]

the error is trying to tell you why. you must have some other form of output coming before the header. You cannot have any whitespace, echo's or the like happen before you can use header. if the logic is backwards right now, try and implement the opposite.

[Ingolme]

The thing is that die() doesn't redirect.If you write die("file.html") it's just going to print "file.html" and stop execution.

[cclloyd9785]

Yea I know, and I would be willing to just put a message instead of my 404 page. I would still rather have it though. So is there any particular reason I'm getting that PHP error? And how would I reverse it to make those two sites the only ones allowed?

[Synook]

You get that error because, as thescientist says, you have output (e.g. spaces, HTML) before your PHP code (specifically, the <?php bit). And you just need to negate the statement to get your desired result.