Redirect based on referrer 1

[pgaec]

Hi,
I have a site, say

http://www.xyz.com.

I display disclaimer in the index page. When my users agree to the disclaimer, the link takes them to

http://www.xyz.com/gallery

Now gallery is a 4images installation - the good thing about 4images software is that they have a header template which is displayed on all their pages [ie.,

http://www.xyz.com/gallery/index.php,

http://www.xyz.com/gallery/details.php

etc]
Now what I want to do is, I dont want my users to goto these[index.php,details.php etc] pages without accepting the disclaimer. I know that I need to check the referrer
and see that its starts with "

http://www.xyz.com".

If not, it should redirect them to

http://www.xyz.com.

Sounds simple, but I dont know how to do this in php [jsp is god ]
Can someone help me with this?

 

[sleipnir214]

Look in $_SERVER['HTTP_REFERER'] to see from where the user came. If the browser reports that information -- a lot of browsers now give users the option of turning that off.


You might also consider setting a cookie on the browser when a user agrees to your disclaimer.


Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[Olavxxx]

I would use session, then simply check if the session is set, at the very top of the index.php and the other page.

remember to call session start on the top of each of the pages which you want affected!

you can then simply use isset() on the session variable!

ps. I would also use the SID here, as this session data is non-vital, and the SID is needed, if the user does not accept the session cookie.. (firewall, or something else might be blocking the cookie).

eg:
<a href="index.php?<?=SID?>" title="Accept agreement">Accept agreement</a>

Olav Alexander Mjelde

http://www.volvo-power.net

Admin & Webmaster

 

[DRJ478]

DaButcher's suggestion for a session variable is good.
However, I see nothing wrong in requiring users to accept a cookie that is session based. Your disclaimer can state that cookies are required. Modern browsers allow a per session dialog to accept a cookie - for those who are weary of accepting cookies without notice.

 

[pgaec]

I like DaButcher's suggestion. But, as I said I am completely new to php [i program in jsp/asp mainly]. It would be helpful if you can give me 1 or 2 lines of code on how to do this

 

[DRJ478]

Your disclaimer page is a form that posts to itself. Check if people pressed the 'Accept' button

<?php
# on the top
session_start();
if ($_POST['accept'] == "Accept"){
   $_SESSION['access'] = 'true';
   header("Location: /gallery/index.php");
   exit;
}
?>

This will set a session variable which can be checked against in /gallery/index.php:

<?
# top of gallery/index.php
session_start();
if (!isset($_SESSION['access'])){
   # boot'em
   header("Location: /no-access.html");
   exit;
}
# etc.

Da Butcher wood usually point out to include the 302 HTTP header, however, you certainly don't care if Google et al. crawl your site - the bots shouldn't be able to get there.

 

[pgaec]

Hey, Thanks a lot. Unfortunately, I display google ads on my site [gallery/index.php]. If I apply this code to gallery/index.php, will it block the google spider? How to get around this?

 

[DRJ478]

You can inspect the user-agent of the HTTP request and let the googlebot pass as authenticated. How "kosher" that is, and if it violates google's ad policy: don't know.

 

[Olavxxx]

I wonder if google can crawl "hidden" links, eg. if you make a hyperlink:

<a href="index.php?action=google"><img src="empty.gif" width="0" height="0" alt="gallery index" /></a>

or maybe this one:
<a href="index.php?action=google" title="google-cheat index">&nbsp;</a>

then you put some code in the index, that checks the variable $action, if it is == "google", set the variable that is needed for browsing the gallery.


And to drj: it is 301 that is permanently removed, not 302.
302 is temp. moved, which is no good for google.
I however see the point, that google will not submit forms, and therefore it is not needed.

in this case, one could also use meta-refresh, but I would stick to header though.

Good luck!

Olav Alexander Mjelde

http://www.volvo-power.net

Admin & Webmaster

 

[DRJ478]

DaButcher
301, I was one off, sorry.

However, one thing that we know about the Google policies is that any kind of hidden content (which includes links) will be penalized. For consistency we should not just mention to people to use the 301 header when forwarding pages to avoid penalization, but also to stick with the rest of the policies, such as that hidden content, links etc. are a "nono" and will certainly be penalized.

 

[Olavxxx]

Ok, but then he can simply not base this script on a form, but rather have a hyperlink?

eg. He can have a <div> with overflow set to auto, and inside the tag, he has his TOS, where he has the "accept TOS" at the bottom?

then it links to "accept_tos.php", which then fills the session and uses header redirection, with 301 - moved permanently.

Olav Alexander Mjelde

http://www.volvo-power.net

Admin & Webmaster

 

[DRJ478]

The script can be based upon a form.
The access module of the disclaimer-dependent-view pages however would authenticate the googlebot from the user-agent string and set the access session variable. Of course, anyone spoofing to be the googlebot could get in.
All he wants to protect is the leeching of the content by direct request.

 

[Olavxxx]

I have heard there is also a googlebot that identifies it self as something else, to check if the page is "cheating for google". eg. displaying other content for google, than for an ano. user-

Olav Alexander Mjelde

http://www.volvo-power.net

Admin & Webmaster