PHP HTTP_REFERRER-如何检测最后一页？

Question

I need to detect where the user has just clicked from - as my AJAX content needs to be displayed differently depending on the source page it is to be inserted into.

If it's to go into about.php it needs to be data only, but if it's to go into about-main.php it needs to be the whole middle column so needs a header/footer wrapper around the data.

The html called via AJAX is held in a php page which uses this code to see who's asking, and then formats the HTML response appropriately.

$array[] = "/cf/about.php";
$array[] = "/cf/about/about-main.php";
$array[] = "/cf/about/other-page.php";


$ispage = "";
foreach ($array as $value) {
    if ($_SERVER['HTTP_REFERER'] != $value) {
        $ispage = "";
    } else {
        $ispage = "woot";
    }
}
if ($ispage == "woot") {
        echo $content;
    } else {
        include_once 'about-header.php';
        echo $content;  
        include_once 'about-footer.php';
}

The problem is... HTTP_REFERER seems to be a bit hit and miss. It works just fine while I'm at work on the network, but I've tried it out on my computer at home and it's obviously completely failing to work - the results are horrible :o

Is there another way of achieving this? I guess session variables could be used but then I've not got much experience of that!

Any and all hints/tips are appreciated ;) Thanks!

edit:

The page is actually a staff profile page. Its normal location is about.php and the 2nd column div displays a grid of thumbnails which when clicked, load the profile in that place via AJAX. All nice and simple - back button reloads the grid of photos.

The problem is, each staff member also needs a static page. I've created these at about/staff-name.php. The content is THE SAME though. I want the server to detect if someone has come to the about/staff-name.php directly and if so, wrap a header/footer around it.

If the request has come from the grid of photos (ie AJAX) then it doesn't need the header/footer wrapper.

Is that clear? :o

1) If AJAX request - no wrapper 2) If not AJAX request - add header/footer wrapper

Answer 1

Wouldn't it be easier to just pass a flag in your AJAX call to tell the script which type of content to display?

Edit:

So about/staff-name.php displays the content. Call it via AJAX as about/staff-name.php?FromAjax=1

Then in the about/staff-name.php file:

if (isset($_REQUEST['FromAjax']) ) {
    echo $content;
} else {
    include_once 'about-header.php';
    echo $content;  
    include_once 'about-footer.php';
}

Answer 2

No matter what, the Referer is not an information you should base your whole website upon : it is sent by the client, which means (at least) :

• the client does not necessarily have to send it
  • it can be disabled in the browser
  • some firewall / antivirus remove it
• it can be forged / altered (an easy way with firefox is to use an extension to do that)

You definitly must find a better/saffer/more reliable way to do what you need.

One solution (which you already discarded) would be to pass an additionnal information in all your links, saying which page the request comes from. In my opinion, this would probably be the best thing to do...

Maybe a simpler way would be to add a parameter to your Ajax request, saying where it comes from ? ie, instead of relying on the Referer in the PHP script, just have a look at a parameter in the request, which would act as some "kind of referer", but put by you ?

It will not be more secure (users could still forge request, with that parameter) , but, at least, it would not be disabled / modified (except if the user does it by hand)

---

In the end, you also say this :

1) If AJAX request - no wrapper
2) If not AJAX request - add header/footer wrapper

Well, if it's only a matter of determining if the PHP script was called through an Ajax request, here too, two solutions :

• Add a parameter to the Request when it's done through Ajax (you only add this parameter in the JS script doing the request ; and when the parameter is here, PHP knows it's an Ajax request)
• Or, in the PHP script, look for an X-Requested-With HTTP header, which is often here with the value XMLHttpRequest when a request is made through an Ajax call. (But you should check that it's set with your JS Framework / or maybe it depends on the browser -- not sure about that :-( )

Answer 3

Why don't you just create the static pages on the server without using ajax at all, including the header and footer and the profile bit? If the page is static you shouldn't have any need to load content using javascript.

If you do need to load it using javascript, then Vex's solution is good. You could pass some optional parameters in the ajax call which control how the page is rendered - that way, the included page doesn't need to know about the pages that use it, it just needs to understand the parameters that tell it how to render itself. You can then reuse it more easily in future.

I did notice an error in your code however - this probably won't work as expected:

$ispage = "";
foreach ($array as $value) {
    if ($_SERVER['HTTP_REFERER'] != $value) {
        $ispage = "";
    } else {
        $ispage = "woot";
    }
}

If a page name is matched, but then the next one isn't, $ispage will be set back to ''. You'd probably better off doing something like:

$ispage = "";
foreach ($array as $value) {
    if ($_SERVER['HTTP_REFERER'] == $value) {
        $ispage = "woot";
        break;
    }
}

or

$ispage = '';
if (in_array($_SERVER['HTTP_REFERER'], $array)) {
    $ispage = 'woot';
}

Answer 4

Tai kucing -

If you format your links like this:

<a href="http://www.this-is-a-link.html?setvariablehere=yes">link</a>

Then the php just needs to be this:

if (isset($_REQUEST['setvariablehere']) ) {
    do something for when variable IS set
} else {
    do something for when variable IS NOT set
}