Re: [PHP] can a popup window get the page referer?

Wed, 13 Nov 2002 03:03:32 -0800 

Relying on the referrer is bad mojo anyway, because not all useragents
(browsers) set it... it's not required by "standards".

I have a feeling that if you're needing this, you've got a bad data/design
issue.

Anyway, since you've used javascript (i won't bother to mention the 1000's
of useragents without javascript support!!), i believe javascript can find
out the name (and other things like the URL) of the parent window (the
poppER)... try a javascript newsgroup.


Perhaps a smarter way would be to implement sessions, and keep track of
where there "were" last with a session variable???  Never really looked into
though.


I was also considering another idea the other day....

If you create a random, unique number each time the referring page loads,
like 1985723582354, and store it in a mysql table with a unix timestamp, you
could then pop up the new window (or a new URL in the same window, complete
with the unique code as a get variable):

<a href="page.php?code={$myUniqueNumberThatWillExpireIn20Minutes}">click
here</a>

then page.php looks for that unique code in the table... if it isn't there,
or has expired, then you spit out an error, because it would appear the user
hasn't gone from the referring page to the current page as per your
wishes...

Haven't thought it through though :)


Justin French


on 13/11/02 3:15 PM, Joseph Szobody ([EMAIL PROTECTED]) wrote:

> Folks, I have a popup window that I would like to put a mild security
> constraint on. I don't want others to be able to directly type in the address
> of this page, modify url parameters, etc. I only want this page accessible if
> it was triggered from a link on my own website, then I know I can trust the
> URL parameters, etc. I had thought about parsing the HTTP_REFERER and
> extracting the host, and comparing it with my domain name. This would tell me
> if a valid link was clicked.
> 
> One problem... HTTP_REFERER appears to be empty when it's a new window. For
> some reason I thought the referer would still be detected.
> 
> Am I up a creek? Is there anyway for a popup window to get the page referer
> (in other words, the popup opener)?
> 
> Thanks, Joseph.
> 
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 

Justin French
--------------------
Creative Director
http://Indent.com.au
Web Developent & 
Graphic Design
--------------------


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to