Here is a function that checks for that:
Code:
function check_referer($referers)
{
// If there are any referrers in the list ...
if (count($referers))
{
$found = false;
// Use the browsers referrer header.
$temp = explode("/",getenv("HTTP_REFERER"));
$referer = $temp[2];
if ($referer=="")
{
$referer = $_SERVER['HTTP_REFERER'];
list($remove,$stuff)=split('//',$referer,2);
list($home,$stuff)=split('/',$stuff,2);
$referer = $home;
}
// Check agains list.
for ($x=0; $x < count($referers); $x++)
{
if (eregi ($referers[$x], $referer))
{
$found = true;
}
}
// Refererer is blank.
if ($referer =="")
$found = false;
if (!$found)
{
// You might alter this to print some sort of error of your own.
echo "<b>You are submitting entry from an <b>unauthorized domain.</b><br><br>";
}
return $found;
}
else
{
return true;
}
}
Can you get the browsers referrer header by having the visitor go to a new PHP script page containing the following code:
Code:
<? echo getenv("HTTP_REFERER"); ?>
And then also get the server's referer by putting this code in a PHP file:
Code:
<? echo $_SERVER['HTTP_REFERER']; ?>
And post both those outputs here?
Thanks,
