It is sometimes a good idea to find out where users can come from. When PHP is run the $_SERVER superglobal is always available and if the user has clicked on a link and landed on your page then the HTTP_REFERER value will be set. You can retrieve it like this.
if ( isset($_SERVER[ HTTP_REFERER ]) ) {
echo $_SERVER['HTTP_REFERER'];
}
Of course you might want to do something useful with this. For example, you might want to know what link a user clicked on when they broke your application.
Including files in any PHP program is a very common practice and is nothing out of the ordinary. However, problems can occur when a user navigates to a script file that has a function, but is meant to be included as part of the larger program. For example, if your system includes a file to delete something then if that file is run by itself then there is a chance that it will delete everything.
Of course there are other factors like database access, global variables and sessions that would cause any script to simply error and not cause a problem. However, it is good practice to make sure that any include file is only run when it is included, and not when it is run on it’s own.
The following little snipped of code can be placed at the top of any include files to make sure that it can’t be run outside of an include. The file in this example would be called "test.php".
if(preg_match("/test\.php/", $_SERVER['PHP_SELF'])){
exit;
}
If the current filename (found with $_SERVER[$#39;PHP_SELF$#39;]) is not test.php then the script simply exits. If the file is included then this $_SERVER will be the name of the file that includes this file.
Another step can be added to make sure that a file is only included by the correct file. The following snipped of code will cause a script to exit if the $_SERVER[$#39;PHP_SELF$#39;] variable is not search.php.
if(!preg_match("/search\.php/", $_SERVER['PHP_SELF'])){
exit;
}
The $_SERVER superglobal array contains lots of information about the current page location. You can print this off in full using the following line of code.
echo '<pre>'.print_r($_SERVER,true).'</pre>';
Although this array doesn’t have the full URI we can piece together the current URI using bits of the $_SERVER array. The following function does this and returns a full URI.
function currentUri(){
$uri = 'http';
if(isset($_SERVER['HTTPS'])){
if($_SERVER['HTTPS'] == 'on'){
$uri .= 's';
};
};
$uri .= '://';
if($_SERVER['SERVER_PORT'] != '80'){
$uri .= $_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].$_SERVER['REQUEST_URI'];
}else{
$uri .= $_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
};
return $uri;
}
You can use this function like this:
echo currentUri();
Recent Comments