I am racking my brain as to why this isn’t working.
What I would like to achieve, is to restrict access to a page on my own Website, only if coming from a certain website, Facebook for instance.
Since a link will be posted on 1 or more Facebook pages and/or my personal profile, would like the script to execute if coming from Facebook and/or any other “PAGES” it’s posted on.
For instance, if I post my link on http://www.facebook.com/This_is_my_PAGE or is posted on my personal profile http://www.facebook.com/freds_personal_profile or someone shares my link on Facebook, would like the page accessible only to those coming from the Facebook domain.
I found the script below while searching for a solution, but it’s echoing my error message, instead of redirecting to the link in question.
$target_site = 'https://www.facebook.com/';
if (isset($_SERVER['HTTP_REFERER']) && preg_match("/$target_site/",$_SERVER['HTTP_REFERER'])) {
// do something with people from facebook.com
}
else {
// do something else with everyone else
echo "Sorry, viewable to Facebook fans only.";
}
First of all, your code is flawed because:
facebook.comrather thanwww.facebook.com?http://example.com/evilpage.php?https://www.facebook.com/?The main reason it doesn’t work is because your regex is completely invalid. Instead, it should be along the lines of:
(documentation on
preg_quote())Aside from all of this, there is no security in checking the referrer. It can be changed, it can e blocked altogether. It should not be relied on.