On my site, forms are brought in via AJAX and checked against a sessionid. I know this is not optimal, but it’s working for us. If the referrer doesn’t have the session ID they are redirected back to “anotherpage”. I need to allow some outside URL’s access the form directly.
we set the sessionid on the page with the link to the form.

Here is what we have now on the form page:

<?php
$code = $_GET['sessionid'];
if(strcmp( $code , 'XXXXX'  ) != 0) {
    header("Location: http://www.domain.com/anotherpage.php");
} 
?>

I need to allow some outside domains direct access to the form page and am having issues with this:
(I’m putting it above the head tag on the form page)

<?php
    $code = $_GET['sessionid'];
    $referrer = $_SERVER['HTTP_REFERER'];

    if(strcmp( $code , 'XXXXX' ) !=0) {
        header("Location: http://www.domain.com/anotherpage.php");
    } else {
        if (preg_match("/site1.com/",$referrer)) {
            header('Location: http://www.domain.com/desiredpage.php');
        }
    }
?>

this still bounces me back to “anotherpage.php” any ideas?

********EDIT*******
thx for the help, it works ad I requested. Now I see what I asked wasn’t entirely correct. This appends the URL with =sessionid?=XXXXX. This isn’t an issue on my site because I’m loading the content with .jquery .load so the URL doesn’t change. I don’t want the sessionid to be visible, and now it is. Can I either a) “trim” the url somehow or b) separate the two functions so they are exclusive?