I want to put sth like this at the very begining of the file admin.php, so that it cannot be accessed directly by pasting the url on the address bar - it can only be accessed by clicking the link on another page (defined by the variable $referer)



The reason for this line:



is to make navigating possible once I can enter the page with the url http://mysite.com/admin.php. However, it's still impossible because the actual url will be like this: http://mysite.com/admin.php?act=xyz So the referer check will not allow me to navigate in the admin page, I will be redirected to http://mysite.com/somewhereelse/

How can make the referer check allow all the referer beginning with http://mysite.com/admin.php like http://mysite.com/admin.php?act=xyz or http://mysite.com/admin.php?address=whatever... I should use wildcard or sth? How?

Please help me, I need this very much (although I do have a login check in the admin page).

Thanks in advance.

Your best bet would be to use ereg or preg_match in conjunction with a fairly simple regular expression. Just make sure you've got other security measures in place because referring headers are easily blocked/spoofed. Has it occured to you that if your doing this referring check you won't be able to go directly to the page from a bookmark? Just a thought.

Why don't you simply password protect the page?

have to echo Si that using referrer is very unsafe, forms used to use referrers to check they weren't being exploited but people soon got around them with spoofing.

Why dont you use sessions to protect your pages.

In the header field you would need to use http://yoursite.com/yourpage.php?browsersession=blahblahblah

You could then retrieve the browsersession variable from the header and check it with the session_id() variable in PHP