Section 5.11. Using Array and Array


5.11. Using $_ENV and $_SERVER

Before you get control in your script, PHP sets several variables for you containing information about the server, the environment, and your visitor's request. These are stored in the superglobal arrays $_ENV and $_SERVER, but their availability depends on whether the script is being run through a web server or on the command line.

The most commonly used $_SERVER variables are shown in Table 5-3. Note: of these, only PHP_SELF is available on the command line.

Table 5-3. Useful preset variables in the $_SERVER superglobal

Name

Value

HTTP_REFERER

If the user clicked a link to get the current page, this will contain the URL of the previous page, or it will be empty if the user entered the URL directly.

HTTP_USER_AGENT

The name reported by the visitor's web browser.

PATH_INFO

Any data passed in the URL after the script name.

PHP_SELF

The name of the current script.

REQUEST_METHOD

Either GET or POST.

QUERY_STRING

Includes everything after the question mark in a GET request. Not available on the command line.


You need to use HTTP_REFERER and not HTTP_REFERRER. This is one of the few misspellings ever to make it into a web standard, but it's now in widespread use and too late to change.


Of those, HTTP_REFERER and HTTP_USER_AGENT are the most important, as you can use these two to find out a lot about your visitor and then take the appropriate action. For example:

     <?php             if (isset($_SERVER['HTTP_REFERER'])) {                     print "The page you were on previously was {$_SERVER['HTTP_     REFERER']}<br />";             } else {                     print "You didn't click any links to get here<br />";             }     ?>     <a href="refer.php">Click me!</a>

If you load that page in your browser by typing the URL in by hand, the "You didn't click any links to get here" text is shown because HTTP_REFERER has not been set. However, if once the page is loaded you follow the "Click me!" link, the page will reload itself; this time, HTTP_REFERER will be set and the other message should appear. Although it can be easily spoofed, HTTP_REFERER is generally a good way to make sure a visitor came from a certain pagewhether you want to use that to say, "You can't download my files because you came from another site" or "Welcome, Google users!" is up to you.

The PATH_INFO element in $_SERVER is particularly interesting, because it allows you to grab directory information specified after the script. Consider this script:

     if (isset($_SERVER['PATH_INFO'])) {             print "The page you requested was {$_SERVER['PATH_INFO']}<br />";     } else {             print "You didn't request a page<br />";     }

Save that code as pathinfo.php, then load it in your web browser. You will see You didn't request a page. Edit the URL, adding a filename onto the end of pathinfo.php. For example: www.yoursite.com/pathinfo.php/path/to/some/file.txt. Now when you load the page, you should see that extra path information printed out. This is commonly used in online filesystems, as it means that the URL required to get to a file is just the name of the script followed by the filename wanted.

The referrer value is set by the web browser, which means it can be faked. One common example of this is to edit the "hosts" file of the computer (/etc/hosts in Unix; c:\windows\system32\drivers\etc\ hosts in Windows) so that the current computer is used as www.example.com. Then, J. Evil Hacker loads a simple page on his computer with a link to your "secure" script, and his browser will report that he came from example.com. As a result, you should never rely on HTTP_REFERER to be set, valid, or truthful, but it is a good start.


The $_ENV variable contains environment variables in your system. On Windows, this usually includes variables like "OS" (probably set to "Windows_NT"), "WINDIR" (probably set to "C:\WINDOWS"), and so on. If you are using PHP on the command line, the $_SERVER superglobal will include all the variables from $_ENV.



PHP in a Nutshell
Ubuntu Unleashed
ISBN: 596100671
EAN: 2147483647
Year: 2003
Pages: 249

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net