show something only when user comes from specific page at remote host?

I'm trying to achieve something discussed in a few other threads (such as here e.g.), but specific to a certain page refering, not just the host. Scenario: we host a quiz at an external site and want to open signup to users who successfully finished that particular quiz. What I found so far was s solution to check for the host: 

$allowedsite = "thequizhost.com"; //allowed site url without http://
$allowedsite2 = "www.thequizhost.com"; //Type allowed domain with www. this time

$referer = $_SERVER['HTTP_REFERER'];

//Check if browser sends referrer url or not
if ($referer == "") { //If not, set referrer as allowed domain
    $domain = $allowedsite;
} else {
    $domain = parse_url($referer); //If yes, parse referrer
}

if($domain['host'] == $allowedsite || $domain['host'] == $allowedsite2) {

    //proceed to allowed page
echo ("OK [signup_form id='2']");

} else {

    //The referrer is not allowed site, we redirect to allowed home page or do something else 
echo ("not OK"); 
}

but this basically allows anyone smart enough to just create a generic quiz at thequizhost.com and put a link to our signup page there.

How would I need to amend the above example to show the signup form only when the user is coming from thequizhost.com/ourspecificquiz.php ? https://www.thequizhost.com/the-quizzes/quizzing.php?title=our-specific-quiz-we-need-to-echek-forthen=someparameters=wedontneed ?

Thank you for whatever help you may be able to provide. Cheers - LX

Topic signup php users Wordpress

Category Web

1
answered at

$_SERVER['HTTP_REFERER'] gets all the info you need, not just the domain - so you just need to drill deeper into the data you are already getting.

I'd suggest only setting one variable to make sure you don't paste something wrong into the second - you can check for the www version by appending 'www.'.

Your current code would display the page to anyone who accesses the page directly with no referrer (i.e. by bookmark or search engine result) and it sounded like you only want people who successfully completed the quiz to be able to view the page, so I also removed the part where you set the domain to the right one if the referer was empty.

You may need to tweak this a bit, but it should point you in the right direction:

<?php
// set the non-www allowed domain, path, and title
$allowedDomain = 'thequizhost.com';
$allowedPath = '/the-quizzes/quizzing.php'
$allowedQuery = 'our-specific-quiz-we-need-to-echek-for'
// grab the HTTP referer using WP's built-in function
$referer = wp_get_referer();
// if referer is not empty
if (!empty($referer)) {
    // split url to check its pieces
    $refererData = parse_url($referer);
    // check domain, both non-www and www
    if($refererData['host'] == $allowedUrl || $refererData['host'] == 'www.'.$allowedUrl) {
        // check the path
        if($refererData['path'] == $allowedPath) {
            // parse the query string
            parse_str($refererData['query'], $queryString);
            // check just the "title" variable
            if($queryString['title'] == $allowedQuery) {
                // now we know they really completed the quiz
                $showForm = true;
            }
        }
    }
}
// if $showForm is true, they've been verified and can see the form
if($showForm == true) {
    do_shortcode("[signup_form id='2']");
// they didn't come from the right place, so don't show the form
} else {
    // redirect to homepage, or wherever you like
    wp_safe_redirect(home_url()); exit;
}
?>

If you think there's a good chance visitors will try to hit the page without taking the quiz, instead of redirecting, you could display alternate content - something to the effect of "Thanks for your interest. Please take the quiz (link here) to enable signup."

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.