I have noticed that when you click on a Google Ads link, it appends this ?gclid=abcdef on url.
Same behavior goes for facebook as well.
I am using the following block of code in order to identify the referrer.
if (strpos($url, 'gclid') !== false) {
$ref = 'Google Adwords';
} else if (strpos($url, 'fbclid') !== false) {
$ref = 'Facebook';
}
Is there any other url identifiers or an other way to get the referrer url? The $_SERVER['HTTP_REFERER'] does not work.
Related
There are two urls:
1- http://www.facebook.com/?v=107084586333124'
2- https://www.youtube.com/watch?v=Ws_RjMYE85o
As you can see, both links contains the ?v=..............
Im using a function to retrieve the video ID and the name of the host (youtube, facebook, etc).
Im using this function to get both id and host name
function get_video_id($url){
$video_id = "";
//YOUTUBE
if(preg_match('#(?<=(?:v|i)=)[a-zA-Z0-9-]+(?=&)|(?<=(?:v|i)\/)[^&\n]+|(?<=embed\/)[^"&\n]+|(?<=(?:v|i)=)[^&\n]+|(?<=youtu.be\/)[^&\n]+#', $url, $videoid)){
if(strlen($videoid[0])) {
$video_id = 'youtube:_:'.$videoid[0];
}
}
//VIMEO
if(preg_match('#(https?://)?(www.)?(player.)?vimeo.com/([a-z]*/)*([0-9]{6,11})[?]?.*#', $url, $videoid)){
if(strlen($videoid[5])) {
$video_id = 'vimeo:_:'.$videoid[5];
}
}
// Facebook
if(preg_match("~/videos/(?:t\.\d+/)?(\d+)~i", $url, $videoid)){
if(strlen($videoid[0])) {
$video_id = 'facebook:_:'.$videoid[1];
}
}
return $video_id;
}
$exp = explode(':_:',get_video_id($_POST['video_url']));
echo $exp[0] .'=>'.$exp[1];
$exp[0] should return the host name (youtube, vimeo, facebook ....etc);
and $exp[1] return the video id.
The function is working fine but the problem I encounter is that when I submit a facebook video link which contains the ?v=
(eg. http://www.facebook.com/?v=107084586333124')
it always returns youtube as a host name. unlike when I submit a link like this one:
https://www.facebook.com/LadBlab/videos/540736926073557/
it return facebook and thus working fine.
How to check if the url is a facebook video or not when a user submit a link like this one and not confuse it with youtube?
http://www.facebook.com/?v=107084586333124'
You can use something like this
$url = 'http://facebook.com/?v=4654654';
if(strpos($url, 'facebook') != FALSE) {
//facebook link
} else if(strpos($url, 'youtube') != FALSE) {
//youtubelink
} else {
//someother link
}
And then apply your preg_match to each link separately to get the video id.
I want to everyone can enter a url or domain to database but i want to filter that domain or url with path that real can't come to hack myself so is my code correct?
<?php
$url = $_GET['url'];
if (!filter_var($url, FILTER_VALIDATE_URL)) {
echo '*error*';
exit;
}
?>
This is I want [Y]: http://google.com
This is I want [Y]: http://google.com/index.php
This is I want [Y]: https://google.com
This is I want [Y]: https://google.com/index.php
This is I don't want [N]: google.com
This is I don't want [N]: google.com/index.php
Thank everyone.
It will work but it is not a good idea:
http://www.d-mueller.de/blog/why-url-validation-with-filter_var-might-not-be-a-good-idea/
Summary:
There are security issues with this function like XSS (Cross Site Scripting) Attacks which could harm people who visit your site (including yourself). It accepts urls like script alert(123);
Here is a workaround from the website, not perfekt but better then plain filter_var:
function validate_url($url)
{
$url = trim($url);
return ((strpos($url, "http://") === 0 || strpos($url, "https://") === 0) &&
filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED | FILTER_FLAG_HOST_REQUIRED) !== false);
}
Dear friends I have installed prestashop on my existing website.My current website has a login system that I have already built.
Because of installing prestashop for my system,I thought to change my existing login to prestashop login.
As for the prestashop documentation,to access prestashop cookie outside prestashop,I made a test page to retrieve cookie data as follows,
include_once('path_to_prestashop/config/config.inc.php');
include_once('path_to_prestashop/config/settings.inc.php');
include_once('path_to_prestashop/classes/Cookie.php');
$cookie = new Cookie('ps');
print_r($cookie);
But this is not working and browser says
It contains redirect loop.
I tried to disable SEO friendly url and cannonical url to no-direct as some posts suggested.
Now if I go to the test page it redirects to the prestashop index page rather displaying cookie data.
What should I do to overcome this problem?
Thank you.
When you include config/config.inc.php PrestaShop redirects to the shop domain.
The following code is causing this behavior in classes/shop/Shop.php:
$shop = new Shop($id_shop);
if (!Validate::isLoadedObject($shop) || !$shop->active)
{
// No shop found ... too bad, let's redirect to default shop
$default_shop = new Shop(Configuration::get('PS_SHOP_DEFAULT'));
// Hmm there is something really bad in your Prestashop !
if (!Validate::isLoadedObject($default_shop))
throw new PrestaShopException('Shop not found');
$params = $_GET;
unset($params['id_shop']);
$url = $default_shop->domain;
if (!Configuration::get('PS_REWRITING_SETTINGS'))
$url .= $default_shop->getBaseURI().'index.php?'.http_build_query($params);
else
{
// Catch url with subdomain "www"
if (strpos($url, 'www.') === 0 && 'www.'.$_SERVER['HTTP_HOST'] === $url || $_SERVER['HTTP_HOST'] === 'www.'.$url)
$url .= $_SERVER['REQUEST_URI'];
else
$url .= $default_shop->getBaseURI();
if (count($params))
$url .= '?'.http_build_query($params);
}
$redirect_type = Configuration::get('PS_CANONICAL_REDIRECT') == 2 ? '301' : '302';
header('HTTP/1.0 '.$redirect_type.' Moved');
header('location: http://'.$url);
exit;
}
You could override the Shop class to disable the redirect for your script.
To do this first define PS_DISABLE_SHOP_REDIRECT constant before you include config/config.inc.php:
define('PS_DISABLE_SHOP_REDIRECT', true);
Then paste the following before the previous code in the overridden class:
if (defined('PS_DISABLE_SHOP_REDIRECT')) {
$id_shop = Configuration::get('PS_SHOP_DEFAULT');
}
Some websites are not allowed to be embedded via iframe. They produce the following error:
Refused to display 'https://news.ycombinator.com/news' in a frame because it
set 'X-Frame-Options' to 'DENY'.
Our app allows URL submissions from users. We want to check on the server side if the website could be embedded in iframe and add a corresponding flag. On the client we check for the flag, and either do iframe embed or just provide a direct link to a webpage.
How do I check whether website will support iframe or not?
Try this code:
$url = "http://www.google.com/";
$url_headers = get_headers($url);
foreach ($url_headers as $key => $value)
{
$x_frame_options_deny = strpos(strtolower($url_headers[$key]), strtolower('X-Frame-Options: DENY'));
$x_frame_options_sameorigin = strpos(strtolower($url_headers[$key]), strtolower('X-Frame-Options: SAMEORIGIN'));
$x_frame_options_allow_from = strpos(strtolower($url_headers[$key]), strtolower('X-Frame-Options: ALLOW-FROM'));
if ($x_frame_options_deny !== false || $x_frame_options_sameorigin !== false || $x_frame_options_allow_from !== false)
{
echo 'url prevent iframe!';
}
}
X-Frame-Options is a response header sent by the server, so have your server perform an HTTP GET on the URL you'd like to test, see if the X-Frame-Options header is present, and if it is... judging by the spec you're not likely to be allowed to embed it at all.
I wrote this function:
function allowEmbed($url) {
$header = #get_headers($url, 1);
// URL okay?
if (!$header || stripos($header[0], '200 ok') === false) return false;
// Check X-Frame-Option
elseif (isset($header['X-Frame-Options']) && (stripos($header['X-Frame-Options'], 'SAMEORIGIN') !== false || stripos($header['X-Frame-Options'], 'deny') !== false)) {
return false;
}
// Everything passed? Return true!
return true;
}
I've working on a project and in this project i need to check the user input is a valid URL.
I've made a preg_match for all possible characters used on a URL. However, I'm trying to make it show an error if HTTP:// / HTTPS:// is not in front of the URL.
Here is what I've done.
if(preg_match('/[^0-9a-zA-Z.\-\/:?&=#%_]/', $url) || substr($url, 0, 7) != "http://" || substr($url, 0, 8) != "https://") {
But that doesn't work. It keeps giving me the an OK message. I'm not sure what I'm doing wrong here, I hope I can get some help!
The if statement will return true or false. So
if(preg_match('/[^0-9a-zA-Z.\-\/:?&=#%_]/', $url) || substr($url, 0, 7) != "http://" || substr($url, 0, 8) != "https://") {
echo "true";
} else {
echo "false";
}
I just need to check if the url has entered a valid url. I don't need to verify it. Just need to check if it has HTTP:// or HTTPS:// and contains valid URL characters.
Instead of a regex, you could make things easy on yourself and use the URL filtering in filter_var:
if (filter_var($url, FILTER_VALIDATE_URL)) { ...
Alternately you can do this without regex. Though you do also need to validate the url imagine http://">bla</a><script>alert('XSS');</script> as the value passed as there url
<?php
$url = 'http://example.com';
if(in_array(parse_url($url, PHP_URL_SCHEME),array('http','https'))){
if (filter_var($url, FILTER_VALIDATE_URL) !== false) {
//valid url
}else{
//not valid url
}
}else{
//no http or https
}
?>
parse_url()
filter_var()
You've not shown your complete relevant code. So, not sure, why it is not working for you but for url validation, you can check for a detailed discussion on the thread link below:
PHP validation/regex for URL
To validate user input with website url it is good to allow with or without scheme and with or without www, then in view add scheme to set as external url.
$withWww = 'www.' . str_replace(array('www.'), '', $value);
$withScheme = 'http://' . str_replace(array('http://', 'htttps://'), '', $withWww);
$headers = #get_headers($withScheme);
if (strpos($headers[0], '200') === false) {
return false;
}