So, two questions!
When using header('location: newHome.php') Does that file need to be in the same directory?
I was going to have my signOut.php in the main directory, and be able to sign out of the website from any page.. example.com/example/example.example.html
My code just returns a error page at example.com/signOut.php The signOut.php is in the same directory as where I am testing it from..
example.com/example.php
<li><a href="signOut.php"><strong>Sign Out</strong>
example.com/signOut.php
<?php
session_start();
$_SESSION = array();
session_destroy();
header('Location: http://www.example.com/newHome.html');
?>
1) Answer to your 1st Question (When using header('location: newHome.php') Does that file need to be in the same directory?)
If you will not give any path then Yes it must be in the same directory.
Though, you need to define constant for your website URL like below:
define(SITE_URL,"http://www.example.com/");
And then use it anywhere in your website like below:
<li><a href="<?php echo SITE_URL; ?>signOut.php"><strong>Sign Out</strong>
Follow below link to learn more about Constants :
http://php.net/manual/en/function.constant.php
2) Answer to your 2nd Question (My code just returns a error page at example.com/signOut.php)
This is happening because your path is not correct. Manually correct the path or follow my first answer and define constant to correct it.
I don't think there is any issue with Headers as error you are saying with 404 Not found.
either, in the same folder
header('location: newHome.php');
or, not in the same folder
header('location: path/to/newHome.php');
or, a full URL
header('Location: http://www.example.com/newHome.html');
ob_start();
header('Location: http://www.example.com/newHome.html');
just use ob_start(); before header it will help
Related
the dilemma I have is my website index.php calls to a template php file on a button press like this:
case 'main':
$page = getTemplate('main.php', array('user'=>$user));
echo $page;
break;
This main.php template file is in a folder in "/var/www/template/" How do I stop people going to: domain.com/template/main.php and viewing the code for that page. I think the solution would be to make the localhost be able to pull the it and display it rather than the user or something along those lines. Any help would be appreciated thank you.
Like a comment said, the PHP file will not be printed, it will print the HTML result that the php file produce.
Maybe it produces some errors indicating vulnerabilities to a potential attacker ? If that's your case, you should handle this directly into the php code or use a .htaccess at the root of your site. You can't find some help there.
How to deny access to a file in .htaccess
Managed to fix this by putting this at the top of the php page I wanted to render:
<?php
if (!isset($_GET['page'])) {
header('Location: /main');
exit();
}
?>
This means if someone goes "domain.com/template/main.php" to attempt to view the source code, it will redirect them back to the main webpage for my site. Thanks for your suggestions however.
I am doing a project with XAMPP from my university in which they ask me to use the header function to perform redirects and a file structure to follow. But I'm having some problems.
I have the following file structure:
backend/validateSession.php
backend/show.php
index.php
login.html
So, validateSession.php has this inside:
session_start();
if(!isset($_SESSION["DNI"])){
$path = "./login.html";
header("location: ".$path);
}
And both index.php and show.php have to include validateSession.php
index.php:
include_once "./backend/validateSession.php";
show.php:
include_once "./validateSession.php";
When entering index.php, validateSession.php correctly redirects me to login.html
But if I enter from show.php, I have an error because the path is ./login.html instead of ../login.html
So my question is: How could I solve this problem if index.php and show.php need different paths so that header can redirect me correctly? Thanks in advance.
EDIT: header should redirect me to localhost/prog/TP/login.html, but
if i use this path in the header, it probably won't work if someone else tries to access it from their own XAMPP.
The path for an HTTP redirect is relative to the domain, not to the filesystem (since the browser knows nothing about that). In this case, you should just be able to use
$path = "/login.html";
header("location: ".$path);
Note the lack of . at the start of path. domain.com/index.php, domain.com/backend/show.php (and any others) will all redirect to domain.com/login.html
I have been browsing a good couple hours regarding php page redirection. It should be quite straight forward task. However, I am unable to understand what is going on...
I have tried the following two lines of code.
header('Location: http://www.google.ca');
It works!
header('Location: localFile.php');
It does not work!
//redirect.php
<?php
header('Location: localFile.php');
?>
//localFile.php
<?php
echo "good!";
?>
My public_html directory contains localFile.php and redirect.php. I don't think that my code is wrong!! Hope someone can tell me what is going on...
A location in the headers refers to the URL and not to files. If the file you want to redirect to is in the root, add a forward slash:
header('Location: /localFile.php');
Your first attempt with https://google.ca worked because it refers to an actual URL
I have the following code in my index.php page:
<?php include("/includes/widgets.php") ?>
And in my widgets.php page:
<?php
header("Location: /");
?>
What I want to achieve with this is to redirect it if the user visits it, but allow it for including.
But I get the following error:
The webpage has a redirect loop
How can I fix/prevent the redirect loop, but still redirect the user and not the server.
Place the widgets.php file in a folder not accessible to HTTP clients. I.e on apache webserver, either put it above your document root (into it's parent) or use .htaccess file to block users from it.
e.g.
deny from all
I think I know what you need :)
Change code index file to next
define("IS_INDEX", true);
include("/includes/widgets.php"
Change code for widgets.php to next
if (!defined("IS_INDEX")) {
header("Location: /");
exit();
}
The issue is you are redirecting back to the same page, which then redirect again, and again, and again.
An easy fix would be to wrap the redirect in an if, and only redirect if they aren't already on the index page; but this is just patching what looks like an architectural problem.
Something like:
if (ltrim($_SERVER['REQUEST_URI'], '/') != 'index.php')
header('Location: index.php');
One way is to check if __FILE__, which is the file loaded, regardless of included or not matches up with the file requested which is in $_SERVER['REQUEST_URI'] (or $_SERVER['PHP_SELF']).
I use this on our development site in a page that is usually included to get the output as debugging.
if(basename($_SERVER['PHP_SELF'])===basename(__FILE__)){
//do some debugging
}
Typically you wouldn't use basename, but this is on a non-public facing development site and the file has a pretty unique name so I'm not worried about the file being included with another file with the same name or anything.
One possible way is to add a parameter to the redirection, e.g.
if (!$_REQUEST['redirect'])
header("Location: /ìndex.php?redirect=1");
That way redirection can happen only once.
Another way is to stop redirection if the user already is on the /. I´d suggest to combine both.
Say I have two html files called html1 and html2. html1 contains an embedded swf file.
Now what I want is that the user can not go to html2 directly via url. He has to click it through the link in the swf in html1. Is there a way to achieve this?
If not possible in html, is it possible with php?
Thanks
EDIT:
After answer from John, I went ahead and tried his advice, but I can never access the file2.php, even if I have been to file1.php before. It keeps redirecting me back to file1.php, even when it should not.
My code from file1.php
//file1.php
<?php
session_start();
$_SESSION['enableAccessTill']=strtotime("+5 minutes");
?>
Here is file2.php
//file2.php
<?php
session_start();
if(!isset($_SESSION['enableAccessTil'])||$_SESSION['enableAccessTil']<time())
{
header("Location: indexFLA.php");
exit;
}
?>
what am I possibly doing wrong?
found it, it was due to a misspelling - "enableAccessTil" and "enableAccessTill"
professional solution:
create protected directory and make .htaccess file in directory and copy all embedded and partial files into directory.
this directory not accessible whit get url.
but you can include file whit php include and require method.
.htaccess content:
deny from all
This wont be possible in just plain html.
An easy way to do this is php is by setting a session variable in file 1, and test in file 2 it the users has been to file 1.
file1:
<?php
session_start();
$_SESSION['enableAccessTill'] = strtotime("+5 minutes"); //set the time here till when the user has access
[...]
file2
<?php
session_start();
if(!isset( $_SESSION['enableAccessTill'] ) || $_SESSION['enableAccessTill'] < time() ){ //If time is expired
header("Location: file1.php"); //redirect user to the first file
exit;
}
[...] //continue your script here.
Things with referrer check do usually fail (some browsers/firewalls blocking that variable).
Based on the options you described, it would sound most reasonable to make the html2 a php script and check that the referrer is the html1 file. The script should display the normal html1 content if that is the case, or an error message otherwise.
A sneaky user could still get around this if they knew what was going on, but it should be fine for the majority of your audience.
Possible with php.
At index.php you must write
<?php
define('START', true);
include 'file.php';
At file.php need write
<?php defined('START) or die('Direct access!!'); ?>
<embed> your swf file embed
This way you will prevent direct access
You could do it with PHP by using session variables. Start the session in html1. Check for the session in html2. If it exists, display html2. If it does not, don't display html2. In either case, destroy the session in html2.
well is posible with html you has two options one is cookies and the other is local storage in html5
localStorage.hasClick = true;
alert(localStorage.hasClick);
http://www.html5rocks.com/en/features/storage
but obviously the straightforward solution is php / c# / ruby / etc...
//when I said html i refer to use only client side html/javascript