I have a subdomain which I want to forward to a changing url for post requests.
The changing url can be obtained using a php script I have.
Example:
My subdomain:
subdomain.website.com
Php script:
website.com/getsite.php
I want the "subdomain.website.com" to redirect to whatever url is in the php script (it changes frequently), all this while forwarding post requests back and forth.
How can I achieve this? NodeJs? Php script? I am at a loss on how.
use $_SERVER ['HTTP_HOST']. It is your domain/subdomain.
if ($_SERVER ['HTTP_HOST'] == 'subdomain.website.com') {
Header ("Location: http://website.com/getsite.php");
exit();
}
Related
How can I check if I was redirected from another domain to page or opened directly in right domain?
Thanks for answer!
I assume from the tags, which you assigned that you own an server, running PHP and want to know whether the users, visiting your page are comming from a page belonging to your domain or from somewhere else.
This is normally stored in the referer header of an HTTP request.
Try accessing it in PHP with $_SERVER['HTTP_REFERER']
The variable should contain the whole path of the source page and you can extract the domain/hostname using parse_url()
Complete example:
<?php
$sourcehost = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST);
?>
I tested it but ufortunately, after redirect 301 there is no data stored in the $_SERVER['HTTP_REFERER'] variable.
I was wondering if it's possible to take a url request from an external server, process, and then return to the requester a different url. (specifically a media file)
For example: www.example.com/index.php?var1=blue&var2=green
I'd like to be able to use that url to access a media file hosted on the example.com server. I don't have access to code on the requesting site, so my php site index.php will need to take that url request and process based on the get vars, and the correct media file will be presented to the external site.
How about doing a redirect using header:
if (isset($_GET["var1"]) && $_GET["var1"] === "blue"){
header('Location: YOUR_BLUE_CONDITION_URL');
}else if (isset($_GET["var2"]) && $_GET["var2"] === "green"){
header('Location: YOUR_GREEN_CONDITION_URL');
}
As #Fred noted below, make sure you do not output anything prior to modifying the headers.
I have a Wordpress website with Domain: Hello.com which is "ajaxified".
what I want to know is how to redirect user back to Hello.com if they visit Hello.com/ask, Hello.com/cake or anything deeper using the browser address bar.
Even if they go 2 degrees deeper like Hello.com/cake/make, I want them to stay at the root of my website.
I am using Wordpress and my first Idea was to put redirect script at header, but ended up making an infinite redirect loop.
How can I redirect users to homepage without redirecting my ajax requests to the homepage as well?
[If you ask why I would disallow them to go deeper, the answer is: I
am using ajax to load deeper pages and everything else into a div]
By adding a short PHP script somewhere before everything else, I was able to check how my pages were loaded using the condition below.
if(strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest')
It allowed me to check through PHP if it was through Ajax or not.
The value of $_SERVER['HTTP_X_REQUESTED_WITH'] is xmlhttprequest when the request was an ajax request.
For my case, this is how I used it:
if(strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
header("Location: http://". $_SERVER['HTTP_HOST']."/");
}
Which would check if the request was done through ajax, and redirect to the homepage/Main Screen of the website/web App if not.
I got the idea after reading this post
Note: Usage of HTTP_X_REQUESTED_WITH depends on the JavaScript framework you are using, if it sets that header. I am using jQuery and it does it for you.
Also $_SERVER is not entirely a part of PHP so it also depends if your server passes that variable to PHP.
If you are on a Nginx Server and it doesn't work for you, you can try this:
Passing HTTP_X_REQUESTED_WITH from nginx to php
Hope this helps others!
I want to get original URL (user entered URL) from 301 redirected URL.
Ex:
www.mydomain.com/about-1/
www.mydomain.com/about-2/
www.mydomain.com/about-3/
All above URLs want to redirect www.mydomain.com/about/. So I did it using simple .htaccess redirect. My problem is how to find from where user came (which original URL).
I've tried $_SERVER['HTTP_REFERER'] but it didn't work.
Passing variable like www.mydomain.com/about-1/?val=1 may a easy solution but it is not possible in this situation.
the HTTP_REFERER in _SERVER tells you where it is from. What I do sometimes is append a parameter to the url (either with a script.php?param=source or with a path script.php/path) to help me make the processing easier. These parameters can be added transparently to the script with an htaccess rule)
The easy way to do this is to take the url of the referrer to www.mydomain.com/about/ URL as a variable.
<?php header("Location: http://www.mydomain.com/about?referrer=http://www.mydomain.com/about-1" ,TRUE,301); ?>
Then you always have the referrer with the $_GET variable.
You can do it using PHP. Here is the link to get code to do it.
http://www.phpjunkyard.com/tutorials/php-redirect.php
I have several pages inside an AJAX directory. I don't want these pages accessible directly so you cannot just type in the URL of the page within the AJAX directory and access it. I "solved" this by using a PHP session on the page that calls it as follows:
Main page:
<?php
session_start();
$_SESSION['download']='ok';
?>
and on the ajax page I have this:
<?php
session_start();
if($_SESSION['download']!=='ok'){
$redirect='/index.php'; //URL of the page where you want to redirect.
header("Location: $redirect");
exit;}
?>
The only problem is that if a user goes through the correct process once, the cookie is stored and they can now access the page directly. How do I kill the session once they leave the parent page?
thx
why use session ?
if i understood what you want:
<?php /// Is ajax request var ?
if (isset($_SERVER['HTTP_X_REQUESTED_WITH'])) {
if (strtolower($_SERVER['HTTP_X_REQUESTED_WITH'])=="xmlhttprequest") {
// do your ajax code
} else {
// redirect user to index.php since we do not allow direct script access, unless its ajax called
$redirect='/index.php'; //URL of the page where you want to redirect.
header("Location: $redirect");
exit();
}
} ?>
A really simple solution is to open up each of the files you want to protect from direct URL entry & add the following to the top:
<?php if (isset($_GET['ajax']) != true) die();?>
Now get rid of your redirect script since it's useless now. You don't need to use sessions for this. Every time you request a page, use it's direct URL, just add ?ajax=1 to the end of it.
By adding the ?ajax=1, PHP will set a key of 'ajax' to the $_GET global variable with the value of 1. If ?ajax=1 is omitted from the URL then PHP will not set a key of 'ajax' in $_GET and thus when you check if it's set with isset() it will return false, thus the script will die and not output anything. Essentially the page will only output data if ?ajax=1 is at the end of the URL.
Someone could still "spoof" the URL and add '?ajax=1' themselves, but that is not the default behavior for people or web browsers. If you absolutely need to prevent this then it will be much more complicated, e.g. using templates outside of a publicly available folder. Most other "simple" solutions will have the same "spoofing" potential.
There's really no way to accomplish this with a 100% certainty - the problem is, both AJAX and regular web browser calls to your web site are using the same underlying protocol: HTTP. If the integrity and security of your site depends on keeping HTTP clients from requesting a specific URL then your design is wrong.
so how do you prevent people from directly accessing files inside certain directories while still letting the site use them??
Create a controller file. Send all AJAX requests to this controller.
ajax-control.php
<?php
$is_ajax = true;
include "ajaxincludes/test.php";
// ... use the ajax classes/functions ...
ajaxincludes/test.php
<?php
if (!isset($is_ajax) || !$is_ajax)) {
exit("Hey you're not AJAX!");
}
// ... continue with internal ajax logic ...
If clients try to access the file directly at http://mysite/ajaxincludes/test.php they'll get the error message. Accessing http://mysite/ajax-control.php will include the desired file.
I don't think there is a surefire way to do what you are asking, since HTTP request headers can be faked. However, you can use $_SERVER['HTTP_REFERER'] to see if the request appears to be coming from another page on your site.
If the rest of the security on your site is good, the failure of this method would not grant the user access to anything they were not already able to access.
I've never tried this but maybe you could do something with jQuery's .unload() and then call a PHP page to unset() the session.
Why not (on Ajax page):
session_start();
if($_SESSION['download']!=='ok'){
$redirect='/index.php'; //URL of the page where you want to redirect.
header("Location: $redirect");
exit;
}
// do whatever you want with "access granted" user
// remove the download flag for this session
unset($_SESSION["download"]);