I was trying to use the solution posted on How to set a session variable when clicking a <a> link
but I can't get it to work, to only allow access from a specific URL. As example I only want users to access the php page with a link on http://www.examplesite.com en disable direct access to page.php.
I used http_referer, which is working in Firefox, but in IE it isn't working.
I use the link:
<a href="page.php?a=validate">
and on the php page I use the following code:
session_start();
if(isset($_GET['a']) /*you can validate the link here*/){
$_SESSION['link']=$_GET['a'];
}else{
$_SESSION['oldlink']='no previous page';
}
$_SESSION['current']=$_SERVER['PHP_SELF'];
I'm not a star with php and probably missing something.
Could someone help me with this?
Related
I have a free software downloading site on wordpress. Anyone clicking on the download button is being redirected to another site page in which there is the download link for the software.
Example:
Clicking on download button in "https://example1.com/510-2/" users are being redirected to "https://example2.com/608/". Then clicking on "Unlock Download Links" on the top of the second page, a hidden div (button containing the download link) on the bottom of the page is visible.
Problem:
Thus, anyone can copy and share the url of second site page without viewing the main site page (https://example1.com).
Expected Output:
Only users being redirected from "https://example1.com/510-2/" could be able to see the "Unlock Download Links" on the top of the second page. If anyone tries to copy and reopen the second page url "https://example2.com/608/", won't be able to see the "Unlock Download Links" div.
example2.com post format:
<h2 style="text-align: center;"><strong>
<a onclick='document.getElementById("download").style.display = "block";' href="#wait">Unlock Download Link</a>
</strong></h2>
<style>
#download
{display: none}
</style>
<p>Lorem Ipsum is simply dummy text</p>
<div id="download">
Download
</div>
Doing this in PHP, you could create a form, set the method attribute of the form to post and set the action attribute of the form to point to your https://example2.com/608/ page that hosts the downloadable content for your users. Then on your downloadable content page have a conditional that checks if the global array for $_POST is set else throw an error on a redirect to your initial page.
The form would look like so:
NOTE: the page hosting the form would need to be .php page to use php on that page
<form method="post" action="https://example2.com/608/">
<?=$error?><!-- PHP for echo $error variable later defined I'll cover this later in explanation -->
<input type="submit" value="Click Here" name="download">
</form>
When this form is submitted, it will send a post global variable for the inputs name, download. On the https://example2.com/608/ page, which would need to be a php page, you would have php code at the top of the html that would see if global variable $_POST has a key for download. To do this, you could use isset() in php inside of a conditional if statement. Something like the following:
if(isset($_POST['download'])) --> if the POST global has a key called download set in the global POST array. The code will evaluate the conditional and if the $_POST array has a key for download it will return true.
Above the conditional you could define a variable for display and set it to NULL, then if the conditional returns true, set the variable to display the downloadable content.
Something like:
$output = NULL;
//--> now for the conditional that will see if the `$_POST` variable
//--> is set and then define the $output variable to display the downloadable content
//--> or throw a redirect header back to the page you wish users to view prior to downloading
//--> along with an error using the URL $_GET method
if(isset($_POST['download'])){
$output = //--> add your downloadable html content here...
}else{
header("Location: https://example1.com/510-2/?error");
exit;//<-- EXIT THE PHP CODE!
}
//<-- If our evaluation was true we echo out the $output variable in our html
<div>
<?=output?><!--// Short tag for php echo within html content on a php page //-->
</div>
header("Location: https://example1.com/510-2/?error"); redirects the user back to your initial page and then sends a $_GET global variable over the url that can be used on the target redirect page. So here we see if the $_POST isset and if it is we display the downloadable content, else if it is not set, we redirect the user automatically to the page you wish to display BEFORE they are allowed to download the content. We are essentially funneling the users through the chain we wish them to take to get to the prize: downloadable content, which must have a post variable set only by clicking on the button you want them to click on.
In the php redirect -> header() you see another global variable that is set over the server, ?error the ? is simply the start of a url defining key/value pairs in the url post... error is simply the key, no value is present. But we can check back on our redirected page using PHP to see if it is set, just like we did with the $_POST variable.
Now on https://example1.com/510-2/ we have some PHP code that checks to see if 'error` is set in the $_GET global array, if so, we do the same thing we did on the downloadable content page to check except we use the $_GET method instead of $_POST method.
if(isset($_GET['error'])){
$error = 'Please review this info for downloadable content...';
}else{
$error = '';
}
Now in the earlier form HTML, you notice a php short tag for echo -> <?=$error?> this is used directly in the php pages html, this is the same as <? php echo $error; ?>, also used for the $output variable as well. So if the conditional evaluates as false, it simply echos nothing and nothing is seen by the user, if it evaluates as true, we know the user was redirected back from the downloadable content without proper permission to download the content and it echos out the instructions we wish for them to take in order to get the downloadable content.
NOTE: I realize that this is all php code and not your original question using javascript, however because you are refreshing your pages and directing users to other pages for content, honestly the answer should be the use of a server side language like PHP or perhaps AJAX.
This is basic PHP code, everything I explain is easily re-searchable on the web and well defined in the php manual. Create a couple of dummy pages on your local host and play around with the POST and GET methods to refine your code.
https://www.php.net/manual/en/language.variables.superglobals.php
https://www.php.net/manual/en/reserved.variables.get.php
https://www.php.net/manual/en/reserved.variables.post.php
https://www.php.net/manual/en/function.header.php
https://developer.mozilla.org/en-US/docs/Learn/Forms/Sending_and_retrieving_form_data
You can use the $_SERVER['HTTP_REFERER'] superglobal variable, as discussed in this SO question.
Your code might look something like this:
<?php
$refr = $_SERVER['HTTP_REFERER'];
if( strpos( $refr, `example.com` ) !== false) {
echo '<button id="#theButton">Download</button>';
} else {
echo '<div class="warning">You must first visit this website.</div>';
}
?>
However, this is not foolproof. For a more secure method, look into using the .htaccess file, and specifically the RewriteCond %{HTTP_REFERER} directive.
Here is a SO question that discusses how to do this (eg. you could have two web pages (one with download button, one with error message) and direct visitors to the appropriate web page based on whether or not they came from the correct website).
References:
php - How to get referrer url
htaccess - Redirect based on referrer
I'm trying to create a 'Back To Search Results' link in order to go back to the previous page.
Basically you can perform a search, and afterwards go into a single-post page. In this page I'd like to create the link.
I tried :
<?php
$url = htmlspecialchars($_SERVER['HTTP_REFERER']);
echo "<a href='$url'>back</a>";
?>
But it only send you back to the previous page (let's say someone got to the website from google...then it would take him back to google I suppose.)
Any ideas?
Thanks!
'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
Source: http://www.php.net/manual/en/reserved.variables.server.php
So you should think of another way to re-create the URL. Try to send the URL as a POST variable with the Search you are performing. Then you can simply read it from $_POST.
At the end I managed to do it with a $_SESSION variable:
On the page that loads after clicking search (usually archive.php or similar) I added this code before the footer:
<?php
if (isset($_SERVER["REQUEST_URI"])) {
$_SESSION['url'] = $_SERVER["REQUEST_URI"];
}
?>
Then, I added to the single page the code bellow:
<div class="back-to-search">
<?php if (isset($_SESSION['url'])) : ?>
Back To Search
<?php else: ?>
Back To Search
<?php endif;?>
</div>
So basically if the $_SESSION is set from the search results, it takes you back to the results. If not (for example if you arrived directly from google etc.) The link will redirect to the homepage (where all the listings appear by default)
I’ve been battling with this for hours, I wonder if anyone can help.
I want to make a redirect script which first actions a link. I have a link generated by php which deletes the current user’s avatar. This link works (user avatar is deleted) however the link itself doesn’t lead anywhere, it just reloads whichever page it is launched from (I haven’t quite worked out how yet, I presume this is a feature of wordpress/buddypress which I am using). My aim is that on arrival to a particular page (page1.php), the delete avatar link is automatically actioned, and then the user is redirected to another page. So:
1) User arrives at page1.php
2) Script fires this link :
<a href="<?php if ( bp_get_user_has_avatar() ) : print 'mysite.net/members/'; echo userpro_profile_data('user_login', $user_id2); print '/'; bp_avatar_delete_link(); else : 'something-else.php'; endif; ?>"></a
3) User redirected to page2.php
I guess there may be some way to do this in javascript/ajax but I hardly use it so not really sure how. I’m struggling to get it to work in php also. Any help would be really appreciated.
Thanks.
You can redirect the page via Javascript using Location API:
<script type="text/javascript">
window.location = <?= $new_location ?>;
</script>
Or you can do it in PHP after performing required operations using code like this:
header("Location: {$new_location}");
But notice that if you redirecting via headers you should not echo enything to the page before it.
Or you can use wp_redirect() if youre doing it in Wordpress.
I need some help on passing a url php variable onto the next page. I've tried searching throughout the site for help and I've spent a lot of time trying to figure this out with no luck. Basically I need to be able to change the paypal link button id on page 2 with the url variable from page 1.
The variable is initially passed along with the URL: http://www.example.com?p=paypalbuttonid
I would like to store and pass that "p" variable on to the next page. I don't want to pass the variable onto page 2 with a link. I would prefer to store the variable and recall it on page 2.
Page 1 code (above html):
<?php
session_start();
$_SESSION['paypal'] = $_GET['p'];
?>
Page 2 code (above html):
<?php
session_start();
$p = $_SESSION['paypal'];
?>
I'm calling the variable in a link on page 2 (body):
<a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=<?php echo $p ;?>" target="_blank" class="btn">
I'm not sure what I'm dong wrong but I'm a complete newbie to PHP so please help! The variable shows up blank in the URL on page 2. Thank you! - Chad
First, you should make sure you dont have any output before session_start(), it is safe to put session_start () at the top of the page , especially if you use php code in .html, since you may have output without awareness, and session wont work if you have anything output to the browser before session_start()
according to php.net:
To use cookie-based sessions, session_start() must be called before outputing anything to the browser.
and you should check if you cookie is enabled.
Secondly, var_dump ($_SESSION); to see if you can get anything
I made a comment on a Wordpress blog and I noticed that after I submitted the comment, the top of the browser was flush with the top of my comment. In other words, the web page was auto-scrolled down to the top of my comment.
How can I do this? I am using a comment system with PHP / MySQL.
Thanks in advance,
John
Use an anchor and try to redirect adding the anchor to your link.
header('Location: http://www.example.com/questions/2301455#comment-54564');
should work.
Else you can do it with javascript by setting the hash property of the location object.
location.hash = '#comment-54564';
or using jQuery :
$(location).attr('hash', '#comment-54564');
You can use the following:
<a name="latest_comment">Comment goes here</a>
And then after a user posts a comment, redirect them to:
http://www.your-domain.com/your-uri#latest_comment
Check out this link under the "name attribute" section:
http://www.w3schools.com/html/html_links.asp