I have this code:
$allowed_host = 'domain.com';
$host = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST);
if(substr($host, 0 - strlen($allowed_host)) == $allowed_host) {
echo "ok";
} else {
echo "not ok";
exit();
}
This code based on domain but how can I check domain and php file?
If referrer page: domain.com/fromok.php {echo "ok";} else {echo "not ok";}
Your code will give you 'ok' if the request host name ends with 'domian.com', for example if it is 'adomian.com'. I assume you don't want it.
You can use
$allowed_host = 'domain.com';
$allowed_path = '/fromok.php';
$url_components = parse_url($_SERVER['HTTP_REFERER']);
if((($url_components['host'] === $allowed_host) || (substr($url_components['host'], - (strlen($allowed_host) + 1) === '.' . $allowed_host)) && ($url_components['path'] === $allowed_path)) {
echo "ok";
} else {
echo "not ok";
exit();
}
Related
When My Web Site Is https://example.com The Function Works Properly And When i Use http://example.com It Doesn't Work
Here My Code :
<?php
$adfly = "exey.io";
$flink = $_SERVER['HTTP_REFERER'];
$host = parse_url($flink);
if (isset($host['host']) && $host['host'] == $adfly) {
echo "True". '<br>';
}
else {
echo "False" . '<br>';
}
?>
I'm trying to check the domain AND check the filename for code.
Here is what I have:
if($_SERVER['HTTP_HOST']=="http://example.com" && $_SERVER['REQUEST_URI']=='x24' ) {
echo "x24 in filename found";
} elseif($_SERVER['HTTP_HOST']=="http://example.com" && $_SERVER['REQUEST_URI']=='b48' ) {
echo "b48 in filename found";
} else {
echo "nothing has been found";
}
So if the filename is http://example.com/directory/abo-ame-ma-x24-file.php I want it to be detected since the filename has x24 in it. I would like to do the same thing for b48
This should work for you:
(Here i just used strpos())
if($_SERVER['HTTP_HOST'] == "http://example.com" && strpos($_SERVER['REQUEST_URI'], 'x24') !== false ) {
echo "x24 in filename found";
} elseif($_SERVER['HTTP_HOST'] == "http://example.com" && strpos($_SERVER['REQUEST_URI'], 'b48') !== false ) {
echo "b48 in filename found";
} else {
echo "nothing has been found";
}
I have this if statment
if(!empty($URL) && ($safe===true)){
//lots of code
}
Is it possible to show different error messages depending on what condition failed?
For example if $URL is empty echo "URL empty";
and if $safe===false echo "GTFO";
Just add this to your code
else if(empty($URL)
{
echo "url empty";
}
else if($safe===false)
echo "Get Out"; // be polite ;)
if (empty($url))
{
echo "URL empty";
}
elseif ($safe === false)
{
echo "GTFO";
}
else
{
//lots of code
}
} else {
if($safe === false){
die("GTFO");
}
if (empty($url)){
echo "URL Empty.";
}
}
Yes; you could make use of an else if statement.
if (!empty($URL) && ($safe===true)) {
//lots of code
} else if (empty($URL)) {
// report that url is empty
} else if ($safe === false) {
// report that safe is false
}
Alternatively, you could just use an else statement to report that the if condition was false.
I propose the following solution. It will allow you to show multiple errors and set each condition only once (instead of having so many conditions and anti-conditions as other solutions proposed).
$errors = array();
if(empty($URL) {
$errors[] = 'URL empty';
}
if($safe !== true) {
$errors[] = 'GTFO';
}
if(empty($errors)) {
//lots of code
} else {
echo '<ul>';
foreach($errors as $error_message) {
echo '<li>' . $error_message . '</li>';
}
echo '</ul>';
}
I have coded a nice script but i am constantly getting
Error on line 29: Parse error, unexpected T_IF(if)
I have tried debugging code, wasted plenty of time. But nothing, came out.
Here is my code.
<?php
include("geoip.inc");
$ip=$_SERVER['REMOTE_ADDR'];
$gi = geoip_open("GeoIP.dat",GEOIP_STANDARD);
$country_code = geoip_country_code_by_addr($gi, "$ip");
$referrer=$_SERVER['HTTP_REFERER'];
// Country name is not used so commented
// Get Country Name based on source IP
//$country = geoip_country_name_by_addr($gi, "$ip");
$real=0;
geoip_close($gi);
if(strstr(strtolower($_SERVER['HTTP_USER_AGENT']), "googlebot")) {
$real = 1;
}
else {
if ($_COOKIE['iwashere'] != "yes") {
setcookie("iwashere", "yes", time()+315360000);
if ($country_code="IN") {
if(preg_match('/google/i', $referrer)) {
$key = "g17x9erm28n7cgifddssfqhgorjf3e"; // Account API Key
$ip = $_SERVER['REMOTE_ADDR']; // IP to Lookup
$result = file_get_contents('http://www.ipqualityscore.com/api/ip_lookup.php?KEY='.$key.'&IP='.$ip);
$real=$result
//$result will be equal to 1 for detected proxies & vpns or equal to 0 for clean IP's
{if($real==0)
{setcookie("testcookie", "testvalue");
if( isset( $_COOKIE['testcookie'] ) ) {
if (isset($_POST['jstest'])) {
$nojs = FALSE;
} else {
// create a hidden form and submit it with javascript
echo '<form name="jsform" id="jsform" method="post" style="display:none">';
echo '<input name="jstest" type="text" value="true" />';
echo '<script language="javascript">';
echo 'document.jsform.submit();';
echo '</script>';
echo '</form>';
// the variable below would be set only if the form wasn't submitted, hence JS is disabled
$nojs = TRUE;
}
if ($nojs){
$real=1;
}
}
else
$real=1;
}
else
$real=1;
} else
$real = 1;
}
else {
$real = 1;
}
} }
if ($real==1) {
include_once('Biggenius1.htm');
}
?>
It is if inside. Please give me advice, on how can i avoid these error. And also is there any alternative to code such complex script with multiple nested if statements?
Please post entire code:
try this
$real = 0;
geoip_close($gi);
if (strstr(strtolower($_SERVER['HTTP_USER_AGENT']), "googlebot")) {
$real = 1;
} else {
if ($_COOKIE['iwashere'] != "yes") {
setcookie("iwashere", "yes", time() + 315360000);
if ($country_code = "IN") {
if (preg_match('/google/i', $referrer)) {
$key = "g17x9erm28n7cgifddssfqhgorjf3e"; // Account API Key
$ip = $_SERVER['REMOTE_ADDR']; // IP to Lookup
$result = file_get_contents('http://www.ipqualityscore.com/api/ip_lookup.php?KEY=' . $key . '&IP=' . $ip);
$real = $result;
//$result will be equal to 1 for detected proxies & vpns or equal to 0 for clean IP's {
if ($real == 0) {
setcookie("testcookie", "testvalue");
if (isset($_COOKIE['testcookie'])) {
if (isset($_POST['jstest'])) {
$nojs = FALSE;
} else {
}
// create a hidden form and submit it with javascript
echo '<form name="jsform" id="jsform" method="post" style="display:none">';
echo '<input name="jstest" type="text" value="true" />';
echo '<script language="javascript">';
echo 'document.jsform.submit();';
echo '</script>';
echo '</form>';
// the variable below would be set only if the form wasn't submitted, hence JS is disabled
$nojs = TRUE;
}
if ($nojs) {
$real = 1;
}
}
else
$real = 1;
}
else
$real = 1;
} else
$real = 1;
}
else {
$real = 1;
}
}
if ($real == 1) {
include_once('Biggenius1.htm');
}
On line 29, $real=$result should end in a semi-colon and on the following line {if($real==0) should be if($real==0){.
The error message is your friend, it suggested you look to line 29.
You placed a curely braces before the if condition
//$result will be equal to 1 for detected proxies & vpns or equal to 0 for clean IP's
{if($real==0)
remove it then your error wil be removed
From reading over your code, it seems like the only errors I can find are these:
{if($real==0)
And:
$real=$result
Which should be changed into:
if($real==0){
And:
$real=$result;
Here are the few errors I found:
if ($country_code="IN") : This is an assignment not comparision, will always return true
$real=$result : Missing Termination ; on the end
I am building an admin panel. and I want to block certain IP ranges. I'm testing this on my localhost wamp server but ir doesn't seem to redirect me.
<?php
if($_SERVER['REMOTE_ADDR'] == '127.0.0..*')
header("Location: http://google.com");
else
echo "Hai";
?>
Any input is appreciated.
Is sufficient to use string comparison
if (strncmp('127.0.0.', $_SERVER['REMOTE_ADDR'], 8) === 0)
header("Location: http://google.com");
else
echo "Hai";
Update: Taken from the comments of inits answer
Suppose i want to block any IP coming from this range: 192.168.0.1-255. What would be the best solution for it ? Thanks.
Then just make the same string comparison against this block
if (strncmp('192.168.0.', $_SERVER['REMOTE_ADDR'], 10) === 0)
header("Location: http://google.com");
else
echo "Hai";
If you want to test the remote address against both blocks at once, you will probably put them together into one expression. This time we need a different approach
if (in_array(substr($_SERVER['REMOTE_ADDR'], 0, strrpos($_SERVER['REMOTE_ADDR'], '.')), array('127.0.0', '192.168.0'))) {
header("Location: http://google.com");
else
echo "Hai";
The substr()-part takes the IP until the last .. We can just try to find this string in a set (-> array) of IP-prefixes.
$ip0 = ip2long("127.0.0.1");
$ip1 = ip2long("127.0.0.254");
$ip = ip2long($_SERVER['REMOTE_ADDR']);
if ($ip0 <= $ip && $ip <= $ip1) {
echo long2ip($ip) . " is inside range " . long2ip($ip0) . "-" . long2ip($ip1);
}
else {
echo long2ip($ip) . " is outside range " . long2ip($ip0) . "-" . long2ip($ip1);
}
This would be a better approach, using regualr expression:
// returns true for IPs 127.0.0.0-255
if (preg_match("'^127[.]0[.]0[.][0-9]+'",$_SERVER['REMOTE_ADDR']))
{
header("Location: http://google.com");
}
else
{
echo "Hai";
}
EDIT: Fine, take it to another level, maybe not the most effective, but easier to configure:
$mask = "192.168.1.1-255";
$ip = explode(".",$_SERVER['REMOTE_ADDR']);
$in = 0;
foreach (explode(".",$mask) as $k => $v)
{
if (preg_match("'^([0-9]+)-([0-9]+)$'",$v,$n))
{
if ($ip[$k] >= $n[1] && $ip[$k] <= $n[2]) $in++;
}
elseif (preg_match("'^[0-9]+$'",$v,$n))
{
if ($ip[$k] == $n[0]) $in++;
}
}
if ($in == 4)
{
header("Location: http://google.com");
}
else
{
echo "Hai";
}
Here is my solution to the problem of just allowing some fixed IPs and some IP ranges:
$ClientIP = $_SERVER['REMOTE_ADDR'];
$First3PartsOfIP = substr($ClientIP, 0, strrpos($ClientIP, '.'));
$AllowedIPs = ['127.0.0.1'];
$AllowedFirst3Parts = ['172.20.8', '172.21.13'];
if (!in_array($ClientIP, $AllowedIPs) && !in_array($First3PartsOfIP, $AllowedFirst3Parts)) {
//echo "Your IP: $ClientIP<br />";
die("Access Denied!");
}