This is the scenario:
I am using Wordpress
I use a plugin that pulls products from a online seller and displays it on my website.
My website is on SSL and the source website has both SSL & non-SSL
The image sources can be both:
http ://somewebsite.com/folder/someimage.jpg
OR
https ://securewebsite.com/folder/someimage.jpg
I want to use a function in my Wordpress theme (or in the plugin itself) that will change part of the image URL before the webpage is displayed.
change the first part of the image URL :
***http ://somewebsite.com/folder/***someimage.jpg
and replace it with
***https ://securewebsite.com/folder/***someimage.jpg
I am absolute noobie with php and wordpress and am learning from all the Guru's here. Would be great if the the answer can be detailed please.
The problem is to solve 'Mixed content' warning from Google chrome.
I did see this piece of code somewhere (on some forum) so I guess something like this should work for my site as well.
function rewrite_image_for_https(&$image_url) {
// Determine if site is being accessed by HTTPS
$secure = ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') || $_SERVER['SERVER_PORT'] == 443) ? TRUE : FALSE;
if ($secure) {
// Strip off protocol, and change protocol and domain to point at HTTPS image
$url = str_replace('http://insecureimagecource', '', $image_url);
$url = explode('/', $url);
$url[0] = 'https://secureimagesource';
$url = implode('/', $url);
$image_url = $url;
}
}
I have also tried the below, nothing works :-( Please help
<?php
function rewrite_image_for_https () {
$url = preg_replace("/^http://insecureimages", "https://secureimages", $url);
}
?>
Tried this too..
<?php
str_replace('http://insecureimages.com', 'https://secureimages.com', $url);
?>
There are multiple methods to solve this for example:
str_replace
str_replace('http://somewebsite.com', 'https://securewebsite.com', $url);
parse_url
$parts = parse_url($url);
$secure = 'https://securewebsite.com'.$parts['path'];
Related
I want to make a redirect file using php which can add Affiliates tag automatically to all links. Like how it works https://freekaamaal.com/links?url=https://www.amazon.in/ .
If I open the above link it automatically add affiliate tag to the link and the final link which is open is this ‘https://www.amazon.in/?tag=freekaamaal-21‘ And same for Flipkart and many other sites also.
It automatically add affiliate tags to various links. For example amazon, Flipkart, ajio,etc.
I’ll be very thankful if anyone can help me regarding this.
Thanks in advance 🙏
Right now i made this below code but problem is that sometimes link have extra subdomain for example https://dl.flipkart.com/ or https://m.shopclues.com/ , etc for these type links it does not redirect from the array instead of this it redirect to default link.
<?php
$subid = isset($_GET['subid']) ? $_GET['subid'] : 'telegram'; //subid for external tracking
$affid = $_GET['url']; //main link
$parse = parse_url($affid);
$host = $parse['host'];
$host = str_ireplace('www.', '', $host);
//flipkart affiliate link generates here
$url_parts = parse_url($affid);
$url_parts['host'] = 'dl.flipkart.com';
$url_parts['path'] .= "/";
if(strpos($url_parts['path'],"/dl/") !== 0) $url_parts['path'] = '/dl'.rtrim($url_parts['path'],"/");
$url = $url_parts['scheme'] . "://" . $url_parts['host'] . $url_parts['path'] . (empty($url_parts['query']) ? '' : '?' . $url_parts['query']);
$afftag = "harshk&affExtParam1=$subid"; //our affiliate ID
if (strpos($url, '?') !== false) {
if (substr($url, -1) == "&") {
$url = $url.'affid='.$afftag;
} else {
$url = $url.'&affid='.$afftag;
}
} else { // start a new query string
$url = $url.'?affid='.$afftag;
}
$flipkartlink = $url;
//amazon link generates here
$amazon = $affid;
$amzntag = "subhdeals-21"; //our affiliate ID
if (strpos($amazon, '?') !== false) {
if (substr($amazon, -1) == "&") {
$amazon = $amazon.'tag='.$amzntag;
} else {
$amazon = $amazon.'&tag='.$amzntag;
}
} else { // start a new query string
$amazon = $amazon.'?tag='.$amzntag;
}
}
$amazonlink = $amazon;
$cueurl = "https://linksredirect.com/?subid=$subid&source=linkkit&url="; //cuelinks deeplink for redirection
$ulpsub = '&subid=' .$subid; //subid
$encoded = urlencode($affid); //url encode
$home = $cueurl . $encoded; // default link for redirection.
$partner = array( //Insert links here
"amazon.in" => "$amazonlink",
"flipkart.com" => "$flipkartlink",
"shopclues.com" => $cueurl . $encoded,
"aliexpress.com" => $cueurl . $encoded,
"ajio.com" => "https://ad.admitad.com/g/?ulp=$encoded$ulpsub",
"croma.com" => "https://ad.admitad.com/g/?ulp=$encoded$ulpsub",
"myntra.com" => "https://ad.admitad.com/g/?ulp=$encoded$ulpsub",
);
$store = array_key_exists($host, $partner) === false ? $home : $partner[$host]; //Checks if the host exists if not then redirect to your default link
header("Location: $store"); //Do not changing
exit(); //Do not changing
?>
Thank you for updating your answer with the code you have and explaining what the actual problem is. Since your reference array for the affiliate links is indexed by base domain, we will need to normalize the hostname to remove any possible subdomains. Right now you have:
$host = str_ireplace('www.', '', $host);
Which will do the job only if the subdomain is www., obviously. Now, one might be tempted to simply explode by . and take the last two components. However that'd fail with your .co.id and other second-level domains. We're better off using a regular expression.
One could craft a universal regular expression that handles all possible second-level domains (co., net., org.; edu.,...) but that'd become a long list. For your use case, since your list currently only has the .com, .in and .co.in domain extensions, and is unlikely to have many more, we'll just hard-code these into the regex to keep things fast and simple:
$host = preg_replace('#^.*?([^.]+\.)(com|id|co\.id)$#i', '\1\2', $host);
To explain the regex we're using:
^ start-of-subject anchor;
.*? ungreedy optional match for any characters (if a subdomain -- or a sub-sub-domain exists);
([^.]+\.) capturing group for non-. characters followed by . (main domain name)
(com|id|co\.id) capturing group for domain extension (add to list as necessary)
$ end-of-subject anchor
Then we replace the hostname with the contents of the capture groups that matched domain. and its extension. This will return example.com for www.example.com, foo.bar.example.com -- or example.com; and example.co.id for www.example.co.id, foo.bar.example.co.id -- or example.co.id. This should help your script work as intended. If there are further problems, please update the OP and we'll see what solutions are available.
I have social bookmarking website and in this website users can submit link from others website (using booklet or bookmark button in bookmark bar, or by adding URLs in direct method).
The users have problem with some URLs when they add links with bookmark button in their browsers. The problem occurs with URLs that contain "&" character. Most of the users who work with Safari on Mac or Windows can not add such link with bookmark button.
Issue is that all URLs with "&" end up with $isLink = preg_match($pattern, $url); // Returns false (see the code below).
I removed part of my code (see comments in the snippet), and that fixed the problem.
But I do not want to remove this code. How can I fix the problem without removing it?
$url = htmlspecialchars(sanitize($_POST['url'], 3));
$url = str_replace('&', '&', $url);
$url = html_entity_decode($url);
if (strpos($url,'http')!==0) {
$url = "http://$url";
}
// check if URL is valid format
$pattern = '/^(([\w]+:)?\/\/)?(([\d\w]|%[a-fA-f\d]{2,2})+(:([\d\w]|%[a-fA-f\d]{2,2})+)?#)?([\d\w]([-\d\w]{0,253}[\d\w])?\.)+[\w]{2,4}(:[\d]+)?(\/([-+_~.,\d\w]|%[a-fA-f\d]{2,2})*)*(\?(&?([-+_~.,\d\w]|%[a-fA-f\d]{2,2})=?)*)?(#([-+_~.,\/\d\w]|%[a-fA-f\d]{2,2})*)?$/';
// vvv I REMOVED FROM HERE vvv
$isLink = preg_match($pattern, $url); // Returns true if a link
// ^^^ UNTIL HERE ^^^
if($url == "http://" || $url == "") {
if(Submit_Require_A_URL == false) {
$linkres->valid = true;
} else {
$linkres->valid = false;
}
$linkres->url_title = "";
} elseif ($isLink == false) {
$linkres->valid = false;
}
Website bookmark button code is:
javascript:q=(document.location.href);void(open('http://website.com/submit.php?url='+escape(q),'_self','resizable,location,menubar,toolbar,scrollbars,status'));
Why are you not using the PHP function "filter_var()" to check the url:
$url = $_POST['url'];
$isLink = filter_var($url, FILTER_VALIDATE_URL);
I'm currently working to make my own CRM website application and I followed Alex youtube tutorial which is the login/register using OOP.
In addition I need my index.php to be the dynamic content switcher, which I only include header and footer while the content load from a folder where it stores all the page. I believe the end result should be like www.example.com/index.php?page=profile
I look around and it seems like what I'm doing it's something similar to MVC pattern where index is the root file and all the content is loaded from view folder.
I managed to get everything done correctly but now instead of displaying the link like: www.example.com/user.php?name=jennifer
I wanted it to be www.example.com/user/name/jennifer
I try to look around phpacademy forum but the forum seems to be abandon, some search I managed to find a topic that relevant to what I want, but the code doesn't seems to be working and I got the same error with poster.
here is the code:
<?php
// Define the root of the site (this page should be in the root)
define('ROOT', rtrim(__DIR__, '/') . '/');
define('PAGES', ROOT . 'pages/');
// Define "safe" files that can be loaded
$safeFiles = ["login", "regiser", "profile", "changepassword"];
// Get URL
if(isset($_GET['page']) && !empty($_GET['page'])) {
$url = $_GET['page'];
} else {
$url = '/';
}
// Remove Path Traversal
$sanatize = array(
// Basic
'..', "..\\", '../', "\\",
// Percent encoding
'%2e%2e%2f', '%2e%2e/', '..%2f', '%2e%2e%5c', '%2e%2e', '..%5c', '%252e%252e%255c', '..%255c',
// UTF-8 encoding
'%c1%1c', '%c0%af', '..%c1%9c'
);
$url = str_replace($sanatize, '', $url);
// Prevent Null byte (%00)
// PHP 5.6 + should take care of this automatically, but PHP 5.0 < ....
$url = str_replace(chr(0), '', $url);
// Filter URL
$url = filter_var($url, FILTER_SANITIZE_URL);
// Remove any extra slashes
$url = rtrim($url, '/');
// Make lowercase url
$url = strtolower($url);
// Check current page
$path = PAGES . $url . '.php';
// If the file is in our safe array & exists, load it!
if(in_array($url, $safeFiles) && file_exists($path)) {
include($path);
} else {
echo "404: Page not found!";
}
I search around Google but I couldn't find a solution and I notice there were people asking in this forum as well hence I hope someone can assist me in this area.
I want to everyone can enter a url or domain to database but i want to filter that domain or url with path that real can't come to hack myself so is my code correct?
<?php
$url = $_GET['url'];
if (!filter_var($url, FILTER_VALIDATE_URL)) {
echo '*error*';
exit;
}
?>
This is I want [Y]: http://google.com
This is I want [Y]: http://google.com/index.php
This is I want [Y]: https://google.com
This is I want [Y]: https://google.com/index.php
This is I don't want [N]: google.com
This is I don't want [N]: google.com/index.php
Thank everyone.
It will work but it is not a good idea:
http://www.d-mueller.de/blog/why-url-validation-with-filter_var-might-not-be-a-good-idea/
Summary:
There are security issues with this function like XSS (Cross Site Scripting) Attacks which could harm people who visit your site (including yourself). It accepts urls like script alert(123);
Here is a workaround from the website, not perfekt but better then plain filter_var:
function validate_url($url)
{
$url = trim($url);
return ((strpos($url, "http://") === 0 || strpos($url, "https://") === 0) &&
filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED | FILTER_FLAG_HOST_REQUIRED) !== false);
}
So i'm writing a script in PHP which generates a image so other people can use it too.
But is it possible to get the url's on the pages the scripts are used ?
For example.
http://www.johnexample.com is using my image with this format
<img src="http://www.myurl.com/image.php">
Now i wan't to receive the url of http://www.johnexample.com without GET variables if possible.
It's basically a script that's suppose to track/note down all the websites that are using my image.
At first i though it was possible with this:
$url = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
But that only get's the location of the script itself.
Thanks
Oh, that was simpler than i though.
Got it working like this now.
The page with the tag only has to load once and it will save.
Only using Session now because it's being tested local.
Gonna switch it over to a database.
Thanks guys
<?php
session_start();
$url = $_SERVER["HTTP_REFERER"];
if(!strpos($_SESSION["url"], $url)) {
if($url != '') {
$_SESSION["url"] = $_SESSION["url"] . "," . $url;
}
}
$tracker = explode(",", $_SESSION["url"]);
var_dump($tracker);
?>