I want to bind the complete URL in a PHP variable.
My URL looks like this: http://develop.example.com/spf#users/admin.
To get the URL I use following:
http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]
and for the hash value is use this JS:
document.write(window.location.hash);
So my PHP variable looks like below:
$current_url = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"."<script>document.write(window.location.hash);</script>";
When I echo the $current_url I get this output: http://develop.example.com/spf#users/admin.
Now I want to have a check on the current URL:
if ($current_url != "http://develop.example.com/spf#users/admin") {
echo "you are NOT the admin";
}
else {
echo "you are the admin";
}
Unfortunately, even when the URL is exactly the same, he keeps hanging on: "you are NOT the admin".
What is going wrong here?
you can use following script and your code is correct but the problem is "document.write(window.location.hash);" this code remove it then run
<?php
$current_url = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
$match="http://localhost:900/at/";
// echo base64_encode($current_url);
// echo "<br>";
// echo base64_encode($match) ;
if ($current_url==$match) {
echo "you are the admin";
}
else {
echo "you are NOT the admin";
}
?>
Related
This question already has answers here:
How to get the previous url using PHP
(6 answers)
Closed 2 years ago.
I have added This Code in My Domain2 where i want this code to be executed Running If it From domain 1
<?php if(isset($_GET['id2'])) { $id2=$_GET['id2']; echo "www.xxxxxxxxxx"" ></iframe>";}
else
{
echo "Not Found";
}
I try this code but not working
If anyone direct accesses this https://Domain2.com/xxxxxxxx/?id=xxxx Hidden part of is showing
How to make hidden if it not Redirected By https://Domain1.com/away.php
You can use $_SERVER['HTTP_REFERER'] to make sure that the refering page (previous page) was the one that you expect:
<?php
// if the request comes from a file that contains the string "conforming.php" then render the page
if(stristr($_SERVER['HTTP_REFERER'], "conforming.php")) {
//serve page if came from conforming.php
}
// if the referring page is not conforming.php, then redirect the user to the conforming version
else {
header("Location: conforming.php");
}
?>
additional information: https://www.w3.org/TR/WCAG20-TECHS/SVR3.html
EDIT**
I customized the code below according to your additional requirements:
<?php
if (stristr($_SERVER['HTTP_REFERER'], "https://Domain1.com/away.php"))
{
if (isset($_GET['id2']))
{
$id2 = $_GET['id2'];
echo "<iframe frameborder=\"0\" scrolling=\"no\" width=\"560\" height=\"320\" src=\"https://www.xxxxxxxxxx.com/files.php?v=$id2\" allowfullscreen=\"true\" webkitallowfullscreen=\"true\" mozallowfullscreen=\"true\" ></iframe>";
} else{
echo "id is empty";
}
}
else
{
//invalid referer! go back to domain1 to make it valid!
header("Location: https://Domain2.com/xxxxxxxx/");
}
?>
What you are looking for is exit;
<?php
if(isset($_GET['id']))
{
$id1=$_GET['id']; echo "xxxxxxxxxx=$id1";}
else {
echo "stop";
exit;
}
?>
Exit will terminate the execution of the current script. This will then continue with the execution processes, which will call your next function.
More reading here: https://www.php.net/manual/en/function.exit.php
I have page called account_settings.php and it's consist of change password, change profile pic, change user details (name, bio etc.). My question is how to write message with echo() after redirecting page with header().
Something like this:
if (true)
{
Do_Some_MySQL();
header("Location: account_settings.php");
echo "Success!";
}
else
{
echo "Error!";
}
Thank you for all replies. ;-)
You can't actually do something after sending a Location header - it is impossible.
Instead, you could use $_SESSION array value to perform your task. Like:
if (true)
{
Do_Some_MySQL();
$_SESSION['message'] = 'Error!';
header("Location: account_settings.php");
}
else
{
echo "Error!";
}
And then on your account_setting.php:
<?php echo $_SESSION['message'] ?>
This would be nice if the account_settings.php is not the same page as you currently are. Otherwise, you could use the following code:
if (true)
{
Do_Some_MySQL();
$error = 'Success!';
header("Location: account_settings.php");
}
else
{
$error = "Error!";
}
And on the same page:
<?php if($error) echo $error; ?>
Also don't forget to include session_start() on both pages if you didn't it yet.
I would use a SESSION variable:
on redirect-page:
<?php
#session_start();
if(true){
$_SESSION['success'] = 1;
header("Location: account-settings.php");
}
?>
and on account-settings.php:
<?php
#session_start();
if(isset($_SESSION['success'])){
echo "Success!";
unset($_SESSION['success']);
}
You cannot echo anything after you just redirected. The browser is already processing the request to redirect to another page, so it doesn't bother about displaying the message anymore. What you seem to be looking for is something called flash message. You can set a temporary message in the session and have it display on the new page. For example, in your account_settings.php page:
// Make sure you have an actual session
if (!session_id()) {
session_start();
}
if (true) {
Do_Some_MySQL();
$_SESSION['flashMessage'] = 'Success!';
header('Location: account_settings.php');
}
Then in your template file for account_settings, check if there is any flash message and display it accordingly (and unset it to avoid a loop):
if (isset($_SESSION['flashMessage'])) {
echo $_SESSION['flashMessage'];
unset($_SESSION['flashMessage']);
}
These people are correct...you can't send headers after a redirect. Although I think this would be a beneficial alternative. To send a GET request in your header and process it on the receiving page. They are suggesting to use $_SESSION vars, but you can use GET vars. Ex:
if (true)
{
//Do_Some_MySQL();
header("Location: account_settings.php?message=success");
//above has GET var message = Success
}
else
{
header("Location: account_settings.php?message=error");
}
On your account_settings.php page have this code:
if (isset($_GET['message'])) {
$message = $_GET['message'];
if ($message == "success") {
echo "Success";
} else {
echo "Error";
}
}
This removes the need of CONSTANT SESSION vars. and gives you plenty of flexibility.
header("Location: account_settings.php?message=No%20results%20found");
//%20 are URL spaces. I don't know if these are necessary.
If you need you can add more then one.
header("Location: account_settings.php?message=error&reason=No%20Results×tamp=" . Date());
then account_settings.php can be:
if (isset($_GET['message'])) {
$message = $_GET['message'];
$reason = $_GET['reason'];
$time = $_GET['timestamp'];
if ($message == "success") {
echo "Success";
} else {
echo "Error: <br/>";
echo "Reason: $reason";
}
}
But remember GET exposes your messages in the browsers URL. So DON'T send sensitive information unless you secure it. Hope this helps.
I've made this script, but the 4th line isn't right and I have really no clue how to solve this. I really appriciate if someone helps me. This is my code:
<?php
$url = $_GET["url"];
$badsite = array("http://check.com", "http://hotmail.com");
if($url == $badsite) {
echo "This URL is harmful.";
} else {
echo "Not harmful";
header("Location: " . $_GET["url"]);
}
?>
So the thing which doesn't work is the following line
if($url == $badsite) {
How can I make it so it checks if the GET contains a $badsite?
You don't want to check if the value equals the array, you want to check if it's in the array. Perhaps something like this:
if (in_array($url, $badsite)) {
// ...
}
Side note, you don't need (or want, really) this echo statement:
echo "Not harmful";
header("Location: " . $_GET["url"]);
You might get an error by emitting output before sending a header. But even if you buffer output or in some other way suppress that error, there's no reason to emit output when returning a redirect response. The browser would display it for only an instant, if at all. A redirect by itself is a complete HTTP response, no output is required.
In this case you can use the function in_array:
http://php.net/manual/en/function.in-array.php
<?php
$url = $_GET["url"];
$badsite = array("http://check.com", "http://hotmail.com");
if(in_array($url, $basite)) {
echo "This URL is harmful.";
} else {
echo "Not harmful";
header("Location: " . $_GET["url"]);
}
?>
I am trying to pass in a $_GET variable from a query string and pass it into a link to another page that has an application on it.
A customer will be directed to my page and the url will have the variable name merchantid. I need to take that on the home page, and pass it to the application page.
I've got it displaying on the home page as a test, so I know how to get it. I just need to know how to pass it the application page.
<?php
if (empty($_GET)) {
// no data passed by get
echo "<a href='{site_url}application'>Application</a>";
}
else
{
// The value of the variable name is found
echo "<a href='{site_url}application?merchantid=" .merchantid ."'><Application></a>";
}
?>
My else link actually blows up currently.
Ok, here is my second try, with the same result. The link blows up when I pass in the merchantid into the url. Ex. www.mysite.com/?=merchantid=12345
<?php
if (empty($_GET)) {
// no data passed by get
echo "<a href='{site_url}application'>Application</a>";
}
else
{
if(isset($_GET['merchantid'])){$merchantid = $_GET['merchantid'];}
else{$merchantid = "DefaultMerchant";}
echo "<a href='{$site_url}application?merchantid=" .$merchantid ."'><Application </a>";
}
?>
Why your code is not working
You're not telling php that "merchantid" is a variable nor you're defining it.
Solution
Replace
echo "<a href='{site_url}application?merchantid=" .merchantid ."'><Application></a>";
With
if(isset($_GET['merchantid'])){$merchantid = $_GET['merchantid'];}
else{$merchantid = "";}
echo "<a href='{$site_url}application?merchantid=" .$merchantid ."'><Application></a>";
}
Updated code
<?php
$site_url = 'http://'.$_SERVER['HTTP_HOST'].'/';
if (empty($_GET)) {
// no data passed by get
echo "<a href='{$site_url}application'>Application</a>";
}
else
{
if(isset($_GET['merchantid'])){$merchantid = $_GET['merchantid'];}
else{$merchantid = "DefaultMerchant";}
echo "<a href='{$site_url}application?merchantid=".$merchantid."'>Application</a>";
}
?>
$_GET is an array indexed by whatever values are in the query string. For example:
http://sit.url.com?merchantId=12&foo=bar
would place the following in the $_GET array:
$_GET['merchantId'] = "12"
$_GET['foo'] = "bar"
You will want a block in your code to initialize a $merchantId variable based on the presence of those values from $_GET:
//folks commonly use ternaries for this:
$merchantId = (isset($_GET['merchantId'])) ? $_GET['merchantId'] : false
Which is a shorthand way of stating:
if (isset($_GET['merhantId']) {
$merchantId = $_GET['merchantId']
} else {
$merchantId = false;
}
As Angelo and C.Coggins mentioned, don't forget the "$" in front of your variable in php.
You either need to assign $_GET['merchantid'] to $merchantid first, or replace $merchantid with $_GET['merchantid'] unless you have register_globals turned on, which you really shouldn't use.
So either add this:
$merchantid = $_GET['merchantid'];
or use this:
echo "<a href='{$site_url}application?merchantid=" . $_GET['merchantid'] . "'><Application></a>";
Besides that, as others pointed out, your original code is missing a $ before the variable name.
As new in PHP, I have a simple question. Am I able to do something like this?
E.g. the user, is redirected to a link like this:
http://website.com/directory?parameter
When that parameter is in the URL, I want a message to appear somewhere in the website, when the parameter is missing, just hide it.
get parameters are stored in the $_GET variable. So you can check if a get parameter is set with:
if(isset($_GET['parameter'])) {
echo 'parameter is set';
}
else {
echo 'parameter is not set';
}
When you pass a parameter like this:
http://site.com/page.php?this=that
You create what is called a GET request. In order to echo what's in the request, you'd do:
<?php echo $_GET['this']; ?>
In this instance, this would output:
that
To read more about PHP superglobals like $_GET, check out this link.
<?php
// Suppose this is URL http://site.com/page.php?url_var=val;
if(isset($_GET["url_var"]))
{
$msg = "your message";
}
else
{
$msg = "";
}
// NOW JUST PRINT $MSG WHERE EVER YOU WANT WITH OUT ANY CONDITION;
echo $msg;
?>