I have php files that i do not want users to be directly access by typing in the URL, therefore I have hidden these using .htaccess. However I want the user to be passed on (referred) to the next php file once they have logged in.
e.g. 123.456.789:8080/one.php is the login page and the user will then be sent to 123.456.789:8080/two.php.
Below is an example of some code that i found on here, but have not been able to make it work for my variables, and the fact I have the IP address and port no. Thanks
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?site\.com/ [NC]
RewriteRule (^|/)B\.php(/|$) - [F,NC]
If you are using php for the logon can you not use something like this?
if( $logged_in){
header("Location: http://somesite/two.php");
}
Related
I'm working with a client who has a site with many subdomains representing different areas covered in his locksmith business. He picks up a lot of traffic from directory websites, and wants to use his domain only as the link on these websites. When someone clicks it, he wants them to be redirected based on a keyword in the referring URL.
For example, a referring Yell URL could be
yell.com/ucs/UcsSearchAction.do?keywords=locksmith&location=Watford%2C+Hertfordshire&scrambleSeed=1311994593
Client wants htaccess or something similar to pick out the keyword 'Watford' from that URL, and redirect to watford.hisbusiness.com accordingly.
This isn't something I've done before and I'm baffled. Research found no clues.
You can check HTTP_REFERER to grab information from the referring URL.
RewriteEngine on
RewriteCond %{HTTP_REFERER} yell\.com/.*\?.*\&location\=(\w+)\%2C\+(\w+)
RewriteRule ^$ http://${lower:%1}.hisbusiness.com/ [R=302,L]
The ${lower:$1} is used to make Watford lowercase. In order for this to work, you'll need to add the following to your httpd.conf or virtual host configuration file:
RewriteMap lower int:tolower
Note: The rule in place above is designed for the domain root (hisbusiness.com) only - that is to say that a request to hisbusiness.com/something won't trigger the redirect. If you'd like it to check for the URI as well, use the following rule instead:
RewriteRule ^(.*)$ http://${lower:%1}.hisbusiness.com/$1 [R=302,L]
To make the redirect permanent and cached by browsers/search-engines, change 302 to 301.
Use Header on PHP using your required conditions:
if(condition 1){
header("Location: http://mywebsite1.com");
}
if(condition 2){
header("Location: http://mywebsite2.com");
}
else{
header("Location: http://mywebsite3.com");
}
You can use [stristr][1] on the if condition.
In our sites we are doing a image protection section. So as a part of image protection we need
provide antihotlinking for images.In our site we are showing the image using a generated url.
For example in our site the image source is like: image_file.php?type=image&w=10&h=10&i=12
(this only a fake url for example purpose).
So using this url we need to show image in our site and at the same time want to prevent it from hot linking is there any way for prevent hotlinking?
If you can utilize the .htaccess method then great, additionally, as I said in my comment, a 100% fool proof way is to utilize base64 encoding. When you are displaying images, you can use this code to convert them to base64:
<?php
$imagedata = file_get_contents("/path/to/image.png");
$base64 = base64_encode($imagedata);
?>
<img src="data:image/jpeg;base64,<?= $base64; ?>" />
Also, if you want to get really creative, you can "RAT" the hotlink "thieves" out by displaying an alternative image using your .htaccess file... do this like so:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg|png)$ http://www.mydomain.com/dontstealmystuff.png [R,L]
just make sure dontstealmystuff.png is available on the server
basic .htaccess example
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
above allows a blank REFERER (like me).
this does not:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
there are quite a few variations you can find, may need to play around a bit to find what is best for you.
Image hotlinking is usually detected by referer, but it won't work when:
user has turned off referer sending in his browser (I have this for privacy purposes)
page is viewed via HTTPS (browser shouldn't send referer data).
You'll block your actual users from viewing images.
Consider using sessions / cookies when dealing with this problem. You'll have to pass every image via php script then.
Generally speaking the proper way to do this is in something like an .htaccess file with a command such as:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?somesite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://i.imgur.com/aNbhd.jpg [L]
However to do this in PHP it's basically the same. All you do is verify that $_SERVER['HTTP_REFERER'] starts with the URL for the page. However it's possible to spoof the HTTP_REFERER so it's not going to be 100%. However the user has to do this (an external site pretty (mostly...) much can't spoof this), so it will prevent other sites from embeding your images without placing your site in an iframe or some other hoopla.
Another way, and probably the safest though it's going to be the hardest on the server, is to use the $_SESSION variable to pass a token/flag around, then check the token.
session_start();
$_SESSION["allow_images"] = true;
Then on the PHP page that gets the image for them:
if($_SESSION["allow_images"])
{
//Send some pics!
}
However this only works if the user hasn't been to your site recently enough to not have their own session still active.
You can try checking the value of $_SERVER['HTTP_REFERER'] against a known value, but as the documentation states, that can be spoofed. It might help against the common case, though.
in image_file.php use http_referer for this.
$ref = isset($_SERVER['HTTP_REFERER'])? $_SERVER['HTTP_REFERER']: "";
if ($ref != "" && strpos($ref,'http://www.yourdomain.com/')===0)
{
//the request for this image is coming from some other domain, so take appropriate action
}
else
{
//do whatever logic you are currently using to show the images
}
Find a full-blown solution here: http://safalra.com/programming/php/prevent-hotlinking/
Is there any way to redirect every pages on a website to another website ?
Actually what I mean is that, I own two websites eg :
1.com
2.com
2.com is my main website. When I add a page to 2.com (eg:2.com/index.html), 1.com ignores it and creates (1.com/index.html) with the redirecting code to 2.com/index.html.
Can I do this ?
Is there any way to do this by php ?
Actually what I need is a script that automatically create files which are added to my 2nd site on my 1st site. So Can I do this with php and mysql or any other scripting or programming language?
If you own both domains you could just both redirect them to your website using a DNS-A-record or whatever and then simply use a server alias (Server Alias) as outlined on apache.org. If the user then visits the domain, he will still see the original domain, which he visited.
Another way would be using a rewrite rule as described by this blog:
RewriteCond %{HTTP_HOST} ^www.2.com$ [NC,OR]
RewriteCond %{HTTP_HOST} ^2.com$ [NC,OR]
RewriteCond %{HTTP_HOST} ^www.2.com$ [NC]
RewriteRule ^(.*)$ http://1.com/$1 [R=301,L]
Then your users would always see 1.com in their address bar.
Impossible to do with PHP, since a PHP code is executed when file is launched, and not when any file on server is launched.
Possible with .htaccess:
RewriteRule (.*) http://www.newdomain.com/ [R=301,L]
Redirecting to www.newdomain.com from every page on your old domain.
See this post for more methods about redirecting.
// Put this script on 1.com and it will redirect to to 2.com or vice versa
<?php
header('Location: http://2.com/index.html');
exit();
?>
If I did not understand your question correctly, let me know and I will help you as best I can.
// Super hack time
<?php
// 1.com
$files = scandir('./*'); // not recursive, note that
$sent = file($files['log.txt']);
unset($files['log.txt']);
$notsent = array_diff($files, $sent);
foreach($notsent as $file) {
$contents = file_get_contents($file);
// Use curl to post to 2.com receiving script http://davidwalsh.name/execute-http-post-php-curl
file_put_contents($sent, $file, FILE_APPEND);
}
?>
Disclaimer: Have not tested, but it is the most direct way to do what I think you want. Again I really don't know why you would want to do this.
The above answer can only be used before any html has been loaded. If you're looking for something that is easier to implement use this:
<script>window.location = 'http://google.com';</script>
I'm not sure if I completely understood your question.
With PHP
header('Location: http://2.com');
With HTML
<meta http-equiv="refresh" content="2;url=http://2.com">
Having provided more information:
Add a CNAME record to the DNS of 1.com with the value of 2.com
I would prefer to setup Nginx web server on 1.com and configure it as a proxy, so 2.com actually handles all requests. Thus you can avoid replicating the whole 2.com on 1.com and at the same time the user browser will not be redirected to 1.com like if you use Location header.
Please help me to resolve hotlinking, how to prevent direct access to this URL and redirect visitors to index.php:
http://www.example.com/index.php?link=http://www.anysite.com/dir/file&name=on&email=on&submit=on
are you searching for something like this:
if(!strpos('mysite.com',$_SERVER["HTTP_REFERER"])) header('Location: index.php')
For purposes of answering this, I'm going to assume you don't care if the same user accesses
it multiple times (provided that the first visit came through the main index page). This also assumes the user will accept a cookies.
When on the main index page:
start up a session on index.php
put some random value inside their session. eg: md5(microtime()) = af1929191...
also put that random value inside each url as another parameter eg: index.php?verify=af19...&link=http://foo.com
When loading a url:
check to see if the "verify"
param is set if it isn't there,
redirect them back to main index
page. Or more helpfully, since you are creating a weird behavior, show them
a error message indicating what you are doing, and why.
Start up the
session and make sure that the value
in their session matches the value
in the url.
Using an htaccess file is a common solution to this problem:
from http://altlab.com/htaccess_tutorial.html
This code in particular redirects anyone trying to hotlink an image.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://img148.imageshack.us/img148/237/hotlinkp.gif [L]
So basically I want users to be able to go to my website with a URL of something like /45678, instead of having to use /?p=45678, so really I just want to remove the variable name. I've tried using mod_rewrite, but it seems that is only for removing the name when the page is visited.
Here is the current code:
RewriteEngine On
RewriteCond %{QUERY_STRING} ^p=([0-9]+=$
RewriteRule ^/$ /%1 [R]
Simply change all of your links to /45678 rather than ?p=45678. Or did I misunderstand you completely? Because what I got from your post is that it works properly, unless you manually access the ?p=45678 where as it stays as ?p=45678.
EDIT:
This is what I am using for http://www.madphp.org/dev/, give it a go, works like a charm for me (it also removes the index.php part). To access your now cleaner URL you would simply explode the $_SERVER['PATH_INFO'] variable to get all of the required parameters within your PHP script.
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
Have you set up mod_rewrite correctly? If so, you can use variables like simple $_GET variables, in this case you must access $_GET['p'] in PHP.
I did this without using .htaccess, but it does query a database. I wrote this a while ago so it uses PEAR DB, adjust to your database/connection method. I'll just copy my code and let you figure out what changes you need.
$db=connect_db();
$name=substr($_SERVER['PHP_SELF'], 20);
$name=strtolower($name);
$id=$db->getone("select id from user where login='{$name}'");
header("Location: /dragonart/profile?user=" . $id);
If you store your information in a database this may be a nice alternative. The downside is that the the URL is not rewritten and the user is ultimately sent to a page with ending in a $_GET variable.
edit:
Just realized that using my method a simpler method can be used for the answer. Since my solution was used to find the id of a user using their username and then send someone to their profile (which requires the id) a better solution would be something like:
$var=substr($_SERVER['PHP_SELF'], $length);
header("Location: /path/to/page?p=".$var);
where $length is the usual length of the URL without the variable at the end.