I've made this script, but the 4th line isn't right and I have really no clue how to solve this. I really appriciate if someone helps me. This is my code:
<?php
$url = $_GET["url"];
$badsite = array("http://check.com", "http://hotmail.com");
if($url == $badsite) {
echo "This URL is harmful.";
} else {
echo "Not harmful";
header("Location: " . $_GET["url"]);
}
?>
So the thing which doesn't work is the following line
if($url == $badsite) {
How can I make it so it checks if the GET contains a $badsite?
You don't want to check if the value equals the array, you want to check if it's in the array. Perhaps something like this:
if (in_array($url, $badsite)) {
// ...
}
Side note, you don't need (or want, really) this echo statement:
echo "Not harmful";
header("Location: " . $_GET["url"]);
You might get an error by emitting output before sending a header. But even if you buffer output or in some other way suppress that error, there's no reason to emit output when returning a redirect response. The browser would display it for only an instant, if at all. A redirect by itself is a complete HTTP response, no output is required.
In this case you can use the function in_array:
http://php.net/manual/en/function.in-array.php
<?php
$url = $_GET["url"];
$badsite = array("http://check.com", "http://hotmail.com");
if(in_array($url, $basite)) {
echo "This URL is harmful.";
} else {
echo "Not harmful";
header("Location: " . $_GET["url"]);
}
?>
Related
I want to bind the complete URL in a PHP variable.
My URL looks like this: http://develop.example.com/spf#users/admin.
To get the URL I use following:
http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]
and for the hash value is use this JS:
document.write(window.location.hash);
So my PHP variable looks like below:
$current_url = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"."<script>document.write(window.location.hash);</script>";
When I echo the $current_url I get this output: http://develop.example.com/spf#users/admin.
Now I want to have a check on the current URL:
if ($current_url != "http://develop.example.com/spf#users/admin") {
echo "you are NOT the admin";
}
else {
echo "you are the admin";
}
Unfortunately, even when the URL is exactly the same, he keeps hanging on: "you are NOT the admin".
What is going wrong here?
you can use following script and your code is correct but the problem is "document.write(window.location.hash);" this code remove it then run
<?php
$current_url = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
$match="http://localhost:900/at/";
// echo base64_encode($current_url);
// echo "<br>";
// echo base64_encode($match) ;
if ($current_url==$match) {
echo "you are the admin";
}
else {
echo "you are NOT the admin";
}
?>
Basically I am coding a script where it simply redirects the user to the destination page. And I want to be able to check if multiple websites are not equal to the value; if this is so, it will run a error, else it will proceed.
I can't seem to get this to work though, although I am sure there's a way to check multiple values.
<?php
$url = $_GET['site']; // gets the site URL the user is being redirected to.
if ($url != "***.co", "***.net")
{
echo ("Website is not valid for redirection.");
} else {
echo ("You are being redirected to: " . $url);
}
?>
You can make an array of items to check for and then check if the url is in the array:
if (!in_array($url, array("***.co", "***.net")))
{
}
You can also use multiple conditions like #wrigby showed, but the solution using an array makes it easier to add more (or a dynamic number of) urls. But if there are always two, his is better.
You'll need two complete conditionals, connected with a logical and (&&) operator:
<?php
$url = $_GET['site']; // gets the site URL the user is being redirected to.
if ($url != "***.co" && $url != "***.net")
{
echo ("Website is not valid for redirection.");
} else {
echo ("You are being redirected to: " . $url);
}
?>
I'd like to have my website redirect to the previous page after submitting login info.
I have searched around for this problem
I have echoed the contents of $url and even did strcmp and it evaluates true (not shown here)
Problem: The ELSE statement always evaluates even though $url == mlbmain.php OR course-website.php
Any suggestions?
<?PHP
require_once("./include/membersite_config.php");
echo "</br> </br> </br> </br>";
$url = isset($_GET['return_url']) ? $_GET['return_url'] : 'login.php';
//url now == to /mlbmain.php OR /course-website.php
$url = substr($url,1);
//url now == to mlbmain.php OR course-website.php
echo $url; //Just to make sure
$url = trim($url); //trim it to make sure no whitespaces
echo "</br>";
echo $url; //Just to make sure it's still the same
if(isset($_POST['submitted']))
{
if($fgmembersite->Login())
{
if($url == "mlbmain.php"){
$fgmembersite->RedirectToURL("mlbmain.php");
}
else if($url == "course-website.php"){
$fgmembersite->RedirectToURL("course-website.php");
}
else
$fgmembersite->RedirectToURL("index.php");
}
}
?>
After you press the Submit button you are making a POST request and the return_url variable will not be available anymore which was set with a GET request. You could create a hidden input field that will store the redirect_url and submit it with the form.
Since you say
It seems to be going to index.php by default
The problem is probably either with
if(isset($_POST['submitted']))
or
if($fgmembersite->Login())
and not related to $url at all.
I guess it can not find mlbmain.php or course-website.php at the current folder, so it throws 404 not found an probably you managed this error to redirect to index.php
<?php
ob_start();
echo "<body><p>Hello "
if ($condition) {
header( "Location: http://www.google.com/" );
exit;
}
echo " World!</p></body>";
ob_end_flush();
?>
When $condition is true I get this:
<body>Hello
What I want is when $condition will be true then go to Google!!!
I don't know what is happening, can you explain or give me a solution!?
Thanks.
Just add ob_end_clean(); before the header call.
Everything should work, just put an ; after echo "<body><p>Hello" and you will be fine..
If I were you, I would have started what might go wrong first then do the processing.
An example
$exit_condition_1 = some_value1;
$exit_condition_2 = some_value2;
if($exit_condition_1 == false){
//Redirect
//Exit
}
if(!$exit_condition_2){
//Redirect
//Exit
}
//start the buffer ob_start()
//show some HTML
//flash the buffer ob_end_clean()
there is no point of starting the buffer then if something goes wrong close it and redirect. Just do value testing at the begining then process the request.
An example: lets say that you want to view a product's info and you have a function that will do that
function view_product($product_id){
if(!$product = getProductById($product_id)){
//product does not exist, redirect
}
if(the user does not have enough access rights){
//show a message maybe
//redirect
}
//everything is alright then show the product info
}
To resolve a similar situation where a function was using ob_start() and there was header("Location: http://www.example.com"); after that but erring "already sent...", I replaced the header(... call with
echo "<script> window.location.href = 'https://www.example.com' </script>"
and it worked in that particular case (all that was needed was a just page redirect anyway).
In the following code, the "header:" line is giving problem.
$q = mysql_query($a) or die(mysql_error());
$row = mysql_fetch_array($q);
$ValidationResponse = "false";
if ($_COOKIE['user_name'] != "")
{
while ($row) {
if ($_COOKIE['user_name'] = $row['username'])
{
$ValidationResponse = "true";
break;
}
}
if ($ValidationResponse == "true")
{
ob_start();
header("location:personal_view.php");
ob_clean();
}
else
echo "<script>alert('Invalid Login. Try Again.');</script>";
}
$_COOKIE['user_name'] = "";
Three useful functions I tend to have:
function redirect($url) {
while (ob_end_clean()) ; // do nothing
header("Location: " + $url);
exit;
}
function reload() {
redirect($_SERVER['REQUEST_URI']);
}
function reloadQS() {
redirect($_SERVER['REQUEST_URI'] + '?' + $_SERVER['QUERY_STRING']);
}
The above correctly handles what might be nested output buffers already but will fail if content has already been sent to the user, which you can't do anything about. I'd suggest using the above otherwise you'll litter your code with loops to clean buffers and there's no point in that.
You're using output buffering incorrectly, which is why it's failing. Change:
ob_start();
header("location:personal_view.php");
ob_clean();
to:
ob_end_clean();
header("Location: personal_view.php");
exit;
You should put the ob_start at the very beginning of the script
Also, i'm not sure about this, but i always seen the location header written in this way
header("Location: location.php");
Location with capital L an a space after the colon ": "
This might sound stupid, but are you sure you are not outputting anything before the header() function call? Apache won't redirect even if it finds a newline character before the starting tag <?php in a script.