Does anybody know how to detect in PHP if meta refresh was made to visit our page?
I mean, some page have the following html code
<META HTTP-EQUIV='refresh' content='3; URL=http://www.example.com/mypage.php'>
And I want to detect in mypage.php if it was realy that way of redirection.
P.S. website with meta refresh is not my website, so I cannot pass any parameters
P.P.S. I don't know exact URL of the website with meta refresh, it can be anything.
P.P.P.S. I am not interested in origin of redirection, I am interested in the FACT of that redirection.
Just use sessions or cookies.
Check if it exists, elsewhere create it (to be detected on next refresh).
Some like:
session_start();
$currentPage = $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
if (empty($_SESSION['lastSeenPage']) {
if ($_SESSION['lastSeenPage'] == $currentPage) {
// Comes from Refresh
}
}
$_SESSION['lastSeenPage'] = $currentPage;
Maybe you need to check if that SESSION persists after visiting another pages.
You can check it (where "//comes from Refresh") with
if($_SERVER["HTTP_REFERER"]== $currentPage) {
// do the stuff
}
Related
I have read many related question here but seems not solve my problem. How to destroy session in PHP when user clicked at the browser back button.
Example, current page is home.php, when back button is clicked, it will go to index.php. So should be session will by destroy.
I trying both options. But still not destroy the session.
First Option (home.php)
<?php
session_start();
if (isset($_SESSION)) {
session_destroy();
}
?>
Second Option (index.php) This is not practical.
<script language="javascript" type="text/javascript">
window.history.forward();
</script>
If you want a reliable way to clear all values of any current session you can use this on the loading of any page where you want to remove session data:
<?php
session_start();
if ($criteria_for_session_deletion === true) {
$_SESSION = []; // _SESSION is now an empty array
}
This will remove any value from the superglobal. It will not change the identity of the superglobal, but that shouldn't be important if the variable is now empty.
It is unclear from your question but you may be having overlap issues with browser caching of the outputted HTML page. Please clarify exactly what you're trying to delete?
Clicking on a "back button" is a very problematical way of solving this concept and we really need some clarification from you as to what's actually going on.
If you have a user who needs to have session data removed then you should check this in PHP on a script before any outout is sent to the browser, and then triggering the above code when required.
You maybe should have a "validity check" script included in each page so every time one of these pages is loaded your "check script" is called, and deletes the session data when the deletion criteria is met.
Why do you want to destroy session? That is just irritating. I have seen such implementations in government/bank websites and it pretty much sucks.
Rather you should redirect the user to dashboard if the user is logged in.
This doesn't directly answer OP's question but is a better way.
Something like this:
if (isset($_SESSION)) {
header('Location: <dashboard-page>');
exit;
}
i want a hard coded Login Page (login.html), with no database.
If a person writes correct username and password, it redirects to (page2.html).
Now my problem is that if a person write the URL directly for page2.html , he will be able to access it, without any login.
Ideal Case => www.example.com/login.html => if Correct => www.example.com/page2.html
Problem Case => www.example.com/page2.html => page2.html , NO LogIN :(
You can control all this with a php session like this
//set the session on the login page
$_SESSION['loggedIn'] = true;
//on the second page you check if that session is true, else redirect to the login page
if($_SESSION['loggedIn'])
//allow
else
//redirect to the login page
header('Location: /login.html');
A session is a way to store information (in variables) to be used across multiple pages. By default, session variables last until the user closes the browser.
To make things simple, you can change your pages into php (e.g login.php).
Line 1: In your login.php page, you will first check if the username and password are correct, if they are, set the $_SESSION['loggedIn'] = true
Line 2: In your second page (page2.php), you will first check that the user did login by checking if the session have a value if($_SESSION['loggedIn']) {//allow processing}
Line 3: If that session variable is empty, then this means the user did not login, redirect him to the login page else { header('Location:/login.php');}
To start off: I have no idea how you would like to compare the password and username with something and check whether it's correct or not, but for now I would do something like this (again, this is without database).
You have 2 options: Either use a session as stated above, or the bit easier way: Just use theisset() function.
<form action="page2.php" method="POST">
<input type="text" name="userName" required>
<input type="password" name="password" required>
<button type="submit" name="submit">Send!</button>
</form>
page2.php will contain the next code:
if(!isset($_POST['submit']) {
//direct back to a certain page, could look like this:
header('Location: xxx.php');
exit();
//exit() prevents the code from running, it litterly EXITS the code as soon as it hits that line.
} else {
//direct to page2.php
}
Let's break it down: Why did I use the extension .php? Because you cannot do this purely with HTML.
Why did I use (!isset()) instead of isset()? Because a good practice is to think in security first, you don't access an important area and THEN check whether someone has lethal weapons or not. You check first and then you allow him either in or denie access. This is a quite simple and common way to prevent someone from accessing your page with the URL, however a SESSION is better and a bit more experienced practice.
This problem cannot be solved with a pure HTML solution. Your question is tagged as php so I'll base my answer on that:
Post your form to a php script (such as login.php)
Script checks the login details and sets a cookie
page2.html must be php instead, and checks for the cookie before displaying the HTML
Another option is using HTTP authentication, see this article for a tutorial.
You could block that page's access from external locations in your server securtiy settings,
then send the html of that page to the browser on successful login with fil_get_contents('page2.htm') in php. the php is run on the server so the file request won't be from an external source. you could overwrite html on the page using javascript or you could echo the contents on an if in php that will show the normal page on else
eg
if(isset($_GET['Login'])
{
//check login details
//if(....) //put your login check logic here
{
echo file_get_contents('page2.html');
}
else
{
//normal page's code goes here
}
}
Note:how to set the file to disallow external access is outside the scope of my answer
I had the same problem and found this and it works perfectly: (in javascript)
Just put it at the top of the document.
var x = document.referrer;
if (x == "page2.html") {
console.log(x);
} else {
window.location.href = "login.html";
};
change the default path for your website by using complete path to login.php. Next time when any of the user will type your url, they will be redirected to the given path which is yourpath>login.php
Hope it will help.
If you are using Asp.net, perhaps you can use TempData. They stay with the session between pages.
if (/*username and password are correct*/){
TempData["LoggedIn"] = "True";
} else {
TempData["LoggedIn"] = "False";
}
Then, when your controller tries to load page2 you just check the value of TempData.
var validate = TempData.Peek("LoggedIn");
if (validate == null || validate.ToString() == "False"){
return RedirectToAction("login");
} else {
/*allow access to page*/
}
Using .Peek keeps the TempData, as it would normally be marked for deletion if it was accessed. You also want to check it for null as it may have never been assigned if the user does not first go through the login page.
You can prevent that by checking if the user is already logged in
// If the user is not logged in redirect to the login page...
if (!isset($_SESSION['loggedin'])) {
header('Location: login.php'); //here you put your login page
exit;
}
So for some reason, I tried http_referer and it isn't working for me...or maybe it is but this is the reason why I'm trying a workaround. I'm testing a login script in my browser and I want the user to go back to the previous page which they were visiting.
The issue I ran into is when I put in my login credentials, Firefox and Chrome pop out a "Save Password" option and I THINK it acts like a page. So when http_referer is called or when
echo '<script type="text/javascript">javascript:history.go(-1);</script>';
The page is still on the login page! Well what if the user clicks once "Don't Save" and that option is saved...then using history.go(-2) wouldn't work. Here's the workaround I tried but I can't get it to work.
Initially if the login info is correct, I call the first history.go(-1). Then I'm using this function to get the current page and if it matches login.php, I want to go back one more page! But it's not working. Please advise me
if($login_check > 0){
echo '<script type="text/javascript">javascript:history.go(-1);</script>';
function curPageName() {
return substr($_SERVER["SCRIPT_NAME"],strrpos($_SERVER["SCRIPT_NAME"],"/")+1);
}
$curpage = curPageName();
if ($curpage = "login.php"){
echo '<script type="text/javascript">javascript:history.go(-1);</script>';
}
}
I've also read to use sessions but my session array saves data for the shopping cart so I'm not sure how I would use sessions for navigation.
Why not store the URL of the page that redirects to the login page in a session and then redirect to it on a successful login? That way even if the user has a few failed login attempts they'll still get to the right page.
Another benefit for this method over javascript is that the redirect is sent in the header on page request, no need to send the user js.
Save the URL as a session variable when the user is not logged in.
// not logged in
$_SESSION['redirect_url'] = 'http://'.$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
//now redirect to login page, something like
header("Location: http://www.site.com/login");
Nb. The URL above is crudely constructed, if you are using SSL or a different port (not 80) you'll need to change it accordingly.
Retrieve it on successful login
//login successful
header("Location: ".$_SESSION['redirect_url']);
exit;
I have a section of a website that sets a session variable. On another section of the site, if that variable is set, then it redirects them back to where the part of the site that set the variable.
<?php
//page1:
session_start();
$_SESSION['pg1']=true;
//page2
if ($_SESSION['pg1']===true)
{
header('Location: http://www.mysite.com/?page=1&WELCOME_BACK');
}
?>
I think this behaves like I want by defalut, but I want Googlebot to be able to visit page1, then visit page2 without being re-directed. Can anyone confirm that?
What I mean is, does a visit from Googlebot (or other SEs in general) generate a session that persists between pageviews.
(I know, if someone closes their browser they can come back to page2, but it's okay if they do that.)
Googlebot does not accept cookies from strangers, so there will be no session variables when it visits your second page. This will result in what you want to happen here, but keep it also in mind for future reference.
if ($_SESSION['pg1'] == true && strpos($_SERVER['HTTP_USER_AGENT'],'Googlebot') === false)
{
}
List of user agent strings: http://www.useragentstring.com/pages/useragentstring.php
Is there anyway to determine if a page has come from a php redirect?
I have a session saved of the last time the page was refreshed, but i dont want it to set if the page has come from an instantly referred one.
To give some idea of what i'm doing, i have this code on my site to stop users refreshing more than once per second:
$now = time();
if ($_SESSION['click'] > ($now-1)) {
exit("Woah, you're clicking too fast!") ;
}
$_SESSION['click'] = $now;
However, I don't want the click session to set if the page has from from a php redirect, or a form post, etc. Any solutions?
How about using referer?
if( $_SERVER['HTTP_REFERER'] == "http://mydomain.com/formmail.php" )