This is the scenario: a user land on a page which redirects him at certain conditions with the following php lines
header("Location: /access/details/index.php");
die();
The problem is that the page /access/details/index.php should receive the referral URL correctly. I cannot insert an input tag because of the PHP redirect. What is the simpliest way to pass the URL to the redirect destination page, possibly without using other languages such javascript?
There is no way to tell the browser what URL to use for the referrer. Instead, you can pass the referrer as a get parameter in the redirect.
header("Location: /access/details/index.php?referrer=" . urlencode($_SERVER['HTTP_REFERER']));
Retrieve the previous referrer on your /access/details/index.php script by accessing the $_GET super global
$referrer = $_GET['referrer'];
Another option would be to skip the redirect altogether and do a forward. This keeps the current referrer intact.
include("/access/details/index.php");
die();
Related
My problem is that, I have a table with values, when I pulse on one of the cells redirect to a cell details page, in the url I pass the id: "http://localhost/example?id=123456". when I back to the previous page with a cancel or save button does redirect to the previous page and get in id with $_SERVER['HTTP_REFERER'] but when you pulse the back button in the browser I don’t know how to get that url.
You can use the session system of PHP:
$_SESSION['page'] = $_SERVER['HTTP_REFERER'];
To redirect to the last page you can use the header function.
header("Location: ".$_SESSION['page']);
exit();
On the server-side using $_SERVER['HTTP_REFERER'] is enough and you don;t need to store the value of $_SERVER['HTTP_REFERER'] on $_SESSION too. just directly check the $_SERVER['HTTP_REFERER'] val.
For the client-side, you can use document.referrer in JS. Also, it can be helpful for you to know these functions in JavaScript:
history.back(); //Go to the previous page
history.forward(); //Go to the next page in the stack
history.go(index); //Where index could be 1, -1, 56, etc.
Notice: If you have some routing system that handles the URL dynamically on the same path ($_POST or ...) you may need a more complex solution based on your framework.
When I call the script using /landing.php?source=param I want the script to do a redirect to a URL on another domain, but I don't want the people on the other domain to see the source=param parameter in their analytics or server logs, I don't mind them being able to see the /landing.php URL.
Any ideas on a solution?
A solution is to redirect to an URL on your server (possibly the same page) that doesnt contain the query string first, and then send the user to your off-site destination. You can pass the needed parameter/url on your server with a $_SESSION or $_POST
/landing.php?source=param > /redirect.php > www.offsite.com
In your landing.php, check for the source variable and then redirect it to landing.php or another page without the GET variable e.g. :
if(!empty($_GET['source'])){
// Save the source into a COOKIE / SESSION
// Then redirect to another page to strip out the GET variable.
redirect('landing.php');
}
Then either in landing.php or another file, just redirect to the offsite URL. You'll have the source in a COOKIE / SESSION to use if you need to do anything else with it.
When a user submits any form, a $_GET['variable_name'] is sent by the webpage and will give a URL like the following: www.mywebsite.com/index.php?variable_name_here='yes'.
However people can just write the URL www.mywebsite.com/index.php?variable_name='yes' into the address bar of the website and gain access to this part of the script, without actually submitting the form!
This is a problem! It's breaking specific parts of the script linked to that form submission! This is because the part of the script relating to the $_GET['variable_name'] can't get the variables that should be sent by the form as it is never submitted!
How do I stop people getting to specific parts of a script when they manipulate the URL by sending them back to www.mywebsite.com/index.php?
P.S. : This is for user submitted data through a form which is then processed (no SQL or any alike software involved)
If you are worrying about people getting in to your site without logging in or not having correct params, you should first check to see if the correct $_GET variables exist using isset(). If all paramaters you are expecting exist allow them to pass, otherwise use header('Location: /index.php'); to force a redirect.
To redirect from www.mywebsite.com/index.php?variable_name='yes' to www.mywebsite.com/index.php you would need to include the following code below before you open a HTML header! This solution will work for any $_GET variables within your whole website if you place it within an includes("filename_here"), no need to change the code.
//if there are any $_GET variable(s) set (doesn't matter what the name of the variables are)
if (! empty($_GET))
{
//if there is no record of the previous page viewed on the server
if(! isset($_SERVER['HTTP_REFERER']))
{
//get requested URL by the user
$redir = $_SERVER['PHP_SELF'];
//split parts of the URL by the ?
$redir = explode('?', $redir);
//redirect to the URL before the first ? (this removes all $_GET variables)
header("Location: $redir[0]");
}
}
Here is the scenario:
Visitor of Page1.php is being redirected with JavaScript to Page2.php
Is there a way to know that visitor which lands on Page2.php is a redirected visitor by monitoring Page2.php if I don't use any sessions and variables at all in any language?
Without Doing/Using:
URL Manipulation
Cookie
Session
Any kind of Variables
Absolutely no changes to Page1.php
I'm asking this because I don't want other sites to detect that I have redirected users to their website.
I just want to know the possibility.
Just set a flag in the query string when you redirect (append the query string to your redirect location):
Page2.php?redirect=1
Or if you need the referring page:
Page2.php?referer=Page1.php
Then check with $_GET['referer']
You might be able to read the $_SERVER['HTTP_REFERER'], but I personally tend to avoid it because it doesn't always contain what you think it should.
If you don't want to use server-side languages, your only alternative is JavaScript. You could redirect to Page2.php?redirected=true and use the following code to GET the redirected variable on Page2.php.
var $_GET = {};
document.location.search.replace(/\??(?:([^=]+)=([^&]*)&?)/g, function () {
function decode(s) {
return decodeURIComponent(s.split("+").join(" "));
}
$_GET[decode(arguments[1])] = decode(arguments[2]);
});
if($_GET['redirected']){
// Redirected from Page1.php!
}
Source: how to get GET and POST variables with JQuery?
Set a javascript cookie on the initial page when you do the redirect.
On the new page, check to see if the cookie is set, then delete it.
How can you get the HTTP Referrer when redirected from another website, not when they click on a link since it would work for $_SERVER['HTTP_REFERER'], but it doesn't work when a user has been redirected a website and the referrer would be empty.
What will be the method to get the referrer?
How can you get the HTTP Referrer when redirected from another website
You can't. If the redirection takes place under your control, you can add the original referer as a parameter, but if the external redirector doesn't do that, you have no way to get hold of the information.
An example of how I did it. Say we have 3 pages, one calling the next.
page1.com -> page2.com -> page3.com.
in page2.com get the page1.com using:
$referrer = $_SERVER['HTTP_REFERER'];//=page1.com
when redirecting to page3, send $referrer as a GET parameter
page3.com?referrer=$referrer
in page3 read the $referrer from the get.
$initialReferrer = $_GET['referrer'];//=page1.com