I would like to know how to allow http refer from more than 1 site.
For example
<?php
$domain='example.net';
$referrer = $_SERVER['HTTP_REFERER'];
if (#preg_match("/example.net/",$referrer)) {
} else {
header('Location: http://www.example.net/404.php');
};
?>
This code works if I open links from example.net, but I want to allow example1.net and example2.net as well to access the links.
How do I do this? If anyone could help me with this, it would highly be appreciated.
Use the regex operator for or -- | (pipe)
<?php
$domains = Array(
'example.net',
'example2.net'
);
$referrer = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST); // Gets the domain name from referer
if (!preg_match("/" . implode('|', $domains) . "/", $referrer)) {
header('Location: http://www.example.net/404.php');
exit(0); //force exit script after header redirect to ensure no further code is executed.
};
// Normal code execution here...
?>
Related
i'm creating a index.php file for redirect all website to specific host
I'd like create a little php script that read url and redirect based on specific filter.
for example:
if url = (everything).domain1.com redir to default1.php
if url = (everything).domain2.com redir to default2.php
in all other case that not like first or second redir to default3.php
this is possible with php? i must use $_SERVER['HTTP_HOST'] or can I use other method?
i resolved with:
<?php
$domain = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
if (strpos($domain,'domain-name.com') == true) {
header('location: /index2.php');
exit();
} else {
header('location: /index3.php');
}
?>
but not redirect...
I want to redirect visitors to one page on my website if they have come from a certain URL and another if they don't.
<?
$referer = $_SERVER['HTTP_REFERER'];
if ( $referer != "http://URL1" ) {
header('Location: page1');
exit;
} else {
header('Location: page2');
}
?>
Whatever referrer I come to the page on it goes to page 1 and never to page 2. I have used this code in a index.php file so its the first page the visitor is directed too.
UPDATE: alright, so from the discussions, it seems that the reason why your code won't work is that you are checking the referer string using the "now-www" url, while the actual referer string has "www" in the url. Please, make sure to use the exact referer string. Otherwise, if you are redirecting based on the hostname of the referer you can use the updated answer below.
<?php
$referer = str_replace("www.", "", parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST));
switch($referer) {
case "johnchow.com":
header("Location: page1");
break;
case "domain2.com":
header("Location: page2");
break;
default:
header("Location: page3");
}
exit;
For starters change this to
if ( $referer != "http://URL1" || $referer != "http://URL2" )
Secondly, page1 and page2 are likely giving the error because they are invalid. Include the path and extension. For example:
header('Location: http://www.yourlocation/page1.php')
Looks like the error has been clarified...
I have a url such as: http://localhost/project and when the user goes there, I want to redirect to http://localhost/project/en. How do I accomplish this?
You can do this programmatically or using something at the web server level (e.g. mod_rewrite with Apache). Since you've mentioned PHP explicitly, I'll provide you the following.
In a folder called 'project' at your document root, create an index.php with the following:
<?php
Header( "HTTP/1.1 301 Moved Permanently" );
Header( "Location: http://localhost/project/en" );
exit(0);
?>
Here's a link that shows this style and other methods (including mod_rewrite) to handle this:
http://www.phatz.com/301redirect.php
There are many ways. You should be using virtual hosts and rewrite uri to prepare your URL properly, but if you don't want to bother with those and want a method that "just works" exactly for the problem you presented, then try this:
$explode = explode('/',$_SERVER['REQUEST_URI']);
if (count($explode) == 1)){
header('Location: http://localhost/project/en');
}
Edit after comments
Try this, but beware that I haven't tested it, as I don't have my prod. environment here, but it should work. If not, comment :)
$explode = explode('/',$_SERVER['REQUEST_URI']);
$endsWithSlash = FALSE;
end($explode);
if (empty($explode[key($explode)])){
unset($explode[key($explode)]);
$endsWithSlash = TRUE;
}
if (end($explode) != 'en'){
$url = 'http://localhost';
$url .= $_SERVER['REQUEST_URI'];
if (!$endsWithSlash){ $url .= '/'; }
$url .= 'en';
header('Location: '.$url);
}
It works when I input
header("Location: http://www.google.com");
but it doesn't work when I have
header("Location: $_SERVER['HTTP_REFERER']");
I want to redirect the page to whatever page it came from.
Try it: :)
if (!empty($_SERVER['HTTP_REFERER']))
header("Location: ".$_SERVER['HTTP_REFERER']);
else
echo "No referrer.";
However, for determining which page user came from, I'd rather use session variable, which gets reset at every page:
session_start();
echo "Previous page:", $_SESSION['loc'];
$_SESSION['loc']=$_SERVER['PHP_SELF'];
ps: This only works for local pages, you cannot track other websites.
You might try:
header("Location: {$_SERVER['HTTP_REFERER']}");
I've had problems with variable expressions which contain quotes in strings without braces.
You also need to look out for $_SERVER['HTTP_REFERER'] simply not being set. Some user agents don't set it, some privary tools mask it, and you need to handle people coming to your page without a referrer.
Here is a simple solution.
check and see what $_server['http_referer'] is giving you and if its set then you can redirect and if not put a fall back url something like :
if(isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != ""){
$url = $_SERVER['HTTP_REFERER'];
}else{
$url = "YOUR INDEX PAGE OR SOMETHING";
}
header("Location: ".$url);
This is a browser feature, and any polite browser will send the
correct header (although various 'security' tools will override this
with a fake referer).
It's browser specific so not every browser/security software combination will send it to the server. You're better off setting a session variable on each page load to determine which page the user came from (or something similar with a bit more logic)
header("Location: $_SERVER[HTTP_REFERER]");
Without the single quotes. This is the fastest way to access and concatenate array values without extra concatenating code.
Simply you can use
if(isset($_SERVER['HTTP_REFERER'])){
header("Location:".$_SERVER['HTTP_REFERER']."");
}
One of the mistakes that occure sometimes is, that NO OUTPUT must happen before header('Location: ' ....)
This is not working (shows the output, but doesn't redirect):
if (isset($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER'];
$cleaned_url = preg_replace('/[^a-z ]+/i', '', strtolower($referer));
$pattern = '/troester/';
$res = preg_match($pattern, $cleaned_url);
echo $res; // <--- OUTPUT COMES HERE
if ($res == true) header("Location: {$referer}");
}
This is working (does redirect properly):
if (isset($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER'];
$cleaned_url = preg_replace('/[^a-z ]+/i', '', strtolower($referer));
$pattern = '/troester/';
$res = preg_match($pattern, $cleaned_url);
//echo $res; // <--- NO OUTPUT COMES HERE
if ($res == true) header("Location: {$referer}");
}
This is also working, but doesn't make sense ():
if (isset($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER'];
$cleaned_url = preg_replace('/[^a-z ]+/i', '', strtolower($referer));
$pattern = '/troester/';
$res = preg_match($pattern, $cleaned_url);
if ($res == true) header("Location: {$referer}");
echo $res; // <--- OUTPUT COMES HERE, AFTER header('Location: ' ....)
}
(For better understandig, hope this may help)
I've been banging my head against this for a week. I have a page that we want to only be accessible from another domain. Is it possible with PHP or .htaccess? Ive posted a couple attempts to do this on here, nothing seems to work. Please help!
<?php
$allowed_domains = array('dirtybirddesignlab.com','foo.com');
$REFERRER = $_SERVER['HTTP_REFERER'];
if ($REFERRER == '') {
exit(header('Location: 404.php'));
}
$domain = substr($REFERRER, strpos($REFERRER, '://')+3);
$domain = substr($domain, 0, strpos($domain, '/'));
if (!in_array($domain, $allowed_domains)) {
exit(header('Location:404.php'));
}
?>
To expand on my comment, see the line if ($REFERRER == '') block.
<?php
$allowed_domains = array('mydomain.com','yourdomain.com');
$REFERRER = $_SERVER['HTTP_REFERER'];
if ($REFERRER == '') {
// What do you do here?
}
$domain = substr($REFERRER, strpos($REFERRER, '://')+3);
$domain = substr($domain, 0, strpos($domain, '/'));
if (!in_array($domain, $allowed_domains)) {
exit(header('Location: error.php'));
}
?>
Note, the above will fall through to always referring those browsers that haven't reported a referrer to be redirected to the error.php page.
My suggestion is to do something like...
Generate salt, share with other server ($dsalt = output from something like puttygen.exe)
Generate shared key on the other domain during response - $dkey = sha1($dsalt.date('mDY G'))
Put $dkey within page for requests, resulting in "http://www.mydomain.com/getstuff-ajax.php?key=$dkey"
Recreate the same $dkey on your server and compare against the one in the GET to detect non-allowed access
For instance...
Their domain
<?php
$dsalt = "AAAAB3NzaC1yc2EAAAABJQAAAIBNnuGAM6ZKURAS9h9ag".
"H85T1eIE+jlLkq7GhFny8wMJNpSM0stTDWeEYfL+4xWIE".
"lIF3NFvRpDAG/cgXuVmlBcO0ZxxKosrDv0dXCXNt5ciPJ".
"UjFi1e0FEJtkO32xrTDEB2IUg9rZ0tiqqsqnTCZBQ4AEvpMi";
$dkey = sha1($dsalt.date('mDY G'));
// ... Other stuff or whatnot, possible the above is also just an include file
// Then, they use it...
echo "Download stuff";
?>
Your domain - include('/path/to/domaincheck.php')
<?php
$dkey = $_GET['key'];
$dsalt = "AAAAB3NzaC1yc2EAAAABJQAAAIBNnuGAM6ZKURAS9h9ag".
"H85T1eIE+jlLkq7GhFny8wMJNpSM0stTDWeEYfL+4xWIE".
"lIF3NFvRpDAG/cgXuVmlBcO0ZxxKosrDv0dXCXNt5ciPJ".
"UjFi1e0FEJtkO32xrTDEB2IUg9rZ0tiqqsqnTCZBQ4AEvpMi";
if (sha1($dsalt.date('mDY G')) != $dkey) {
exit(header('Location: error.php'));
}
?>
Notice both the $dsalts are the same. I generated that with puttgen.exe.
Something along those lines. You will need to handle cases in which the key may expire, or whatnot. Another method may be to share valid $dkey's between your servers with a timestamp and expire them after a certain amount of time (maybe one hour).
theirserver.com and yourserver.com
Salt, or in other words, private key, same on both servers
Function to (re)create the hash using the salt and some date stamp, same on both servers
Browser
Links to yourserver.com includes generated key (hash) created from static salt and date stamp function
You can use something like this:
<?php
$allowed = array("xxx.xxx.xxx.xxx", "xxx.xxx.xxx.xxx");
$ip = $REMOTE_ADDR;
if(!in_array($ip, $allowed))
{
header("Location: index.php");
exit;
}
?>
Replace xxx.xxx.xxx.xxx with the ip address of the site?
It will check IP address of traffic and if it's not in the array will redirect them elsewhere as defined in header location
Based on checking if the refferer is from a certain page try this:
<?php
$referer = $_SERVER['HTTP_REFERER'];
$referer_parse = parse_url($referer);
if($referer_parse['host'] == "mysite.com" || $referer_parse['host'] == "www.mysite.com") {
// download...
} else {
header("Location: http://www.mysite.com");
exit();
}
?>
Try the following with .htaccess.
order allow,deny
deny from all
Allow from "domain to allow without www"
if domain name doesn't work, try
Allow from "IP address"
Exclude "" in the actual file.