This question already has answers here:
Determining Referer in PHP
(5 answers)
Closed 8 years ago.
Im Kinda A Noob With PHP,
I want to keep my page accessible only from a link
etc. I only want to allow people who clicked a link to my page from example.com
and others like from google.com to redirect to another page on my site etc. a error message
How Could I Do This?
if(isset($_SERVER['HTTP_REFERER']))
$referer_host = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST);
else
$referer_host = '';
if($referer_host != 'example.com')
{
header('Location: http://example.com/error');
exit;
}
People not sending (correct) referers for various reasons will be entirely excluded from your page.
Of course bookmarking your site etc. will also not work.
As headers can be faked by the client at will, I would not call this a "security" feature.
Related
This question already has answers here:
How do I make a redirect in PHP?
(34 answers)
Closed 6 months ago.
Hello, I want to make a panel so that we can change the redirection link of the page,
in the header(); .
I want that the header($result); redirect to "amazon.com" the official site (for example) and not http://localhost/amazon.com
($result which is amazon.com obviously)
Is it possible ?
I have already tried with javascript :
<script type="text/javascript">
window.location.href = '<?php echo $result; ?>';
</script>
But it also returns me
"http://localhost/amazon.com"
And here is the php code
header("Location: .$result");
exit;
Thanks in advance for your help
Your URL is missing the scheme (https:// or http://) or the marker to indicate that it is a scheme-relative URL (//).
amazon.com is therefore treated as a relative path and not as a hostname.
You need https://amazon.com
This question already has answers here:
Short way to link to http from https (and vice versa) using relative links
(6 answers)
Closed 5 years ago.
I want to use the full URL for the location of my css, js, and image files in my header.php file. So that when the header.php file is called from another folder directory, it doesn't break the link.
However, I want the site to be accessible by http and https, set by the user in their profile settings in the web application.
I started to write some code below of the solution but I'm not sure if this is the correct way of handling this.
config.php
<?php
// use https
$use_https = true;
?>
header.php
<?php
if ($use_https == true) {
$proto = "https://";
} else {
$proto = "http://";
}
?>
Link
The easiest way is to just do:
Link
Or since it's on your own server, just:
Link
Make sure to include the initial slash, so that it is relative to the root of your site, and not to the current page (this will prevent the link from breaking).
That being said, if your site works with https, you are probably better off just always using https, since you don't really have performance concerns anymore.
This question already has answers here:
Prevent direct access to a php include file
(33 answers)
Closed 8 years ago.
Suppose, I am building website. I want the user to be able to access the index.php file only. I also have other files like www.mydomain.com/aboutus.php files and user can access them if he types this in his address bar. I want the user to be able to access www.mydomain.com only.
How are such security features built?
If I understand correctly that you want to allow them to only be able to access your index/root document (www.mydomain.com/index.php etc.) and not be able to type in: www.mydomain.com/aboutus.php it is fairly simple using the HTTP referrer to make sure that the page they came from was the right one:
Important note (edit): The $_SERVER type variables are susceptible to forgery by the client from something like cURL or even telnet and can be the basis for CSRF type attacks, so this is by no means a secure implementation vs. something like session tokenization.
aboutus.php at the very top:
<?php
// Put the url they came from
$ref = $_SERVER['HTTP_REFERER'];
if($ref !== 'http://mydomain.com/index.php') {
die("Must come here from index");
// uncomment below to redirect them automatically
// header('location: index.php');
}
// Otherwise they came from index so show the page.
echo "Displaying about page:";
echo $content;
?>
This question already has an answer here:
Closed 10 years ago.
Possible Duplicate:
PHP redirect based on IP AND referrer
is it possible to redirect a user if they access the site from another location, what i want to do is when the user access the site from google, he will be redirected to the main site, but if he accessed the website from the link that came from the "main site" , a pop up window will appear that contains the restricted site, but since the user came from the "main site" he will be granted access.
any php or javascript will do, as long as it will check if the user came from the main site.
or if possible check from what "IP" the user came from to grant access?
Redirecting the user can be accomplished using the header() method and setting a "Location: " header for the new target. The conditional can be expressed by evaluating the Referer Header send by the client, this should be available in one of the PHP system variables, see http://php.net/manual/en/reserved.variables.server.php
Something along the lines of:
if (preg_match("/your-domain/",$_SERVER['HTTP_REFERER']) {
header('Location: /hidden_page.html');
} else {
header('Location: /');
}
should do the trick.
To redirect the google bot and that actions' implications see Does Google bot crawl entire site if there is a redirect and http://forums.digitalpoint.com/showthread.php?t=1210
For figuring out what's inside the variables and how to use regular expressions in PHP, use this example code
<pre>
<?php
echo $_SERVER['HTTP_REFERER']."\n";
echo $_SERVER['REMOTE_ADDR']."\n";
if (preg_match("/188.174.82.97/",$_SERVER['REMOTE_ADDR'])) {
echo "Yes";
} else {
echo "No";
}
?>
</pre>
in your script or something like phpfiddle.org
check $_SERVER['HTTP_REFERER'] variable in a conditional to see what the user's referrer actually is and then use header() method to actually redirect to another URL.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
How can one check to see if a remote file exists using PHP?
I want to programatically check if a website is live or not. I know i can do this by opening the url using "cURL" or "fopen" but it takes a lot of time because it needs to fetch the full page.
Furthermore, this method is not reliable because there can be other reasons like unsupported protocols to be able to open the website.
Is there any other way??
You could simply use HEAD request to get only the headers of the page and not the whole page. Still, the website will still generate the full page but at least you won't download everything.
To achieve this, you can use many methods, just check how to change the headers of the request and instead of doing a GET, you can do a HEAD.
fopen() and fread() do not read the entire webpage (not necessarily anyway). You can use that and read only a few bytes to determine the website exists (200 OK).
You could just send a header request and check the http response codes?
$file = 'http://www.test.com/idontexist.jpg';
$file_headers = #get_headers($file);
if($file_headers[0] == 'HTTP/1.1 404 Not Found') {
$exists = false;
}
else {
$exists = true;
}