I have several folders on my domain, within each folder contains an index.php file that checks to see if the database connection passes or fails, if it fails, the page is redirected to a top level file (outside of all folders) called offline.php. This part works great. The basic format I'm using to redirect if the db is offline is:
if ( !$dbconnect ) {
header("Location: https://www.test.com/offline.php");
}
Then, within the offline.php page, I need to check to see which folder brought the user to the offline.php page, and display a unique message to the user - based on the folder that brought them to the offline.php page.
For example:
test.com/test1/index.php redirects to offline.php, the message would say 'test1 brought you to this page'
test.com/test2/index.php redirects to offline.php, the message would say 'test2 brought you to this page'.
In multiple browsers I've tried the following code, which always results in 'unknown uri':
$url = 'https://' . $_SERVER['HTTP_REFERER'] ;
if ( strpos($url,'test') !== false ) {
echo 'test';
} elseif ( strpos($url,'test1') !== false ) {
echo 'test1';
} elseif ( strpos($url,'test2') !== false ) {
echo 'test2';
} else {
echo 'unknown uri';
}
Suggestions?
EDIT
Due to the unreliable nature of HTTP_REFERER I've decided to put all of the conditions within the index.php page and forget about the offline.php page. A HUGE thank you to everyone who offered suggestions!
Why would you use redirects at all? They are heavy on the server, slow and just plain old unnecessary. Use a switch statement and have 1 controlling page instead of multiple folders and pages.
If you use the following code on your offline.php page, you can see all of the $_SERVER variables available (referring URL is in there)
echo '<pre>',print_r($_SERVER),'</pre>';
From there, you can take $_SERVER['HTTP_REFERER'] use a select case, or if then statement and accomplish your goal.
Based on some of your questions in the comments and people pointing out the use of $_SERVER['HTTP_REFERER'] being unreliable, you could do something like this instead.
On your index.php page with the dbconnect check, you could modify it to be something like this. header("Location: https://www.test.com/offline.php?org=".urlencode($_SERVER['REQUEST_URI']));
Then, on the offline.php,
$page = urldecode($_GET['org']);
$org = explode('/',$page);
echo $org[1] to get the first value after the slash, $org[2] would get the next value etc..
Related
I have a page that will show multiple content, depending on what ID the user has in their URL.
e.g:-
If they have accessed https://stackoverflow.com/#cars - I want to show cars only.
If they have accessed https://stackoverflow.com/#trains - I want to show trains only.
I would like to do this in PHP, as I do not want the other information displayed.
I have tried the following, but with no luck:-
<?php
$url = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
if (strpos($url,'cars') !== false) {
echo 'Car exists.';
} else {
echo 'No cars.';
}
?>
Can anyone please help?
The # part of a URL is an instruction to the browser to navigate to that element of the page as soon as it loads. It's never sent to the server.
If you want to pass information to the server then use query parameters e.g. https://www.example.com?section=trains and then you can use $_GET["section"] in PHP to retrieve the submitted value.
But as someone has noted in the comments, that's a generic way to do this in a web/PHP context, however Wordpress probably has better methods built in to accomplish the specific filtering task you're interested in here.
I'm trying to make a multi-regional website using WordPress. i'm working on url http://localhost/siteone I want when someone come from usa redirect to the localhost/siteone/usa/
I edit the function.php file of wordpress theme with code below, but getting error the url become localhost/siteone/usa/usa/usa/usa
// Detacting user location using ipstack
$json = file_get_contents('http://api.ipstack.com/check?access_key=ACCESSKEY&language=en');
// Converts it into a PHP object
$data = json_decode($json);
$loc = $data->country_code;
//NA = northamerica
//End of Decating user location
if($loc=="NA"){ header("Location: usa/"); }
This works very well sidealone but when I add in function.php in theme file not working and give me a error. what should I do. Should i use some session or anything eles.
It looks like it's trying to redirect multiple times, since it'll check the person's location, then redirect, then after redirecting it'll check again, and redirect again, etc.
What you could do is check whether "/usa" is already in the page URL, and if not, redirect, something like this could work:
if ($loc === "NA" && strpos($_SERVER['REQUEST_URI'],'usa/') === false) {
header("Location: usa/");
}
$_SERVER['REQUEST_URI'] is the URL of the current page, not including the domain.
For languages and create diferents regionals website, I'd recommend you this plugins (pro):
https://polylang.pro/ (just one paid)
enter link description here (anual fee)
Custom code based on language:
<?php
if(pll_current_language() == 'en') {
echo 'Only in english';
} else if(pll_current_language() == 'fr') {
echo 'Seulment en francais';
}
?>
If you prefer control language throught web server, use better: $_SERVER['HTTP_ACCEPT_LANGUAGE']
Link: https://www.php.net/manual/en/locale.acceptfromhttp.php
Regards!
I have index.php that include pages like
<?php
define('MyConst', TRUE);
include_once('template/header.php');
if (!empty($_GET['action'])) {
$action = $_GET['action'];
$action = basename($action);
include("template/$action.php");
} else {
include("template/main.php");
}
include_once('template/footer.php');
?>
With in a template directory I have main.php which has link to other pages like page1.php, page2.php.
Goto page 1
Goto page 2
How could I prevent users form accessing pages directly typing "http://mydomain.com/?action=page1" on the URL? And redirect them to main.php if they have done it?
You can not. What you want is simply not possible.
For the server side there is no way to know whether an URL is typed or clicked.
If I understand correctly, the thing you want is to prevent the user to access http://example.org/?action=page1 unless they came from http://example.org/?action=main. To do that, you must be able to detect whether they came from http://example.org/?action=main. The safest way to do that is to generate some random value that you associate to the users when they access http://example.org/?action=main and to check whether there is a correct value associated to the users when they want to access http://example.org/?action=page1. If not, they tried to access that page directly.
Check for HTTP_REFERER and if it is not pointing to right values (like your meny page) then redirect user.
Maybe you can try this, On your index.php :
session_start();
if(! isset($_GET['action']))
{
$_SESSION['pageAccess'] = true; # Set the key whatever you want
}
then under that script (we need that session_start() used twice) :
if(isset($_GET['action']))
{
if(! isset($_SESSION['pageAccess']) || ! $_SESSION['pageAccess'])
exit('There is no direct access allowed.');
}
Hope this help, have a nice day.
As per your Question:
There are two approaches that you can follow:
Use HTTP_REFFRER and check on desired page if User is coming from the page u wanted. IF he is accessing the direct URL then show him error page.
Use $_SESSION but this approach can be harmful as SESSION will always be there untill browser / instance closed.
So better to go for 1st approach.
And also as per Pehaa, you can not check id URL is typed
I have the following PHP script within a file named login.php
<?php
$ref = $_SERVER['HTTP_REFERER'];
if ($ref == 'http://example.com/dir/invalid.php' || $ref == 'http://www.example.com /dir/invalid.php') {
echo '
<div id="invalid">
TESTTESTTESTTESTTESTTESTTESTTEST
</div>
';
}
?>
I have deliberately went to the invalid.php page (which redirects using header() to login.php) and this div does not show up. Does it have something to do with the referrer not really being invalid.php or is there an issue with the script?
Thanks
I don't think the HTTP_REFERER is what you think it is. Namely, it is the page from which the user followed a link to the current page. However, it's very unreliable as we rely on the browser of the user to correctly report this value.
I would suggest the option I thought you needed, except that the only one I can think of you might doesn't really makes sense... (checking if the url matches a url that's not the current script)... so I do not see what you are trying to do.
As promised several ways to do what you want to achieve:
First off, I don't like this solution at all and really consider it ugly, but it's the one closest to what you where trying to do.
invalid.php
require 'login.php'; // we include the file instead of referring to it
login.php
if ($_SERVER['SCRIPT_NAME'] == 'invalid.php')
{
// do whatever
}
The main difference between what you did and what I did for the user will be that here the url bar will show that you're at invalid.php and not somewhere else. This also means that refreshing doesn't make the message go away.
A better solution in my opinion is the following:
In your script that logs a user in (checks the database and everything):
if (!valid_login()) // pseudo-code, obviously
{
$_SESSION['invalid_login'] = true;
header('Location: login.php');
// previously, we had something like this instead of the two lines above:
// header('Location: invalid.php');
}
in login.php
if (isset($_SESSION['invalid_login']) && $_SESSION['invalid_login'])
{
$_SESSION['invalid_login'] = false;
// do whatever
}
Of course, this should be done with proper session facilities like starting up the session in both those files. Instead of using session variables, you could include the file and use normal variables or send GET variables through the header request, but both those solutions share a problem: refreshing doesn't make the message disappear. However, if you were to move the code from the top file of the two above to login.php (if it's not already there, I don't know what file that actually is...) you could once again use normal variables instead of session variables and have a solution in which refreshing does make it go away. In this case, you might argue that you are cluttering your files with bussiness logic and presentation, but there are solutions to that (like keeping it in a separate file, and including it into login.php, moving the html to another file and including that one into login.php or both.
whats going on is everything is loading just fine url is deigned.sytes.net except for the links when i click about us or services or contact they look like there loading but the content in body.tpl doesn't change from default. maybe you can help me with this why the links are not changing. you u want here are the ONLY php files
I have made phps files for view perpose's but if you insist on it i will post the require code.
designed.sytes.net/index.phps
designed.sytes.net/classes/file.class.phps
In the URLs you name the parameter p but in your files.class.php you actually test for $_GET['page']. So either change the URLs to use page as parameter or change the code to:
// in files.class.php instead of if(!isset($_GET['page']))
if(!isset($_GET['p'])){
// your code here...
} else {
// ...
}
In your original code, as $_GET['page'] does never exist, it always shows the index page.
Another thing that looks strange to me is the following (but maybe it is just how you set it up):
if(file_exists($_GET['page'].'.txt')){
// and lets include that then:
ob_start();
include("contents/". $_GET['page'] . '.php');
$content = ob_get_contents();
ob_end_clean();
}
You first check whether the text file e.g. about.txt exists but then include a PHP file contents/about.php. Is this intended? Does the PHP always exist if the text file exists?
UPDATE:
Also make sure that you properly check the value that you get from $_GET['page'] or however you call it in the end.
E.g. this call http://designed.sytes.net/index.php?page=../index seems to kill your server (sorry it was unintentionally :( )
UPDATE 2:
In order to provide "some" security you could check whether $_GET['page'] is one of predefined values instead of checking whether a file with this name exists. E.g:
$valid_pages = array('home', 'about', 'services', 'contact');
if(isset($_GET['page']) && in_array($_GET['page'], $valid_pages) {
// include page here
}
else {
// redirect to home page
}
That makes sure that $_GET['page'] is not of form of relative pathes like ../index. If it is not one of those values in $valid_pages you redirect to the home page.
I see in your http://designed.sytes.net/classes/file.class.phps file you have $_GET['page'] but on the query string you have p=
an example of what does not work is:
http://designed.sytes.net/index.php?p=about
and then changed to:
http://designed.sytes.net/index.php?page=about
seems to show something different.