My current url is http://domain.com/example.php/link=eg But if someone plays with url and puts url as http://domain.com/example.php/abcdefgh97654 - anything, my all functions all links from that page become inactive.
I tried using <?=HTTP_SERVER;?> before all links in my php files but as my website has user registration and sign in, when user signs in and clicks on any menu (link from php script). It throws on index.php page. But if user logs in again it works perfectly. In short user needs to log in twice to work everything perfect.
Basically I want two solutions one I want to redirect www dot
domain dot com/example dot php/abcdefgh97654 - anything (wrong url
page) to errorpage (I already done this in htaccess) but does not
work for above type.
List item
And want to solve two time log in problem.
If anyone has solution for this will be appreciated.
For you to do this, you have to know what values are supposed to be passed via $_GET variable to your page. Then you can create filter for the values and user header(); function.
Here is my suggestion:
<?php
$var=$_GET['val']
//get expected length if you need.
if(strlen($var)>9 or strlen($var)) {
$redirect=true;
}
//if you know what you are expecting
$vals=array('val1', 'val2, 'val3');
if(!in_array($var, $vals)){
$redirect=true;
}
//continue or replace your filters in this manner and asign your value to $redirect
if($redirect==true) {
header("Location:url"); // do this before anything else is printed to the page or else it will say headers already sent.
}
?>
Related
I have a site with a normal admin and a super admin, both share some functions. A new function I am introducing is a admin serial activation. This is already implemented in normal admin and now I am trying to add same code to super-admin. If you are in normal admin or super admin you would click the serial to activate and move on to activate2.php to activate. All works well and good unless you change your mind about activating serial, in which case you would click 'back' or a 'cancel' button to return to previous screen. I currently check what the previous page was using php:
$ref = $_SERVER['HTTP_REFERER'];
The idea is to show a different return url on 'back' link and the 'cancel' button depending on if the previous page was 'super-admin-serials.php' or just 'admin-serials.php'. I tried to match 'super-admin-serials.php' in $_SERVER['HTTP_REFERER'] to deduce what the previous page was and allow the user to go back to his previous page. But the code I have put together does not work, so if anyone out there can help with this simple function it would be much appreciated. Here is the code I have so far on the independent 'activate2.php' page to cancel and return to previous:
$superpage=array('super-admin-serials.php');
$ref = $_SERVER['HTTP_REFERER'];
if (in_array($ref, $superpage)) {
echo "back (super admin)";
} else {
echo "back (normal admin)" ;
}
The HTTP referer may not just contain the name of the script it comes to, it usually includes a fully qualified URL such as http://example.com/foo/your-script.php.
Instead of observing the HTTP referer (which will be lost if they refresh the page), I suggest that you pass an argument from the first page to the second to determine where they came from, and send them back where you need.
Transparently the user will be accessing either of:
activate2.php?super=1
activate2.php
Then the following code will do what you want:
$isSuper = !empty($_GET['super']);
if ($isSuper) {
echo "back (super admin)";
} else {
echo "back (normal admin)" ;
}
I understand you have some kind of sign in feature and you cannot be logged in simultaneously with two different users (if that's not the case, just make sure you aren't running an insecure site that can be easily hacked). In that case you should already have that information on the server so it's both unnecessary and unreliable to gather it from client-side. So code would look like this:
if ($_SESSION['is_super']) {
echo 'back (super admin)';
} else {
echo 'back (normal admin)';
}
(Please note I've also removed double quotes, which served no other purpose than making code harder to write and read.)
In any case, you must be aware that HTTP_REFERER:
Will get lost if you add extra steps (e.g. show form errors to get them corrected)
May not be there at all (some proxies and security programs strip it)
Will often include extra stuff that make a simple string comparison fail, like GET parameters (and it's of course a full URL)
If you opt for it anyway you may want to have a look at parse_url() as starting point.
For example, I have a page called profile_page.php. This page is only functional if data is written after the ?u= in the URL, for example, data for Alice's profile page can only be seen when the URL reads http://localhost/profile_page/alice.
Loading http://localhost/profile_page will give me undefined variable errors as most of my variable's are depending on the URL to have a value after the ?u=. For example, the variable $firstname can only be gathered when I get her username in the URL.
In such a case, when http://localhost/profile_page, I would rather have it redirect the user to their own profile_page, but I don't know how I can test the URL and parse it through an if statement.
I understand you can use $u=$_GET['u']; to obtain the current page URL? but I don't think doing this, is the best way to go about it:
$u=$_GET['u'];
if ($u == "http://localhost/profile_page/"){
// redirect to logged in users page code here
}
First, if you are using some parameter for your page to build, the url would looks like httlp://localhost/profile_page.php?firstname=alice&lastname=brown, with $_GET['firstname'] you will get alice in this case. If you want to test if the parameter is set first and redirect to another page if it is not set, you could use
if(!isset($_GET['firstname'])
{
header('Location:redirected_page.php');
}
I am sending error values in the url.For example if i have a website named
www.example.com
and the url for login page is
www.example.com/login.php.
If the user enters wrong credentials url will be
www.example.com/login.php?invalid.
So everytime i refresh url remains
www.example.com/login.php?invalid.
How to remove invalid from url on refresh???
I think that by using the invalid GET variable you try to determine whether or not to display the error message to the user. This isn't really a good way to do so, due to the number of reasons, one of which made you ask this question.
You have a number of options instead, one of which would be using the session variables to store the error message. E.g., if the user login fails, you could store the message in your session:
if (badLogin()) {
$_SESSION['errorMessage'] = "Something's wrong";
}
and then on the login.php page you could try and see if it exists:
// ...your HTML...
if (!empty($_SESSION['errorMessage'])) {
echo $_SESSION['errorMessage']; // show it to the user
unset($_SESSION['errorMessage']); // so as not to display it every time
}
// ...your HTML continues...
This is not the perfect way either, but without knowing your application structure it's hard to suggest anything else.
No headers are already sent, this is the first piece of code accessed on the page.
I am making a multilingual site and as it has very little text am trying to redirect users to different directories based on their language. I have written this in php and every time I assess the site, I receive an error and it wont load.
$lang=$_SERVER['HTTP_ACCEPT_LANGUAGE'];
$es=array("es", "es-es", "es-us", "es-mx");
if(array_key_exists($es, $lang)){
header('Location: http://www.site.com/es');
exit;
}else{
header('Location: http://www.site.com');
exit;
}
In Firefox I receive the error 'Firefox has detected that the server is redirecting the request for this address in a way that will never complete.'
And in Safari 'Too many redirects occurred trying to open "websitename". This occurs when opening a page it redirects you to another that, when opened, you are redirected to another page.'
But I have no copy of the language check script in the sub folder. When I make the if statement very simple if($lang =='es-es') it works perfectly. There must be something wrong with my syntax but I can't see what it is.
As I understood, correct me if wrong, if you are on the ELSE statement, it redirects you to the same site, where the check is performed once again, and redirects you once again, and again, causing an endless loop.
Use in_array to check instead - or turn your dictionary array into a hash:
1)
if (in_array($lang, $es)){
// ...
}
2)
$es = array_flip(array("es", "es-es", "es-us", "es-mx"));
if (isset($es[$lang])) {
// ...
}
As it stands, your $es array is an indexed one, but you're trying to search in its keys - which are simple numbers (0, 1, 2, 3...).
Yet there's another problem here. What if someone tries to access your site.com without any variation of es in HTTP_ACCEPT_LANGUAGE header? They will be redirected to it again... and again... and again, as each subsequent redirect is re-checked by that if clause.
The solution is to make some default page, which won't be checked for that language setting; thus the eternal redirection loop will be broken. )
You need to use in_array instead of array_key_exists
First, try to do this:
var_dump("<pre>", $lang); die();
and see what are you actually getting in $lang.
What every you are getting, copy past it into your $es array values.
It is saying so because you are redirecting it to the same page again and again. try redirecting to some other page if your condition gets false or simply alert a message saying language do not found or something like this.
As I Getting your Problem...
Change these two lines
$es=array("es", "es-es", "es-us", "es-mx");
if(array_key_exists($es, $lang)){
with following lines
$es=array("es"=>es, "es-es"=>es-es, "es-us"=>es-us, "es-mx"=>es-mx);
if(array_key_exists($lang, $es)){
Basically In the array_keys_exits($key, $array-name) function there are two parameter pass & it is to be first parameter is the value of (key) you want to search or Second parameter is pass the Array name.
I Think you pass the array_key_exits with null value as key & wrong syntax description.
http://php.net/manual/en/function.array-key-exists.php
I'm trying to figure out how to append a random query string to the end of a URL the first time someone visits my page. For example, say someone navigates to my site at, www.example.com. If everything goes according to plan, they'll hit my index.php file, the URL in the address bar will be www.example.com, and everything will be hunky dory.
However, what I would like is for when that person types www.example.com into their address bar and hits go, they are directed to my index.php file, but the URL is changed to:
www.example.com/?fromdatabase=randomthing
I have the database all setup and I can get random values from it no problem, the problem is changing the URL so that the random values are appended before the page loads.
Add this to the beginning of your index.php
<?php
if(empty($_GET['fromdatabase']))
{
die(header('Location: http://www.example.com/?fromdatabase=randomthing'));
}
?>
Greetings,
Fredyy
You could just redirect the user, if there is no querystring.
For example:
if(!isset($_GET['fromdatabase']))
{
header('location: index.php?fromdatabase=randomthing');
exit;
}
However, it doesnt make much sense. Why do you want to redirect the user to a different url, you could just display the content in your index.