My Hompeage is loading the sites with this script:
<?php
if(!isset($_GET['id'])) $id = 'home';
else $id = $_GET['id'];
include($id.'.php');
?>
Does anybody of you have an idea, how to connect a 404 error page with it?
Means, if Php can't find the page it will send the user to a 404 page.
Thanks for your help!
If you want to redirect the user because of non-existent file, you should uses directives of the server, in Apache it is in the .htaccess file.
If you want to redirect the user because of the non-existing id so it would like non=existent file you can redirect him:
if($_GET['id']) ... is not existent ){ // type your criteria here
header('Location: your_404_page.php');
die();
}
Something like this maybe?
<?php
if( !isset( $_GET['id'] ) )
{
$id = 'home';
}
else
{
$id = $_GET['id'];
}
if ( is_file( $id . '.php' ) )
{
include( $id . '.php' );
}
else
{
include( '404.php' );
}
?>
Related
I have four pages so far:
index.php
login.php
setsessionconfig.php
account.php
The background:
When I click the login w/ facebook button from the index it takes me to login.php which if the user is already registered with the site it doesn't go through the facebook website it just continues. Login.php pulls the neccessary information for the session then header redirects to setsessionconfig.php which has the code below:
login.php has a 5 second delay for loading visual then redirects to ...
header( "refresh:5;url=".URLBASE."/setsessionconfig.php?uid=".$uid."&email=".$email );
setsessionconfig.php
$uid = isset($_GET['uid']) ? $_GET['uid'] : "";
$email = isset($_GET['email']) ? $_GET['email'] : "";
if( $uid != "" && $email != "") {
session_start();
$_SESSION[SESSION_UID] = $uid;
$_SESSION[SESSION_EMAIL] = $email;
$_SESSION[SESSION_IS_LOGGEDIN] = 1;
header("Location: account");
}
The Problem
When setsessionconfig.php redirects to account.php it checks to see if the users is logged in via the SESSION_UID global variable then displays the user information OR it displays the "you are not logged in" text. No matter what I do I think the header redirect to account.php is destroying session variables.
I even checked to see if the session was available with the following code in account.php.
function is_session_started()
{
if ( php_sapi_name() !== 'cli' ) {
if ( version_compare(phpversion(), '5.4.0', '>=') ) {
return session_status() === PHP_SESSION_ACTIVE ? TRUE : FALSE;
} else {
return session_id() === '' ? FALSE : TRUE;
}
}
return FALSE;
}
if ( is_session_started() === FALSE )
echo "<script>console.log('FALSE');</script>";
else
echo "<script>console.log('TRUE - ".session_id()."');</script>";
Unfortunately that part actually returns the TRUE and the session ID... So I am sort of stuck because I have never had this issue with sessions before...
try using exit(); after the header
Since the function is_session_started, returned TRUE and also returned the session ID, obviously the session ID is passed properly.
I hope the account.php code looks something like this
<?php
session_start();
if (! empty($_SESSION['SESSION_UID']))
{
?>
your code here
<?php
}
else
{
echo 'You are not logged in.';
}
?>
Edit :
Try
$_SESSION['SESSION_UID'] = $uid;
$_SESSION['SESSION_EMAIL'] = $email;
$_SESSION['SESSION_IS_LOGGEDIN'] = 1;
I am not very advanced in php.
I found function that i can use in WP header - then when login from "small green box" in header user stay on page from that he try to login.
Here is my page with WP: http://www.computers-and-control.com/service/manuals/
Now i have other issue, i copied file /wp-login.php to /wp-logincc.php this new file is used for login in my template WP-Download Manager - when click file - that need login before download than is used /wp-logincc.php for function login.
Problem is that after login from wp-logincc.php i am redirected to "Dashboard/Admin Panel" - i would go back to the subpage i come from.
I use different subpages for downloading files with required login and allways need come back to this one i come from.
I try in my wp-logincc.php code:
<?php
/**
* WordPress User Page
*
* Handles authentication, registering, resetting passwords, forgot password,
* and other user handling.
*
* #package WordPress
*/
/** Make sure that the WordPress bootstrap has run before continuing. */
require( dirname(__FILE__) . '/wp-load.php' );
// dankam tu cos ewentualnie zmienic ---- Redirect to https login if forced to use SSL
$dankam_aaa = apply_filters( 'fromwhereyoucame', $fromwhereyoucame );
function fromwhereyoucame( $link ) {
$currenturl = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
if ( !is_user_logged_in() )
$link = str_replace( '">', '?redirect_to=' . urlencode( $currenturl ) . '">', $link );
else
$link = str_replace( '">', '&redirect_to=' . urlencode( $currenturl ) . '">', $link );
return $link;
}
if ( force_ssl_admin() && ! is_ssl() && $dankam_aaa ) {
if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
wp_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) );
exit();
} else {
wp_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
exit();
}
}
But this do nothing in /wp-logincc.php
(But this enclosed function "function fromwhereyoucame" works in "green box")
Please help to modify wp-logincc.php
why you not using plugin for this https://wordpress.org/plugins/theme-my-login/
there is a setting to set after login same page or dashboard redirect..
or
To achieve this redirect after login, add the following code to the functions.php file for your theme:
> if ( (isset($_GET['action']) && $_GET['action'] != 'logout') ||
> (isset($_POST['login_location']) && !empty($_POST['login_location']))
> ) {
> add_filter('login_redirect', 'my_login_redirect', 10, 3);
> function my_login_redirect() {
> $location = $_SERVER['HTTP_REFERER'];
> wp_safe_redirect($location);
> exit();
> } }
another solution to make changes by editing in core
wp-login.php
Line 424 - 426...
} else { $redirect_to = admin_url(); }
Change to...
} else { $redirect_to = $_SERVER[HTTP_REFERER]; }
I have function within my login script that is causing me some problems. I believe this is the issue.
function load( $page = 'login.php')
{
$url = 'http://' . $SERVER['HTTP_HOST'] .
dirname( $_SERVER ['PHP_SELF'] );
$url = rtrim( $url , '/\\' );
$url = '/' . $page ;
header ( "location: $url" );
exit();
}
My users are in the db and can register fine - when using my login form I have a login form a script to check they have entered the info and also another one to validate the users. The problem being that when I/They attempt to login the action script or the logic dosnt move on it sits on that blank page...
Thats the white page of death :) There is an error, but it doesnt get shown. You can try adding this to the top:
error_reporting(E_ALL|E_STRICT);
That should give you the error on line 5 in this code, the $SERVER needs to be $_SERVER
To improve your code, this is valid too:
header('Location: /');
Relative url's. That piece of code will go to home, you can just to to your $page directly:
header('Location: /'.$page);
function load($page = "login.php") {
header(sprintf("Location: http://%s/%s/%s", $_SERVER["HTTP_HOST"], trim(dirname($_SERVER["PHP_SELF"]), "/"), $page));
exit();
}
I have a question. I have this script
<?php
$GetPage= "index";
if((isset($_GET["page"])==true) && ($_GET["page"] != "")){
$GetPage = $_GET["page"];
}
?>
But I search on stackoverflow and google. But I can't find it. I want to include a error page when php can't find the file. How can I do that? I'm jut a starter with php.
Ow almost forgoten. I use this to include a part of my site:
<?php include ("include/$GetPage.php"); ?>
Thanks for reading !
<?php
//file_exists will eliminate the need for any of your other checks.
if(file_exists($_GET["page"])){
//Set the page to be loaded if it is found on the server
$GetPage = $_GET["page"];
}else{
//Show the user a 404 error message
header("HTTP/1.0 404 Not Found");
//OR
//Set the page to be loaded as your custom error page
$GetPage = "my_error_page.php";
}
//Include the page
include $GetPage;
?>
Are you looking for a 404 redirect? Or just load a custom error page into the document? Select the above based on what you wish to do.
$GetPage = $_GET["page"]; // validate string!!
if (!file_exists('include/' . $GetPage . '.php')) {
$GetPage = 'errorPage';
}
first check file is in folder (for injection) , ($file is full path of file.)
$path = "include";//your include folder path
if ( substr(realpath($file) , 0,strlen($path)) != $path || is_dir($file))
//error file not found
second check file is exist or not
if (!file_exists($file))
//error
How do I create a dynamic PHP includes, that is secure? for example I have an index.php file with header.php and footer.php included inside of it and then grab other pages inbetween using
index.php?page=about
If possible it would need to be dynamic so using arrays and case would be time consuming and require modifications.
I also want to be able to change the title of website as well depending on what page was included.
I currently have this in place:
<?php
require_once 'includes/config.php';
//Set values for page
$page_title = 'home page';
$current_page = 'home';
require_once 'includes/header.php';
?>
CONTENT
<?php
require_once 'includes/footer.php';
?>
Thanks
Would this be a safe way to include my pages?
if( isset( $_GET[ 'page' ] ) )
{
if( strpos( $_GET[ 'page' ], "/" ) )
{
$dir = substr( str_replace( ’’, ”, $_GET[ 'page' ] ), 0, strpos( $_GET[ 'page' ], "/" ) ) . "/";
$file = substr( strrchr( $_GET['page' ], "/" ), 1 );
if( file_exists( $dir.$file.".php" ) )
{
include( $dir.$file.".php" );
} else {
include( "home.php" );
}
} else {
if( file_exists( basename( $_GET[ 'page' ] ).".php" ) )
{
include( basename( $_GET[ 'page' ] ).".php");
} else {
include( "404.php" );
}
}
} else {
include( "home.php" );
}
To prevent errors and unauthorized file access (secure) to pages outside of your web directory or invalid pages you should do the following.
Validate $_GET['page'] by checking for periods. While periods may be valid in file names, it looks like you would be constructing the filename from the value and a period could indicate a breakout attempt to gain access to a root directory.
From there I would construct the filepath for the include, and then use file_exists to make sure it exists before including it.
As for the changing title for the page include I would do something like this:
<?php
$page_title = 'Default Title';
$page_to_include = 'default';
if( strpos($_GET['page'], '.') !== false ){
//throw/display error - could be a breakout attempt
}
if( !file_exists(sprintf('page_includes/%s.php', $_GET['page'])) ){
//requested page does not exists, throw or display error
}else{
$page_to_include = sprintf('page_includes/%s.php', $_GET['page']);
}
//do page validation here with file_exists
ob_start();
include $page_to_include;
$included_page = ob_get_clean(); //gets contents and cleans the buffer and closes it
require_once 'includes/header.php';
echo $included_page;
require_once 'includes/footer.php';
?>
This way the page is included first and stored in a buffer rather that output. It allows you included page to modify $page_title, and then that modified $page_title is available to the header.php script for output within the tags.
Just to change the title? Add this to your header.php
<title>
<?php
if(isset($_GET['page']) {
echo $_GET['page'];
} else {
echo 'My Site';
}
?>
</title>