Ok so when somebody types this into the URL mywebsite.com/?s1=affiliateid
I want to take the affiliateid part out of the URL. Every affiliate will put a different username into the address.
Then I want to create a link will point to differentwebsite.com/?id=affiliateid based on the username typed into the address bar.
Now so far, I know that I have to have something like this will get that affiliate id
$aff_id = $_GET['s1'];
Then I can use that variable to create a link or just redirect it to the next page
differentwebsite.com/?id=$aff_id
My question is, where do I place this code at? $aff_id = $_GET['s1'];
Do I have to make a page called ?s1.php or something?
Assuming s1 isn't used anywhere else but just to create a link:
<?php
$s1 = isset($_GET['s1']) && !empty($_GET['s1'])
? $_GET['s1'] // it's populated, use the passed value
: ''; // default value in case it's not present
//
// Maybe check $s1 is indeed valid
//
$newurl = sprintf('http://differentwebsite.com/?id=%s', urlencode($_GET['s1']));
?>
Then you can output that link somewhere on the page, like:
New Url Here
urlencode will make sure that if s1 has characters like &, =, ?, / (or others) it won't break the integrity of the url.
If you want the concise approach:
<a href="http://differentwebsite.com/?id=<?= urlencode($_GET['s1']); ?>">
New Url Here
</a>
You could place $aff_id = $_GET['s1'] anywhere before you want to use $aff_id. I tend to put stuff like that at the top of the page.
Or, simply put. "differentwebsite.com/?id=$_GET['id']"
I would suggess you do a check to see if the id parameter exists in the URL before you try to use it. Maybe even make sure it is the data type you expect, integer, string, etc. So as when you redirect users, you don't send them somewhere else in a broken way.
If you are not using this for SQL then no SQL Injection could occur #BlackHatShadow.
Append the $aff_id that you get from mywebsite.com to the url of the new web site. Presumably, $newurl = "differentwebsite.com/?id=".$aff_id.
Edit:
Do I have to make a page called ?s1.php or something?
You need to make a page that the user will land on when they hit the url: www.mywebsite.com/
I assume you are running a web server that can process PHP code. The code can go into a file called index.php in your server's document root directory. If you don't know what this is, I suggest googling a "how to" guide for your specific server.
Get the value of "s1" from the url and store it in $aff_id:
$aff_id = $_GET['s1'];
If you want to pass this variable into another web site which accepts an "id" parameter, then you can simply append $aff_id to the new web URL and redirect the user there.
Redirect the user to differentwebsite.com and also sends the $aff_id from mywebsite.com to the other URL:
header('Location: http://www.differentwebsite.com/?id='.$aff_id);
Related
Very probably this is impossible, but I want to ask it, just in case.
I have a database in which I save some numbers (1, 2, 3...).
I have a .php page from which I read the numbers. I concat those numbers to a string for getting a full URL. For exmaple:
$intArticle = $row["article"];
$strURLBase = "example.com/index.php/"
$strLink = $strURLBase . $intArticle;
//And I get "example.com/index.php/1"
But now, there is an exception in which the URL points to an external website, so my code is not valid for now.
I know how to fix it in .php, but I would like to know if it is possible to make the redirect directly inside the URL, saving the properly string inside the database. For example:
$intArticle = $row["article"]; //In this case, the value of $row["article"] could be, for example, "http://www.externalweb.com"
$strURLBase = "example.com/index.php/" //This part should be ignore inside the URL
$strLink = $strURLBase . $intArticle;
//I would get "example.com/index.php/http://www.externalweb.com"
Is there any kind of instruction that I could write inside the URL (that I would save into the database and then I would concat to $strURLBase) that redirects to another URL? For example:
example.com/index.php/!$%&_redirec_to("http://www.externalweb.com")
I don't want to call any PHP function from the URL for the redirection. In fact any PHP code shouldn't be executed. Everything should be inside the URL.
Try this:
if (!is_numeric($intArticle))
{
header("Location: ".$strLink."");
exit;
}
// your site will continue here, if the article is a number
For example, I have a page called profile_page.php. This page is only functional if data is written after the ?u= in the URL, for example, data for Alice's profile page can only be seen when the URL reads http://localhost/profile_page/alice.
Loading http://localhost/profile_page will give me undefined variable errors as most of my variable's are depending on the URL to have a value after the ?u=. For example, the variable $firstname can only be gathered when I get her username in the URL.
In such a case, when http://localhost/profile_page, I would rather have it redirect the user to their own profile_page, but I don't know how I can test the URL and parse it through an if statement.
I understand you can use $u=$_GET['u']; to obtain the current page URL? but I don't think doing this, is the best way to go about it:
$u=$_GET['u'];
if ($u == "http://localhost/profile_page/"){
// redirect to logged in users page code here
}
First, if you are using some parameter for your page to build, the url would looks like httlp://localhost/profile_page.php?firstname=alice&lastname=brown, with $_GET['firstname'] you will get alice in this case. If you want to test if the parameter is set first and redirect to another page if it is not set, you could use
if(!isset($_GET['firstname'])
{
header('Location:redirected_page.php');
}
I have several pages which use querystrings to highlight an option in a menu, all the url's on the page have the currant querystring phrased in them so the same menu option will be highlighted on the next page if the user clicks the link.
However the problem arrises when someone visits the page without the querystring included in the url, the menu option isn't highlighted.
What i would like to do is check the URL to see if a querystring is present, if one isnt, create one.
The url's are phrased as such www.mysite.co.uk/Folder1/Folder2/Page.php?id=3
and i would like the default querystring to be ?id=1 if one isn't already present in the url.
Any ideas on how you do this?
And what would happen if a user visits using the URL www.mysite.co.uk/Folder1/Folder2/Page.php?
Would the URL end up as www.mysite.co.uk/Folder1/Folder2/Page.php??id=1
or would it be www.mysite.co.uk/Folder1/Folder2/Page.php?id=1
Thanks,
Maybe there are plenty of ways. You can assign value to $_GET key if one does not exist. Or if you really need to query string, you can renavigate the user to the same page with present querystring.
if (!isset($_GET['id'])) {
header("Location: Page.php?id=1");
exit;
}
It should be before any output in the page. So if user visits Page.php or Page.php? or Page.php?someDifferentParamThanId=10 it will return false on isset($_GET['id']) thus it will redirect to Page.php?id=1
This should work:
if(isset($_GET['id'])){
//It exists
}else{
//It does not, so redirect
header("Location: Page.php?id=1");
}
Do something like:
if(!isset($_GET['id'])){
header('LOCATION:www.mysite.co.uk/Folder1/Folder2/Page.php?id=1'); die();
}
In php, the query string is loaded into $_REQUEST variable. In your case, $_REQUEST['id'] will be equal to 1, 3 or whatever you get in the query string.
For solving the problem when no id is given via GET, I think will be enough to add this line at the beginning of each php page:
<?php
if ( $_REQUEST['id']=='' ) {$_REQUEST['id']=1;}
?>
It is not necessary to change the URL on the fly.
I am designing a site where external links form various are being shown on my page. I am using
$url=$_GET['url'];
$website_data = file_get_contents($url);
echo $website_data;
so essentially a user would click on a hyperlink which is something like www.test.com/display_page.php?url=http://www.xyz.com/article/2.jpg
My page, list_of_images.php, typically has a list of images with href for each image as above on the page and when any image is clicked it would go to display_page.php, which would show our banner on the top of this page, some text and then this image beneath that. This image could be from any website.
I am currently sending the url directly and grabbing it using GET. I understand that users/hackers can actually do some coding and send commands for the url variable and could break the server or do something harmful and so i would like to avoid this method or sending the url directly in the header. what is the alternate approach for this problem?
The safe approach is to use a fixed set of resources stored in either an array or a database, and the appropriate key as a parameter.
$ress = Array('1' => 'http://www.google.com/', ...);
$res = $ress[$_GET['res']];
I would make sure the url starts with http:// or https://:
if(preg_match("`^https?://`i", $_GET['url']))
// do stuff
You may also want to make sure it isn't pointing anywhere internal:
if(preg_match('`^https?://(?!localhost|127\.|192\.|10\.0\.)`i', $_GET['url']))
// do stuff
Rather than a big dirty regex, you could go for a more elegant host black-list approach, but you get my drift...
Try POST....
Try doing this using POST method
I have a PHP page on a website that I'd like to be accessible only from another page on that website.
If a user clicks a link to the page, or types the page's address, and does not come from the site's domain, I'd like the page to redirect the user to the index.
Any ideas?
What you could do is use sessions.
make the index set a variable
$_SESSION['visitedIndex'] = TRUE;
and testing for it in the other pages:
if(!$_SESSION['visitedIndex']) {
header('location: ....');
}
make sure you do this before the first echo.
You could also create an internal service using a $hash = timestamp + internal secret key or your paricular rule.
First page has a link
http://www.samesite.com/page_2.php?param=hash
Second page decodes the hash and check the timestamp against a given interval. Otherwise it refuses the display.
As only you know the internal key is impossible to fake.
Check 'Referer' field?
It's easily hackable, tho. The more reliable way is to check if the used had no active session (if your site assigns them to visitors).
Use the referer fo this:
if ($_SERVER['HTTP_REFERER'] != "...") {
header("LOCATION: othersite");
}