Im new to this and im trying to rewrite URL so that utm_expid is hidden so if my url is:
http://www.myweb.com/?utm_expid=67183125-2
how would i make it so when user visits
myweb.com
it does not show utm_expid in url
Is this possible using PHP/JS?
NOTE: i cant use RUBY or any other languages except PHP/JS/HTML
There is a way. Just redirect the page to base url once the utm_expid=67183125-2 is got. ie,
if($_GET['utm_expid']) { //header to redirect to myweb.com }
Its a tricky way. Hope you are permitted to use it.
Just start a session and store value in session variable. you can regain it even page is re directed.
ie
<?php
session_start();
if($_GET['utm_expid']) {
$_SESSION['variable_name']=$_GET['utm_expid']
//header to redirect to myweb.com
}
?>
Let me add this Javascript trick that is server agnostic.
if (location.search.indexOf('utm_expid') > -1) {
history.replaceState('page', 'Title', '/')
}
I recommend you to place it at the end of the body.
If you wanted a clean URL (as you do for branding and manual sharing purposes), I'd script it so that you load a full page iFrame which loads the gA test queried URL. That way the user see s the clean URL in the address bar and still see the experiment.
You could use PHP to set up your index page (or any server side, or even client side script).
Related
I've been trying to get the URL (including GET parameters) of a site that is displaying my image. This is because I want to extract one parameter of the URL.
A friend told me that she knew someone that could achieve this, but I don't know if he was doing it with an image. Also I don't think I can do it with a link because when going to external sites it will appear a warning page saying that you're being redirected outside, so if I put a link to my page and someone clicks, I will get the referrer URL of redirection warning page. I can't assure if my friend was telling the truth about this, but it's very likely that it was true.
All I could get with the image was the IP and other things of the HTTP header, but the referrer part is empty and I thought that the referrer contained the full URL I'm talking about.
This is what I have tried.
First the img tag in the other site in BBCode:
[img]http://______.com/get_image.php?i=myimage[/img]
And in my site this script in PHP, although any language that does the work would be good for me:
<?php
// Get name of image to be displayed (non-sanitized here for simplicity)
$filename = $_GET["i"];
// Here I want to get the site where image is being viewed
if (!empty($_SERVER['HTTP_REFERER'])) {
$visitor_url = $_SERVER['HTTP_REFERER'];
} else {
$visitor_url = "none";
}
// And write the referrer to a file just to test if it works
$fp = fopen('referer.txt', 'w');
fwrite($fp, $visitor_url);
fclose($fp);
// Eventually display the image
header('Content-Type: image/png');
readfile($filename . '.png');
?>
So my questions are:
Is it possible to get full URL of a site that is displaying my image?
If not, is there any other method to get the full URL?
Thank you in advance.
Note: I don't have any permision in the other site where I'm posting the image, I'm just an user there. Please tell me if I'm missing something or I have to ask this in another way, I'm new to StackOverflow.
Try REMOTE_HOST instead of HTTP_REFERER:
// Here I want to get the site where image is being viewed
if (!empty($_SERVER['REMOTE_HOST'])) {
$visitor_url = $_SERVER['REMOTE_HOST'];
} else {
$visitor_url = "none";
}
The web server where you are serving the image will need to be configured properly. If using Apache, this is with HostNameLookups On.
See http://php.net/manual/en/reserved.variables.server.php
Normally browsers are sending full referer with all URL components including query parameters - $_GET params. If they don't then there is no other way to achieve that URL while passing throught an image content.
Sometimes sending referer may be blocked, for eg. in some batch URL processing using some crawler like program/script or on some proxies.
In PHP receiving referer is done by $_SERVER['HTTP_REFERER'] because it's normally just http header from request and it's the only $_SERVER array key with referer info.
You added the .htaccess tag so I think you're using the Apache web server. If you'd like to prevent the issue entirely, you can disable hotlinking entirely by going one layer lower. Instead of managing in PHP, you can configure the web server to not serve content to domains other than the one you are hosting.
Check out the guide for more details.
I fixed this problem by switching my site (where image is hosted) to HTTPS. The code in my question was doing its job correctly.
It looks that HTTP_REFERER was blank because of it coming from an HTTPS site and my site being HTTP it would always send it blank. I was aware that it could be a problem, but didn't make much sense for me because HTTP_REFERER was also blank when coming from another HTTP site (which I think it's not normal) so I thought the error was in another place.
Usually HTTP_REFERER is sent when it comes from and goes to:
from HTTP to HTTP
from HTTPS to HTTPS
from HTTP to HTTPS
But it's not sent when it comes from and goes to:
from HTTPS to HTTP
And in my case, I don't know why, it wasn't being sent from HTTP to HTTP which was confusing me.
I need to link to a specific page in my Facebook app. The app is not in a page tab, and cannot be in one due to the project constrictions.
This is the url format:
https://apps.facebook.com/myappname
I would need to pass a parameter at the end (like /next.html or ?page=next) so that I can link to the specific page directly from outside the app (from an email).
How would I set this up? My project uses PHP and jQuery. I would love to be able to do this strictly in Javascript if possible.
I have found tons of info on how to deep link a page tab or a mobile app, but not to a regular application. I have found messages stating it's possible, but nothing about how to actually do it anywhere online or on Facebook.
Thanks for your help.
EDIT:
Okay, I got it working in PHP. For anyone else with this issue, this is what I did.
Add a "?" at the very end of the 'Site URL' in your FB app, then create a redirect file similar to this as your app landing page (just use absolute paths instead of relative ones like I did below):
<?php
$query = $_SERVER['QUERY_STRING'];
$params = explode("/", $query);
if (in_array("gallery", $params)) {
header("Location: /gallery.html");
exit;
}
else {
header("Location: /index.html");
exit;
}
?>
This answer is what helped me figure this out:
$_GET on facebook iframe app
I may be missing something here, but why don't you just link to http://apps.facebook.com/yourapp/something.php - this should automatically load your canvas URL, with something.php appended to the path
Obviously this won't work if your canvas URL points to a specific file and not a directory, but plenty of apps do this with success
When you are using the ? all you are doing is issuing a $_GET request, so all of the info you require will exist in the $_GET array.
Rather than query the $_SERVER array, query the $_GET array.
So if you had:
http://myurl.com?info=foobar
You can simply access that info using:
$info = $_GET['info'];
It is good practice to check for the existence first though:
if (isset($_GET['info']))
{
$info =$_GET['info'];
}
else
{
$info="default";
}
Incidently if you use the & character you can have multiple parameters:
http://myurl.com?info=foo&moreinfo=bar
You get a special parameter called app_data that you can use however you want. I've used it in the past to encode a full querystring of my internal app. for example, &app_data=My/Custom/Page
More found in this SO question: Retrieve Parameter From Page Tab URL
I do not care about people viewing my source code, however, I want Bots to avoid coming on to my site and getting through my security. I was hoping to disable page source viewing. To do this, I am using this code:
$url= $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
$needle = "view-source:";
if (strpos($url,$needle)) { echo "You can not see me";}
else {
//The rest of my index page
}
The objective here is that if someone tries to view my page source or if a bot tries to, that rather than being able to see it, the code will detect that the page URL is view-source:www.yoururl.com and will display a "Nice try" message in the source instead of the page source. The code above in theory should have worked, but didn't. Any other idea's to try and make this work?
This cannot be done, the HTML source code is passed to whoever requests it. You should probably redesign your captcha, as it is not secure from how you described it. Use session variables to store the data and to check against the submitted value on the form processor script.
you could use mod_rewrite and a permanent 301 redirect in your .htaccess to hide the ?captcha=xxxx part of your url, if it is your sole concern.
I have searched around (SO and Google) and can't find any proper explanation of how other people handle this situation.
In my application I am using PHP/Apache as a backend and Ben Alman's jQuery BBQ plugin for hashtag browser history. User logins are handled solely by the PHP server end using POST from a login page and state maintained using server side sessions. The problem I have is that if a user visits a URL with a fragment (hash) and they are not logged in they are redirected to the HTTPS login page. This works well in every situation except where the URL contains fragment hash. The same situation would be the case for any redirect initiated from the server side. It's not like javascript can be used in this situation to preserve the hashtag before the redirect as page load never completes before the redirect.
I realise that the fragments will be lost during the redirect (as it's client side only) and is never seen by the server end but how does everyone else handle this situation and preserve the URL originally visited so that the user can end up on the correct page after login or redirect?
Any advice appreciated. Thanks.
Populate a hidden input with the fragment using JavaScript.
<input type="hidden" name="fragment" id="fragment">
<script>
if(window.location.hash){
document.getElementById("#fragment").value=window.location.hash;
}
</script>
Then on the back end, you can redirect like this:
if(isset($_POST['fragment'])) {
$fragment = '#'.$_POST['fragment'];
} else {
$fragment = '';
}
header('Location: http://website/path'.$fragment);
exit;
You should probably urlencode the fragment.
I have several pages inside an AJAX directory. I don't want these pages accessible directly so you cannot just type in the URL of the page within the AJAX directory and access it. I "solved" this by using a PHP session on the page that calls it as follows:
Main page:
<?php
session_start();
$_SESSION['download']='ok';
?>
and on the ajax page I have this:
<?php
session_start();
if($_SESSION['download']!=='ok'){
$redirect='/index.php'; //URL of the page where you want to redirect.
header("Location: $redirect");
exit;}
?>
The only problem is that if a user goes through the correct process once, the cookie is stored and they can now access the page directly. How do I kill the session once they leave the parent page?
thx
why use session ?
if i understood what you want:
<?php /// Is ajax request var ?
if (isset($_SERVER['HTTP_X_REQUESTED_WITH'])) {
if (strtolower($_SERVER['HTTP_X_REQUESTED_WITH'])=="xmlhttprequest") {
// do your ajax code
} else {
// redirect user to index.php since we do not allow direct script access, unless its ajax called
$redirect='/index.php'; //URL of the page where you want to redirect.
header("Location: $redirect");
exit();
}
} ?>
A really simple solution is to open up each of the files you want to protect from direct URL entry & add the following to the top:
<?php if (isset($_GET['ajax']) != true) die();?>
Now get rid of your redirect script since it's useless now. You don't need to use sessions for this. Every time you request a page, use it's direct URL, just add ?ajax=1 to the end of it.
By adding the ?ajax=1, PHP will set a key of 'ajax' to the $_GET global variable with the value of 1. If ?ajax=1 is omitted from the URL then PHP will not set a key of 'ajax' in $_GET and thus when you check if it's set with isset() it will return false, thus the script will die and not output anything. Essentially the page will only output data if ?ajax=1 is at the end of the URL.
Someone could still "spoof" the URL and add '?ajax=1' themselves, but that is not the default behavior for people or web browsers. If you absolutely need to prevent this then it will be much more complicated, e.g. using templates outside of a publicly available folder. Most other "simple" solutions will have the same "spoofing" potential.
There's really no way to accomplish this with a 100% certainty - the problem is, both AJAX and regular web browser calls to your web site are using the same underlying protocol: HTTP. If the integrity and security of your site depends on keeping HTTP clients from requesting a specific URL then your design is wrong.
so how do you prevent people from directly accessing files inside certain directories while still letting the site use them??
Create a controller file. Send all AJAX requests to this controller.
ajax-control.php
<?php
$is_ajax = true;
include "ajaxincludes/test.php";
// ... use the ajax classes/functions ...
ajaxincludes/test.php
<?php
if (!isset($is_ajax) || !$is_ajax)) {
exit("Hey you're not AJAX!");
}
// ... continue with internal ajax logic ...
If clients try to access the file directly at http://mysite/ajaxincludes/test.php they'll get the error message. Accessing http://mysite/ajax-control.php will include the desired file.
I don't think there is a surefire way to do what you are asking, since HTTP request headers can be faked. However, you can use $_SERVER['HTTP_REFERER'] to see if the request appears to be coming from another page on your site.
If the rest of the security on your site is good, the failure of this method would not grant the user access to anything they were not already able to access.
I've never tried this but maybe you could do something with jQuery's .unload() and then call a PHP page to unset() the session.
Why not (on Ajax page):
session_start();
if($_SESSION['download']!=='ok'){
$redirect='/index.php'; //URL of the page where you want to redirect.
header("Location: $redirect");
exit;
}
// do whatever you want with "access granted" user
// remove the download flag for this session
unset($_SESSION["download"]);