I'm trying to create a plugin that will allow WordPress to be accessed from any domain, of course provided that the domain is pointed to it.
I have filter hooks for option_siteurl and option_home which is proving to be useful in almost all cases.
However, it doesn't appear to be working for images that are attached to a post nor for header images of themes. It looks like for these, it's taking the database value of options -> siteurl.
I've tried update_option, but that hasn't done the trick either.
I'm using the following code to get the host:
public function getGoodURL() {
$scheme = ($_SERVER["SERVER_PORT"] == 80 ? "http://" : "https://");
$host = $_SERVER["HTTP_HOST"];
return $scheme.$host;
}
Thanks!
Might want to try putting the site url configuration in the config file i.e.:
$domain = sprintf('%s://%s',
$_SERVER['SERVER_PORT'] == 80 ? 'http' : 'https',
$_SERVER['SERVER_NAME']);
define('WP_SITEURL', $domain);
define('WP_HOME', $domain);
That way, your site will always accept the current domain.
Related
i got this issue from IT-Sec, i have read and search thouroghly but i still can't find any actual solution to fix this issue. Here it is.
"HTTP Host header can be controlled by an attacker. This can be exploited using web-cache poisoning and by abusing alternative channels. Pentester try to request with modify header host. and the response result showing with the modify host header. affected files:
app/formulir
app/kompensasi
app/panduan-agen
app/produk-dan-layanan
app/tentang
app/tentang-
app/training
The impact of this vulnerability
An attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways."
This is the header sc :
header
Recommended solution thus far is :
The web application should use the SERVER_NAME instead of the Host header
This app are running on xampp with reverse proxy setting for testing. I already do 3 changes to config.php, but the issue is still there. Here is the code.
if(isset($_SERVER[SERVER_NAME])) {
$config['base_url'] = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ? 'https' : 'http';
$config['base_url'] = '://'. $_SERVER['SERVER_NAME'];
$config['base_url'] = str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
}
else{
$config['base_url'] = '';
}
and 2 :
$config['base_url'] = 'http://$_SERVER[SERVER_NAME]';
and 3 :
$config['base_url'] = 'https://jktdc.*********.com/app'
What im asking is, how/where/what exactly i have to change/add to fix this issue. Not a bashing. Thanks a lot.
The answer is
$url = ''
$config[base_url] = $url
so it will accept whatever the servername is.
I want to make some regional subdomains of my current site.com - something like city1.site.com and city2.site.com, but I don't want to copy all the files from original domain to subdomain.
Is it possible to show on subdomain city1.site.com the same info as on site.com but just set one variable, something like $city = 123? With this variable on city1.site.com I can show more specific contacts and products for this city.
I'm new to subdomain so please help, my site is on PHP & MySQL. Thank you!
If you have few regions, you can manually create subdomains for each region and point the domains to the same folder as your main site. Then in your script you grab the host and match it to regions and assign desired value to a variable.
<?php
if($_SERVER['HTTP_HOST'] === 'city1.site.com') {
$city = 123;
} else if($_SERVER['HTTP_HOST'] === 'city2.site.com') {
$city = 223;
}
If you have many regions and want a dynamic match, you can match any subdomain to your main site path and inside the script you can use a method to get the subdomain and search in your database. Example:
<?php
$subdomain = strstr($_SERVER["HTTP_HOST"], '.', true);
$city = getRegion($subdomain);
if(!$city) {
// throw 404 error
header('HTTP/1.0 404 Not Found');
exit;
}
// getRegion($subdomain) is a method that should search your database to match the subdomain to a region
To match all subdomains to a path you need to use wildcard in CPanel. See tutorial: https://www.namecheap.com/support/knowledgebase/article.aspx/9191/29/how-to-create-a-wildcard-subdomain-in-cpanel
You can probably use the $_SERVER superglobals in php (read the docs: http://php.net/manual/en/reserved.variables.server.php especially the $_SERVER['HTTP_HOST']) to find out, which subdomain is the current one (if any)
The rest is probably easy, for example a switch statement depending on the current subdomain like
switch($_SERVER['HTTP_HOST']) {
case 'city1.site.com': $abc=1; break;
case 'city2.site.com': $abc=2; break;
default: $abc=0; break;
}
update: the idea is, to use the same code for all subdomains (you don't want to maintain an arbitrary amount of copies) and force different behaviour through code. perhaps you can even setup a "catchall" domain somehow.
So, if you setup your domain site.com to live in your server's htdocs/site.com directory, use the same directory for all the other domains as well.
To achieve different outputs for your sites, you then check the $abc variable or some other var (perhaps even $_SERVER['HTTP_HOST']) to do
if(strpos($_SERVER['HTTP_HOST'],'.site.com') !== FALSE) {
$subdomain = str_replace('.site.com','',$_SERVER['HTTP_HOST']);
}
else {
$subdomain = null;
}
// now 'city1' is in $subdomain
After you have extracted the subdomain, you can run sql queries or the like with that value (if your database is setup appropriately).
First step is to make sure your DNS records are ready. Add an A record for the following if it doesn't already exist.
EDIT - If you are using a shared host, this might not work properly END
Set the name part to '*' and then the next to value to the server IP address you currently use. Once this rule is in place, people can go to {anything}.site.com and will all be sent to the same server.
At this point, I would do something similar to Jakumi's answer but keep it simpler
/* Cut up the URL */
$hostDetails = explode('.', $_SERVER['HTTP_HOST']);
/* Get the first part (city) of the URL */
$city = current($hostDetails);
/* Default check */
if($city == 'site') { $city = 'YOUR_DEFAULT'; }
I config the multi-language setting dynamically using the locale filter. Which fetch the sub-domain name to determine the language.
function load_custom_language($locale) {
// get the locale code according to the sub-domain name.
// en.mysite.com => return `en`
// zh.mysite.com => return `zh_CN`
// tw.mysite.com => return `zh_TW`
// etc..
}
add_filter('locale', 'load_custom_language');
That works for the index page, but when I redirect to another page, because of the settings of home and siteurl, it always redirects my site to the original one (www.mysite.com).
So I'm curious to find a dynamic way to filter the home and siteurl according to the request, because I might use more than one sub-domain for mysite and I have only one settings for the two settings.
You can override the admin settings in the wp-config.php file.
So if you want something dynamic, the following should work:
//presumes server is set up to deliver over https
define('WP_SITEURL', 'https://' . $_SERVER['HTTP_HOST']);
define('WP_HOME', 'https://' . $_SERVER['HTTP_HOST']);
This needs to added before the line
require_once(ABSPATH . 'wp-settings.php');
or else you may have problems with some content using the wrong URLs, especially theme files.
I've found another pretty way to achieve the work:
After I checked for the source code of the kernel, I found that there are distinct filters called option_xxx on each options.
So, for my task, I tried to use the option_siteurl and option_home filter to hold that options to load, just to prevent the option to load, maintaining the SERVER_NAME it has:
function replace_siteurl($val) {
return 'http://'.$_SERVER['HTTP_HOST'];
}
add_filter('option_siteurl', 'replace_siteurl');
add_filter('option_home', 'replace_siteurl');
Using this way, it has no need to change the wp_config.php file, and can be easily add to a theme or a plugin.
To set dynamically the domain and as well as the protocol (http or https), use:
// Identify the relevant protocol for the current request
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? "https" : "http";
// Set SITEURL and HOME using a dynamic protocol.
define('WP_SITEURL', $protocol . '://' . $_SERVER['HTTP_HOST']);
define('WP_HOME', $protocol . '://' . $_SERVER['HTTP_HOST']);
I am coding on a social site in CakePHP say example.com, here in the users profiles are located at example.com/profiles/user1. Now I need to provide the functionality to the users to use their custom domains for profiles. For example user1.com should render content from example.com/profiles/user1
Please suggest me the best solution for my problem. I am working on Shared Hosting - Linux Server.
For this functionality, you need to point user1.com to example.com/profiles/user1
For this I can think of two methods:
1. Name server Method:
you can change name servers of user1.com to your example.com name servers like:
ns1.example.com
ns2.example.com
NOTE: This may take 3-4 hours to work
2. URL Forwarding Method:
You can also use URL forwarding to point user1.com to example.com .
This will give you basic idea of forwarding http://support.godaddy.com/help/article/422/forwarding-or-masking-your-domain-name
Assuming that you both have a wildcard record in DNS and that the webserver is configured to serve your Cake project from those hostnames (how to do these things will depend upon your hosting provider), then (with thanks to Subdomaining with Cake), you simply need to place the following in app/config/bootstrap.php:
$subdomain = substr( env('HTTP_HOST'), 0, strpos(env('HTTP_HOST'), '.') );
if( strlen($subdomain)>0 && $subdomain != 'www' ) {
$_GET['url'] = 'user/' . $subdomain . '/' . (isset($_GET['url']) ? $_GET['url'] : '');
}
What's the most reliable, generic way to construct a self-referential URL? In other words, I want to generate the http://www.site.com[:port] portion of the URL that the user's browser is hitting. I'm using PHP running under Apache.
A few complications:
Relying on $_SERVER["HTTP_HOST"] is dangerous, because that seems to come straight from the HTTP Host header, which someone can forge.
There may or may not be virtual hosts.
There may be a port specified using Apache's Port directive, but that might not be the port that the user specified, if it's behind a load-balancer or proxy.
The port may not actually be part of the URL. For example, 80 and 443 are usually omitted.
PHP's $_SERVER["HTTPS"] doesn't always give a reliable value, especially if you're behind a load-balancer or proxy.
Apache has a UseCanonicalName directive, which affects the values of the SERVER_NAME and SERVER_PORT environment variables. We can assume this is turned on, if that helps.
I would suggest that the only way to be sure and to be secure is to define a constant for the url in some kind of config file for the site. You could generate the constant with $_SERVER['HTTP_HOST'] as a default and replace with a hard coded definition on deployments where security really matters.
define('SITE_URL', $_SERVER['HTTP_HOST']);
and replace as needed:
define('SITE_URL', 'http://foo.bar.com:8080/');
As I recall, you want to do something like this:
$protocol = 'http';
if ( (!empty($_SERVER['HTTPS'])) || ($_SERVER['HTTPS'] == 'off') ) {
$protocol = 'https';
if ($_SERVER['SERVER_PORT'] != 443)
$port = $_SERVER['SERVER_PORT'];
} else if ($_SERVER['SERVER_PORT'] != 80) {
$port = $_SERVER['SERVER_PORT'];
}
// Server name is going to be whatever the virtual host name is set to in your configuration
$address = $protocol . '://' . $_SERVER['SERVER_NAME'];
if (!empty($port))
$address .= ':' . $port
$address .= $_SERVER['REQUEST_URI'];
// Optional, if you want the query string intact
if (!empty($_SERVER['QUERY_STRING']))
$address .= '?' . $_SERVER['QUERY_STRING'];
I haven't tested this code, because I don't have PHP handy at the moment.
The most reliable way is to provide it yourself.
The site should be coded to be hostname neutral, but to know about a special configuration file. This file doesn't get put into source control for the codebase because it belongs to the webserver's configuration. The file is used to set things like the hostname and other webserver-specific parameters. You can accomodate load balancers, changing ports, etc, because you're saying if an HTTP request hits that code, then it can assume however much you will let it assume.
This trick also helps development, incidentally. :-)
$_SERVER["HTTP_HOST"] is probably the best way, after some validation of course.
Yes, the user specifies it and so it cannot be trusted, but you can easily detect when the user is playing games with it.
One idea for validating that $_SERVER['HTTP_HOST'] is valid could be to validate it by DNS. I've used this method in one or two cases without serious consequences to speed and I believe this method fails silently if provided a IP address.
http://www.php.net/manual/en/function.gethostbyname.php
Peusudo code might be:
define('SITEHOME', in_array(gethostbyname($_SERVER['HTTP_HOST']), array(... valid IP's)))
? $_SERVER['HTTP_HOST']
: 'default_hostname';
why {if you wish the user to continue using http:///host:port/ that they are on do you wish to generate full urls}
whan you can use relative urls instead of either
say on page http://xxx:yy/zzz/fff/
you culd use either
../graphics/whatever.jpg
{to go back one directory from current and get http://xxx:yy/zzz/graphics/whatever.jpg
or
/zzz/graphics/whatever.jpg
{to goto site root and work up the directories as specified}
these both avoid mentioning the host:port part and inherit it from the one currently in use