We Keep Coding

How to properly set URL for links and other assets [duplicate]

This question already has answers here:
Short way to link to http from https (and vice versa) using relative links
(6 answers)
Closed 5 years ago.
I want to use the full URL for the location of my css, js, and image files in my header.php file. So that when the header.php file is called from another folder directory, it doesn't break the link.
However, I want the site to be accessible by http and https, set by the user in their profile settings in the web application.
I started to write some code below of the solution but I'm not sure if this is the correct way of handling this.
config.php
<?php
// use https
$use_https = true;
?>
header.php
<?php
if ($use_https == true) {
$proto = "https://";
} else {
$proto = "http://";
}
?>
Link

The easiest way is to just do:
Link
Or since it's on your own server, just:
Link
Make sure to include the initial slash, so that it is relative to the root of your site, and not to the current page (this will prevent the link from breaking).
That being said, if your site works with https, you are probably better off just always using https, since you don't really have performance concerns anymore.

Automatically get URL of a site displaying my image?

I've been trying to get the URL (including GET parameters) of a site that is displaying my image. This is because I want to extract one parameter of the URL.
A friend told me that she knew someone that could achieve this, but I don't know if he was doing it with an image. Also I don't think I can do it with a link because when going to external sites it will appear a warning page saying that you're being redirected outside, so if I put a link to my page and someone clicks, I will get the referrer URL of redirection warning page. I can't assure if my friend was telling the truth about this, but it's very likely that it was true.
All I could get with the image was the IP and other things of the HTTP header, but the referrer part is empty and I thought that the referrer contained the full URL I'm talking about.
This is what I have tried.
First the img tag in the other site in BBCode:
[img]http://______.com/get_image.php?i=myimage[/img]
And in my site this script in PHP, although any language that does the work would be good for me:
<?php
// Get name of image to be displayed (non-sanitized here for simplicity)
$filename = $_GET["i"];
// Here I want to get the site where image is being viewed
if (!empty($_SERVER['HTTP_REFERER'])) {
$visitor_url = $_SERVER['HTTP_REFERER'];
} else {
$visitor_url = "none";
}
// And write the referrer to a file just to test if it works
$fp = fopen('referer.txt', 'w');
fwrite($fp, $visitor_url);
fclose($fp);
// Eventually display the image
header('Content-Type: image/png');
readfile($filename . '.png');
?>
So my questions are:
Is it possible to get full URL of a site that is displaying my image?
If not, is there any other method to get the full URL?
Thank you in advance.
Note: I don't have any permision in the other site where I'm posting the image, I'm just an user there. Please tell me if I'm missing something or I have to ask this in another way, I'm new to StackOverflow.

Try REMOTE_HOST instead of HTTP_REFERER:
// Here I want to get the site where image is being viewed
if (!empty($_SERVER['REMOTE_HOST'])) {
$visitor_url = $_SERVER['REMOTE_HOST'];
} else {
$visitor_url = "none";
}
The web server where you are serving the image will need to be configured properly. If using Apache, this is with HostNameLookups On.
See http://php.net/manual/en/reserved.variables.server.php

Normally browsers are sending full referer with all URL components including query parameters - $_GET params. If they don't then there is no other way to achieve that URL while passing throught an image content.
Sometimes sending referer may be blocked, for eg. in some batch URL processing using some crawler like program/script or on some proxies.
In PHP receiving referer is done by $_SERVER['HTTP_REFERER'] because it's normally just http header from request and it's the only $_SERVER array key with referer info.

You added the .htaccess tag so I think you're using the Apache web server. If you'd like to prevent the issue entirely, you can disable hotlinking entirely by going one layer lower. Instead of managing in PHP, you can configure the web server to not serve content to domains other than the one you are hosting.
Check out the guide for more details.

I fixed this problem by switching my site (where image is hosted) to HTTPS. The code in my question was doing its job correctly.
It looks that HTTP_REFERER was blank because of it coming from an HTTPS site and my site being HTTP it would always send it blank. I was aware that it could be a problem, but didn't make much sense for me because HTTP_REFERER was also blank when coming from another HTTP site (which I think it's not normal) so I thought the error was in another place.
Usually HTTP_REFERER is sent when it comes from and goes to:
from HTTP to HTTP
from HTTPS to HTTPS
from HTTP to HTTPS
But it's not sent when it comes from and goes to:
from HTTPS to HTTP
And in my case, I don't know why, it wasn't being sent from HTTP to HTTP which was confusing me.

PHP: Adding security with http referer [duplicate]

This question already has answers here:
Determining Referer in PHP
(5 answers)
Closed 8 years ago.
Im Kinda A Noob With PHP,
I want to keep my page accessible only from a link
etc. I only want to allow people who clicked a link to my page from example.com
and others like from google.com to redirect to another page on my site etc. a error message
How Could I Do This?

if(isset($_SERVER['HTTP_REFERER']))
$referer_host = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST);
else
$referer_host = '';
if($referer_host != 'example.com')
{
header('Location: http://example.com/error');
exit;
}
People not sending (correct) referers for various reasons will be entirely excluded from your page.
Of course bookmarking your site etc. will also not work.
As headers can be faked by the client at will, I would not call this a "security" feature.

Cant set HTTP header with PHP [duplicate]

This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Headers already sent by PHP
I am trying to write a JSON API for an app that I am making. It's in PHP. At the beginning of the PHP script I try to check if all the GET parameters are present, if not, then the server should send a 400 - Bad Request header.
the code looks like this:
//CHECK CONDITIONS
if (isset($GET["clat"]) && isset($GET["clng"]) && isset($GET["limit"]))
{
//do stuff
} else {
header( "HTTP/1.0 400 Bad Request");
exit;
}
The server simply serves an empty page with the 200 - OK header. So I tested it on another webserver and there it does seem to work.
So apparently there's something wrong with the server. How do I go around debugging this issue?
EDIT
I seem to have found the line causing the header to always be 200-OK. At the beginning of the PHP I include another php file with some mySQL Connection parameters. When I comment out the include 'setup.php'; line it works. the setup.php contains the following:
// Connects to Our Database
mysql_connect("#####", "#####", "######") or die(mysql_error());
mysql_select_db("####") or die(mysql_error());
How do I remain the external DB info include while being able to send a different HTTP Header afterwards?
Thanks in advance.

Check if you're included files doesn't have UTF BOM at the beggining of file and any text after closing ?>, because if there is any, PHP will automatically send headers

header( "HTTP/1.0 400 Bad Request", true, 400);

Try this way:
<?php
header("Status: 400 Bad Request");
?>

Check if traffic is coming from specific URL?

I want to make a count of visits to my website from referal websites. I know there are many programs such as Google analytics but there will show you that my taffic is coming from www.facebook.com for example. I want to check if the traffic is coming from some specific urls that I specify such as www.facebook.com/myfanpage.
Befor I think about php I tried several methods with javascript that they did not seem to function the way I wanted to. For my search for php I only found this function. Any Ideas ?
$_SERVER['HTTP_REFERER']

$_SERVER['HTTP_REFERER'] Will do exactly what you need.
if (strstr($_SERVER['HTTP_REFERER'], 'facebook.com') !== false) {
// Facebook brought me to this page.
}
elseif (strstr($_SERVER['HTTP_REFERER'], 'google.com') !== false ) {
// Google brought me to this page.
}

Sorry, I know this is 6 months late but surely if the url was http://mydomain.com/?p=facebook.com then this would also be true? a better way would be to explode the referrers url based on / then extract the 4th section i.e.
$refererUrl = $_SERVER['HTTP_REFERER'];
$Exploded_URL = explode("/",$refererUrl);
$urlToCheck = $Exploded_URL[3].'.'.$Exploded_URL[4];
if($urlToCheck == 'facebook.com'){
/* From Facebook */
} elseif ($urlToCheck == 'google.com'){
/* From Google */
}

$_SERVER['HTTP_REFERER'] should contain the URL that the user is coming from to get to your page. It's not a function. It's simply a value. So you can use it for this purpose.
Do note, however, that the value is easily spoofed. (It's taken from the HTTP request header, and the user can send whatever they want.) It should be acceptably reliable if you're just collecting stats for your own interest or whatever. But if you're trying to use it to secure the page (e.g., only show certain content if the visitor came from a certain URL), forget it.

You will be able to check only if the HTTP Request has referer which is actually accessible in PHP using HTTP_REFERER. So its solely responsible from the referring website.
Get original URL referer with PHP?
The above post also will help you.