A 3rd party service that I'm using returns the users to a url like this:
site.com/something.php?id=XXX&something=abc....
Therefore, I need to be able to accept $_GET parameters for only one part of the site.
Is there a way to put a file outside of codeigniter's application directory which will do something like this:
<?
$id = $_GET['id'];
$something = $_GET['something'];
//Do something so codeigniter thinks this is a request to site.com/process/$id/$something
require('index.php'); //codeigniter's index.php file
?>
I remember using putenv() to achieve this in the past, but don't remember the details.
Not sure about putenv, but if worse comes to worse you can get the contents of the get array by exploding $_SERVER['QUERY_STRING']
get doesn't need to be enabled and you still have access.
Try just using a redirect:
<?php
$id = $_GET['id'];
$something = $_GET['something'];
header('Location: http://www.site.com/' . $id . '/' . $something);
As long as the initial something.php request is made directly to that file and not index.php, then CodeIgniter won't run (actually, that would depend on your .htaccess [or equivalent] file, so you may need to tweak it).
That's the safest way I can think to do it, and you won't have to break up CodeIgniter's program flow or enable query strings in your application, which may be unsafe.
Maybe I'm misunderstanding your architecture but couldn't you just enable GET for codeigniter..?
See $config['allow_get_array'] in the docs:
http://codeigniter.com/user_guide/libraries/input.html
And see $this->input->get() on the same page..
try
$this->config->set_item("allow_get_array",TRUE);
in your controller's constructor before parent::__construct();.
The security filtering function is called automatically when a new
controller is invoked. It does the following:
If $config['allow_get_array'] is FALSE(default is TRUE), destroys the
global GET array.
Related
What is the best way to redirect to same page with new &_GET variables added.
I want to do something like Google done in Analytics, WMT...
Lets say user opens the page www.example.com, I would like to redirect that to
www.exaple.com?lang=en&uid=01845654&p=1.
Also, if someone enters www.example.com?p=2&lang=fr I would like to keep that variables, just add necessary one.
Should I do it in ControllerBase or in DI or somewhere else? And what is the pest proper way to do it?
You should be able to do something along the following lines from one of your controllers:
$destination = ltrim($this->di->get('router')->getMatchedRoute()->getPattern(), '/');
$queryString = 'lang=en&uid=01845654&p=1'
return $this->response->redirect($destination . '?' . $queryString);
For the problem of keeping incoming GET parameters and setting only those that have not been used in the request, you would have to check for them manually (e.g. using $this->request->get(PARAM_NAME)) and then build your query string accordingly.
So I've search far and wide to try and find an example of this but found nothing. It seems like a simple thing however I continue to get errors.
Essentially what I've got is:
<?php
$articleCount = 3;
include('/newsArticles.php?id=$articleCount');
?>
It seems fairly self explanatory. What I need is an include that I can pass a value on into the file which I can then grab with $_GET['id'].
You can't add a query string (Something like ?x=yyy&vv=www) onto an include like that. Fortunately your includes have access to all the variables before them, so if $_GET['id'] is defined before you call:
include('/newsArticles.php');
Then newsArticles.php will also have access to $_GET['id'];
You don't need to pass a $_GET variable. Just set it, and reference it in your included file.
Your included file will have access to $articleCount without any additional work needed.
Try this:
$_GET['id'] = 3;
include('/newsArticles.php');
Since you are including a script it would seem as though you have access to the script itself. Even if you don't have access to the script you can edit the $_GET variable from within the script you showed above, like this:
<?php
$_GET['id'] = 3; // or $_GET['id'] = $articleCount;
include('/newsArticles.php');
?>
That's because the script newsArticles.php has the same access to the $_GET variable, unless the script was specifically created so that it extracts the variables from the URL.
Try it.
Firstly, I don't know what to call this thing :) I want to know the key, structure and example how to achieve my goal.
Example, I don't want create separate file like register.php, login.php, about.php faq.php. Here I want the register, login about, faq ,etc will handle by index.php by example, maybe something like index.php?p=register
How do I create page something like that and what this structure called in PHP programming. Let me know.
In index.php?p=register the part after ? is called "Query String". PHP will by default parse it for you and provides the superglobal $_GET. Just try it out yourself
var_dump($_GET);
To provide a more appropriate answer using Neals code, use basename to filter out non-essential file information:
$page = isset($_GET['p'])?basename($_GET['p']):'main';
include_once "$page.php";
You could also create a "white list" to ensure that only the proper files get included:
$whiteList = array('faq', 'register', 'profile');
$page = (isset($_GET['p']) && in_array($_GET['p'], $whiteList))?basename($_GET['p']):'main';
include_once "$page.php";
Both ways should be secure, obviously, the white list will be a bit more so. This tact, depending on how you do is generally referred to as "BootStrapping" IE, one entrance page to access the rest.
UPDATE
To further the security, I would set a variable, $included would be sufficient, to add to the pages that are being included. This would prevent direct access to them (assuming that register_globals is turned off like it should be, so something like:
$whiteList = array('faq', 'register', 'profile');
$page = (isset($_GET['p']) && in_array($_GET['p'], $whiteList))?basename($_GET['p']):'main';
$included = true;
include_once "$page.php";
Then on $page.php at the top you would have something like:
<?php
if (!$included)
die('Accessing the file directly is not allowed.');
Which would prevent calls to http://yoursite.com/register.php from being allowed to dish out the file. This has it's negatives to it. Instead of putting the files you are going to be including in the webroot, I would put them outside of the webroot or in an .htaccess protected directory, which would ensure that users could not access them directly and must access them through the index.php.
I'm not sure what the whole thing is called, but if you're using index.php like that, it's called a FrontController. It's how MVC frameworks work:
/index.php?q=ctrl/action
/index.php/ctrl/action
/ctrl/action
They're all handled by/in index.php using "ctrl/action"
You want to look up php templates or even html iframe. There are several ways to do this, but some are better than others. In asp.net it's called a MasterPage. Hopefully some of these terms help you out.
If you really want to do something like this, then you can use the get field, but you need to predefine your pages, so for this request: index.php?p=my_page
<?php
$page = $_GET['p'];
$pages = array(
'my_page' => 'mypage.php',
'another_page' => 'another.php',
...
);
$include = $pages[$page];
if(!empty($include)) {
include_once($include);
} else {
echo 'No such page';
}
?>
This keeps the include completely separate from what is passed on the URL so there is no chance for risky things to get passed.
In my projects i often use get params as a temporary way to test things with different values.
However it seems like you cannot access get params in code igniter?
I am aware I could build a param into my functions and pass the value as a url segment.
But i dont want to be doing that every time I wish to test something.
So,
is there any way to use get values in CI?
You can parse $_SERVER['QUERY_STRING'] and set it as $_GET:
parse_str($_SERVER['QUERY_STRING'], $_GET);
You can enable query strings in your config file. Find this.
$config['enable_query_strings'] = FALSE;
and change it to true.
Preamble: My app is mod_rewrite enabled and I have index.php page that downloads vaious pages based on Request_URI and prints them as page content.
Problem: File() or File_get_contents() function is excellent at downloading my other app pages. But as soon as I try to use it to download a page that is session enabled, I start having problems.
The main problem is that when I try to pass existing session id to url from the page I download, e.g.
$url = "http://localhost/EmplDir/AdminMenu.php";
return implode('',file($url. "&" . session_name() . "=". session_id()));
My page never loads (or file() never loads content).
I suspect I shoud use curl functions here, but it has too many options.
My be an advice which curl options to use to make downloadable pages know about current PHP session would be helpful.
P.S. The above seems to be true both for Windows and Linux.
You didn't separate the query string from the rest of the URL with a ?
Try
return file_get_contents($url. "?" . session_name() . "=". session_id());
You will also need to be sure the server doesn't use the session.use-only-cookies configuration setting.
There's no reason why the script shouldn't see the query string and act on it, you can persuade yourself by writing a script which just does var_dump($_GET) and requesting that as above. If you see the query arguments in the output then you simply need to debug your script to see why it doesn't behave as expected given the session id.
NOTE: I'm assuming that you wanting to request a file from the same domain as your application, otherwise using your session id for a remote site doesn't make much sense.
If your script doesn’t alter any superglobal variables, you could just include it:
ob_start();
include $_SERVER['DOCUMENT_ROOT'].'/EmplDir/AdminMenu.php';
return ob_get_clean();
session_name and session_id gives you the current scripts session; Not the remove server. You need to use something that understands http. Curl would do, or you can use something like SimpleBrowser, which completely emulates a browser.