I am working with an API for a payment gateway that does a callback request.
When the callback request is made, the gateway expects me to respond with "OK".
Nothing more or less. And that doesn't mean html rendered response. Just a callback file with those 2 letters. Note that doesn't mean it wants HTTP Status Code 200/OK... it wants actual data (not headers) for the word "OK".
So this won't work:
<html><body>OK</body></html>
This will work:
<?php echo "OK"; ?>
however, after I send back OK, I need to do some stuff on the server side and then redirect the browser page to another page. But when I try to do:
<?php
echo "OK";
header('Location: http://www.store.com/success.php');
exit;
?>
The gateway ignores the echo "OK" and instead reads the html off of the success.php page that I redirect to.
So how can I send back just the OK but continue doing things on my side?
Thanks
You can't send content then redirect. The redirect header setting must be done alone.
You could try using flush(); to force php to write out the OK.
Would it be acceptable to move the redirect into client side either with javascript or meta refresh tag?
Before you send the OK you could call PHP via commandline to make PHP acting like multi threated.
Related
I'm trying to do a header redirect in PHP doing something like:
header("Location: http://www.domain.com/some/url");
exit;
This works fine when making a GET and POST request however it doesn't seem to work with PUT and DELETE requests.
I've tried doing:
header("Location: DELETE/PUT http://www.domain.com/some/url");
exit;
But that doesn't seem to work, also calling the url directly works fine. I can echo some text before and after the header call, so everything is working, seems to just ignore PUT and DELETE requests?
Similar question, possible same answer applies to you
The header function is used to send HTTP response headers back to the
user (i.e. you cannot use it to create request headers.
May I ask why are you doing this? Why simulate a POST request when you
can just right there and then act on the data someway? I'm assuming of
course script.php resides on your server.
To create a POST request, open a up a TCP connection to the host using
fsockopen(), then use fwrite() on the handler returned from
fsockopen() with the same values you used in the header functions in
the OP. Alternatively, you can use cURL.
PS: I see that it is also displayed under Linked tab :)
Using Location is not the proper way to set the HTTP Method header.
Try the following:
header("Request-Type: DELETE");
header("Location: http://www.domain.com/some/url");
exit;
However, I am not sure you can set request types with header() alone. I know you can with cURL.
I want use a single php file to handle all of my voting requests.
Currently the script will, if siteType isn't set, forward the user and display a message. If the user has JS on then it will return a json object and ajax the page.
if(!isset($_COOKIE['siteType'])){
displayMessages('bad', 'Before you can continue you must select which category you would like to be in.');
header('Location:/');
exit;
}
I need it as that if this php code above is executed the page will reload, i assume with javascript and reading the http headers?
[Edit]
I didn't make myself clear enough, but this is a ajax request. I don't output any html. So this really is just about getting js to handle the header?
You can't Refreshing a page with javascript using php header('location')
Because, header('Location: xxx'); must be the only output of your PHP script, it is a header, you can not put it after javascript syntax
PHP
echo '<meta http-equiv="refresh" content="0">';
Javascript
window.location.reload();
Maybe this would be some solution for you,
if(!isset($_COOKIE['siteType'])){
displayMessages('bad', 'Before you can continue you must select which category you would like to be in.');
echo '<script>window.location.reload()</script>';
exit;
}
Im using PHP to track the clicks of all mailto links by rewriting the mailto: to my script and then setting the header of the referring page.
Initially I just had:
header("location: mailto:email#address.com");
...but this has an undesirable effect in IE8: it opens 2 email windows. So, in my attempt to resolve that issue I am now using:
header("Status: 200");
header("location: http://mypage.com");
header("Refresh: 0; url=mailto:email#address.com");
This works fine in IE but not chrome. I threw the "status" in there hoping to solve the mystery.
Other than detecting the browser and issuing different commands, what else could one do?
A location header should be accompanied by a 30X status code (like 302), not 200.
Check this out > http://php.net/manual/en/function.header.php
Especially those two parts:
The second special case is the
"Location:" header. Not only does it
send this header back to the browser,
but it also returns a REDIRECT (302)
status code to the browser unless the
201 or a 3xx status code has already
been set.
<?php
header("Location: http://www.example.com/"); /* Redirect browser */
/* Make sure that code below does not get executed when we redirect. */
exit;
?>
You send 200 and 302 at same time, and also you didn't follow the exit; rule.
You can play with my suggestions (especially the exit; part).
!!! Note !!! There was a bug in the past that makes the Chrome not to work if header("Status: 200"); wasn't set first, but not sure if it's fixed yet.
it would probably be better to use some AJAX to handle your problem here, and if your going to use AJAX use JQuery its just easier
firstly though mailto is not a preferred method on the web any more its too clunky and relies upon the default email client of the user being set up which in most cases you cannot rely upon.
So to address that have a link that is styled to look like your button.
once you have this use JQuery to send an ajax request to a PHP script that performs the counting and then if you wish upon receipt handle the success with a redirect (I only include that because I am unsure what your redirect achieves).
Its clean quick and the user will not notice a difference apart from your site will probably experience a speed increase :) hope this helps
Header location redirects the browser, so the other headers are ignored. You should send this header always as the last one. Also it's not good idea to execute any PHP code after you send the redirect.
You probably want to do this:
On first page:
header("Status: 200");
header("location: http://mypage.com");
exit();
On the http://mypage.com:
header("Refresh: 0; url=mailto:email#address.com");
The weird thing about chrome: it accepts the following header refresh.
<meta http-equiv="refresh" content="4; url=page.php" />
<button value="go further">
I place a button below this refresh for the browsers who does not support any type of header refresh.
For example, here:
<?php
session_start();
if (!isset($_SESSION['is_logged_in'])) {
header("Location: login.php");
die();
}
?>
<Some HTML content>
Is die() really necessary here ?
Is die() really necessary here ?
It is: Otherwise, the client will still get the HTML code in the response body. The header asks the client to terminate and go to the new page, but it can't force it.
The client can always continue listening to the response, and receive everything output afterwards, which is a fatal security hole e.g. when protecting sensitive data in a login area.
Yes, die() is necessary. A call to header("Location: some-location.php") sends the specified header (a 302 redirect in this case) to the browser; but it DOES NOT terminate the script. It becomes more important if the lines after the redirect statement contains PHP code which may execute unintentionally. So if want to send the redirect header and abort any further processing you must call die, exit, return or any other similar construct.
Note that it is possible to perform further processing after sending the redirect header.
Yes. Simply generating a header, even the Location header, does not terminate the current script. The HTML output will be visible in e.g. a packet sniffer.
I found that: http://www.figured-it-out.com/figured-out.php?sid=181
So according to this it seems that some browsers just stop receiving the html content and redirect directly to the new page where other browsers like IE still wait untill the loading of the page is ready.
In my test.php file, I sent a request to a Flickr app I have using
header("Location: " . $request);
where $request is the URL that I am trying to reach on Flickr.
For my Flickr app, I have to set a callback URL. When Flickr is done with processing my request, it will call the callback URL.
I would like the callback URL to be my original page, test.php. When I try this, I get stuck in an infinite loop, because test.php is re-sending the request back to Flickr, and Flickr calls my test.php again (repeat ad infinitum until the browser quits).
Is there a way to put some kind of conditional in test.php to check if the request came from Flickr, or at least some way to let the script know that the request has been sent, so don't send it again.
I've already tried it where I changed the callback URL to another page of mine, and that works fine. I'm just seeing if I could re-use the same page.
Its ugly.
The two posted solutions won't work because:
The referer isnt changed on redirect (well it is cleared if its a http meta redirect, but not if its a header redirect. but it doesnt become something else so easy).
Putting exiting after a sent header is generally a good idea if there is something else normaly executed afterwards, but its not related to the problem.
Simply put, if it should be the SAME page, you need to to store in a file or database or something the redirect counts per ip adress/user and break or something but NONE of this is really reliable. You can make it more secure by having a secured token that cannot be reverse engeneered etc but all this doesn't make sense. You could also use cookies. Which is just as unreliable as well.
Regarding your problem, flickr does NOT redirect back to the samep age.
Regarding to their specifications they append ?frob=[frob].
http://www.flickr.com/services/api/auth.spec.html
Check for that:
<?php
if(!isset($_GET["frob"])) {
header("Location: " . $request);
exit();
}
?>
try checking the referer with the $_server['HTTP_REFERER']
[Edited]
I just wanted to say that, you should try adding if condition
// just and example, use some regular expression to check the refere
if($_SERVER['HTTP_REFERER'] != http://flicker.com){
header("Location: " . $request);
}else{
// another code
}
Thanks
As an alternative to checking for the (non-)existence of $_GET["frob"], couldn't you set the callback url in Flickr to be www.mysite.com/test.php?from_flickr=1 and then do
if (!$_GET['from_flickr']) {
header('Location: '.$request);
exit;
}