Get full vanify url with subdomains in PHP - php

My current URL looks like this : 'http://subdomain.domain.com/vanity/url'
When I try to use PHP to get this URL:
$url = "http://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"];
The var $url holds this:
'http://domain.com/index.php?var1=vanity&var2=url';
I want to get the actual URL that is in the address bar. Is this possible?

What you are doing should work - the REQUEST_URI key should hold the un-rewritten URI. I guess what you are experiencing is a bug or bizarre misconfiguration in the Apache build you are working with.
Your best bet would be to print_r($_SERVER) and see if any of the keys in there hold what you are after - I have just done it on a heavily rewritten site I maintain and the following keys all contained the information you are after, either in part or as a whole:
SCRIPT_URL - has what REQUEST_URI should contain
SCRIPT_URI - has the entire URL including http://domain/
SCRIPT_NAME - has what REQUEST_URI should contain
PHP_SELF - has what REQUEST_URI should contain
Some of these seem odd to me that they should contain this (particularly PHP_SELF) but I think this is yet another good reason to not use mod_rewrite unless you absolutely have to...

Related

PHP: How to get content of another URL (page) on my site without changing address in bar

I am using ModRewrite as below to convert urls on my site to be SEO friendly:
RewriteRule user/(.*)/$ seo-url-user-by-name.php?username=$1
Now I am writing code for seo-url-user-by-name.php and am looking for a way in PHP to redirect to:
user.php?uid=<uid>
so that seo-url-user-by-name.php will essentially return the contents of user.php?uid=<uid> BUT without changing the address in address bar to user.php?uid=<uid>
How do I do that?
Simply include user.php in seo-url-user-by-name.php. To get the querystring right you have to overwrite the value in $_GET.
$_GET['uid'] = 'whatever you want';
include 'user.php';
You're going about it backwards. The only URLs your code should be outputting are the 'friendly' ones. Those are the urls that will appear in the produced HTML and what will show up in the user's address bar.
e.g.
Bad URL (URL #1)
This URL is fine (URL #2)
You should never output anything but URL #2's. It'll be your server's responsibility to convert that clean (and in real terms, non-existent) URL to whatever really is on the server. PHP itself should never care nor see the /user/foo URL. PHP will be invoked as /user.php?id=foo as usual, and go about its business as usual.
The remote user would never see that rewriting occurring, they'll just see a request go out for /user/foo.

Creating SEO canonical paths (none absolute)

I am using my code like this to generate a canonical link for SEO purposes
<link rel="http://www.mydomain.com$_SERVER[SCRIPT_NAME]">
So lets say the file I go to is http://www.mydomain.com/thisfolder/?this=that&yes=no
The canonical link will display as
http://www.mydomain.com/thisfolder/?this=that&yes=no
What I want is no matter what the extra variables being passed in the URL are that it will display the canonical as
http://www.mydomain.com/thisfolder/
I have tried both REQUEST_URI and SCRIPT_NAME in my $_SERVER[]; but both do the same thing. Is there a way I can achieve this whether I am just not using the correct name to $_SERVER[]; or is there anyway to do this?
Try $_SERVER['PATH_INFO']
Contains any client-provided pathname information trailing the actual script filename but preceding the query string, if available. For instance, if the current script was accessed via the URL http://www.example.com/php/path_info.php/some/stuff?foo=bar, then $_SERVER['PATH_INFO'] would contain /some/stuff.
http://php.net/manual/en/reserved.variables.server.php

PHP redirect to another website

I have a directory named "goto" and a file inside called index.php. Currently the following is inside the index.php file:
<?php
$url = $_GET['url'];
header("Location: $url");
?>
At the moment to redirect to another URL I have to type this into the address bar:
http://mysite.com/goto/?url=http://google.com
I would appreciate it if you could tell me how I could change that URL so that I could redirect the user to a website by typing this into the address bar:
http://mysite.com/goto/http://google.com
Use mod_rewrite and .htaccess to rewrite http://mysite.com/goto/http://google.com as http://mysite.com/goto/?url=http://google.com
RewriteEngine On
RewriteRule ^goto/(.+)$ /goto/?url=$1 [L]
Depending on your server configuration you may need to include a / in your rewrite path (i.e., ^/goto/(.+)$).
Unless you want to become a malware hub, I would wholeheartedly recommend you not doing this.
If you wish to allow redirect in such a manner, using http://mysite.com/goto/google and then work out the domain from a whitelist of available, allowed, destinations.
You will need to parse the data which could be a little tricky because you have to differentiate the difference between your URL and the other URL.
My suggestion is to not do so because the second that header is launched you will not see the url and it be better for you to just pass it as a get statement or a post.
EDIT
If you're determined then parse_url() is what you want. :)
#ide's method would work ... but you could also have the PHP script examine $_SERVER['PATH_INFO'], which is how that part of the URL would get passed to the CGI script.
(although, if there's a question mark in there, you'll also have to either make sure it's URI encoded, or also get the QUERY_STRING; you'll also lose any part after a hash, but you'd have the same problem with your current scheme)

Accessing the rewritten URI in a php script

So I have a .htaccess file which is performing a rewrite from /testscript1.php/testvar1/testvar2 to
/testscript2.php/testvar3/testvar4
(this is an over simplification but you get the idea).
Now though in my testscript2.php script when i access the $_SERVER['REQUEST_URI'] variable i see /testscript1.php/testvar1/testvar2 rather than /testscript2.php/testvar3/testvar4 which is what I am looking for. i.e $_SERVER['REQUEST_URI'] contains the uri before the rewrite.
My question is simply, is there a way to access the rewritten uri?
Try using phpinfo() to get a view on what $_SERVER looks like on a rewritten page. Apache supplies quite a lot of info that may be useful.
On my test server, I get the following which may help you:
$_SERVER["REDIRECT_QUERY_STRING"]
$_SERVER["REDIRECT_URL"]
$_SERVER["QUERY_STRING"]
$_SERVER["REQUEST_URI"]
$_SERVER["SCRIPT_NAME"]
$_SERVER["PHP_SELF"]
I would expect that at least one or a combination of those should be able to reliably give you the information you're looking for.
Cheers.
If you’re using the path info to pass an additional path, you can strip that suffix from PHP_SELF:
substr(parse_url($_SERVER['PHP_SELF'], PHP_URL_PATH), -strlen($_SERVER['PATH_INFO']))
Or simply use SCRIPT_NAME since PHP_SELF = SCRIPT_NAME + PATH_INFO. Just take a look at the various values in $_SEVER.

How To Identify The Requested Page In PHP

Is there any easy way to identify the file initially handling the request, ignoring get arguments and handling (at least basic) mappings like / to /index.php?
Ideally what I'm looking for is something like $_SERVER['REQUEST_URI'], except it returns the same value regardless of the get arguments and that value is the file requested, not the URI, nor the currently executing file ($_SERVER['PHP_SELF']). In other words, a $_SERVER['REQUESTED_FILE'] or something. I haven't seen anything like that. Does it exist, or do I need to write something manually?
Update
Here are some example URLs paired with what I would like the result to be:
example.com/mypage.php : /mypage.php
example.com/ : /index.php
example.com/foo/?hello=world : /foo/index.php
And these return values are true even in included files. See my answer below before answering, I think I've found what I was looking for.
I decided to test it out myself. The $_SERVER['SCRIPT_NAME'] variable serves up the path to the requested file, even if it's an index file, and without get parameters or anything else. The PHP documentation states this contains the path of the file, but it seems to be relative to the document root, just like PHP_SELF, but without the security vulnerability.
Here is the code I used to test this: https://gist.github.com/dimo414/5484870
The output when requesting example.com/?foo=bar:
__FILE__: /var/www/index.php
PHP_SELF: /index.php
SCRIPT_NAME: /index.php
REQUEST_URI: /?foo=bar
parse_url(REQUEST_URI): /
__FILE__: /var/www/pathtest.php
PHP_SELF: /index.php
SCRIPT_NAME: /index.php
REQUEST_URI: /?foo=bar
parse_url(REQUEST_URI): /
And the output when requesting example.com/index.php/<strong>XSS</strong>:
__FILE__: /var/www/index.php
PHP_SELF: /index.php/XSS # note the XSS exploit (this is bold in browser)
SCRIPT_NAME: /index.php # No exploit here
REQUEST_URI: /index.php/%3Cstrong%3EXSS%3C/strong%3E
parse_url(REQUEST_URI): /index.php/%3Cstrong%3EXSS%3C/strong%3E
__FILE__: /var/www/pathtest.php
PHP_SELF: /index.php/XSS
SCRIPT_NAME: /index.php
REQUEST_URI: /index.php/%3Cstrong%3EXSS%3C/strong%3E
parse_url(REQUEST_URI): /index.php/%3Cstrong%3EXSS%3C/strong%3E
As you can see, $_SERVER['SCRIPT_NAME'] always gives back the file that originally handled the request, i.e. the file in the URL, without any XSS risks.
$_SERVER['PHP_SELF']
Should return the actual script. But there are various methods.
I had a better link to a matrix of all the various file-related environment variables but I can't find it. I'll edit if it turns up.
Edit: I found a nice SO thread that details the differences between them.
Go get file name from the requested URL use following code.
basename($_SERVER['URL']);
basename($_SERVER['REQUEST_URI']);
basename($_SERVER['SCRIPT_NAME']);
basename($_SERVER['SCRIPT_FILENAME']);
basename($_SERVER['REQUEST_URI']);
basename($_SERVER['PATH_TRANSLATED']);
basename($_SERVER['PHP_SELF']);
use any one all all of those in the nested if condition so you will not miss file name any how.
parse_url($_SERVER['REQUEST_URI']) and then pathinfo($path) to get requested filename
$_SERVER['PHP_SELF'] to get real filename
$_SERVER['SCRIPT_NAME'] to get real filename
Its very old question and not very clear too.
What I understood is that you want to know which page is sending request GET/POST. This can be implemented by:
$_SERVER['HTTP_REFERER']
Now, to get the actual page name, write like:
= basename($_SERVER['HTTP_REFERER']);
This will solve you concern.

Categories