HEllo I have this URL I need to get with PHP
http://www.domain.com/forum/#forum/General-discussions-0.htm
The problem is this is not a real URL, but this the mask created by the .htaccess.
I need to get the visible URL and not the real path of the file, because I need to compare it with some PHP variables I have.
In fact the real path will look like this:
http://domain.com/modules/boonex/forum/index.php
And in that way is totally useless for me.
How do I get the first URL as it is?
You can't get that from http://www.domain.com/forum/#forum/General-discussions-0.htm. Everything after the fragment (#) is not even send to the server, there is no way to retrieve it save for a delayed update with javascript. All you'll get it is http://www.domain.com/forum/ send to the server, and on the onload event of your document you can possibly load something in with javascript.
Look into the source code or it may not have real urls at all. The part is for ajax based navigation. It may mean that there are no real urls on that site and if there are then they should be extracted from <a href="someurl"> as they might masked using javascript.
With
file_get_contents();
for example. Neither user nor your server mind about .htaccess
It's server proccessing the request who have to direct you to correct address
however php does ignore everything after #, so in this case you have no chance to get it without real url
As #Wrikken said, there is no way to get url after # fragment
Related
I am trying to implement some php on an Apache 2+ Server which I do not have root access of. One script has to receive variables in a URL, but the API, that sends me the data, generates a URL-String with a # character in it.
The URL in Question would look like this:
http://website.name.com/script.php#foo=1&bar=2
Is there any way for the foo and bar variables to reach the script.php? I've read in other answers that everything after # doesn't get parsed by the server, so I tried to use an .htaccess file with a RewriteRule to replace the hashtag, but I was unable to create a working RegEx command.
No, the thing isn't that it isn't parsed by the server, the issue is that it's never being sent to the server. Everything after # is a local anchor, and is only available inside the current browser context (so Javascript would be able to read it, as it runs in the current browser context).
Since it's never sent to the server, you can't rewrite it or read it (since it doesn't exist) on the server side.
What you can do, is create a small bit of Javascript on the resulting page in script.php, and then submit that back to the server side - either through a redirect or through a fetch or xmlhttprequest.
To recreate the request as a GET request with the same parameters as given in the local anchor, you can use location.hash and remove the #:
location.href = 'realscript.php?' + location.hash.substring(1);
.. but I would consider parsing the hash yourself and then doing whatever is necessary in Javascript explicitly instead of redirecting like that.
I want to encode the URL including its path in PHP.
For eg: As of now,my path is www.yoursite.com/code/results/show.php?u=10&n="tom".
I want to encode this URL so that user should not be able to see the
"/code/results/show.php?u=10&n="tom".
Why I need this because
I do not want to expose my server data location to user
Keep my server safe.
Thanks in advance.
You will need to look into .htaccess files, from there you can perform url rewrites that will take a url of (for example) www.yoursite.com/code/results/show.php?u=10&n=tom and instead output www.yoursite.com/results/10/tom.
If the u=10&n=tom is important, it can't be removed entirely from the URL, however it can be masked in the above way, the alternative is to do everything with POST, which is not a good way to go.
Take a look at this link: http://www.addedbytes.com/articles/for-beginners/url-rewriting-for-beginners/
best way to hide critical information is to keep it secret, instead just use a reference and get the information from the database.
in general its no good sign if security depends on how user are sending requests.
Sending it with POST would hide it, but not really... there are various ways to get and manipulate post-data.
the problem is not with url, URL should be used to only identify resource, if you want to hide something then it should not reach (be part of URL) client in the first place.
I am having a small trouble with mod rewrite. A friend of mine is writing a script that allows you to upload images.
What we want to do is allow the user to append a domain name to a direct image link, and the script would retrieve the image from the supplied URL.
For example, if the image is at: http://www.test.com/image.jpg, adding domain.com/http://www.test.com/image.jpg would allow a script to retrieve that url (test.com) to get the image we want.
EDIT: HTTP is in front of the URL because I don't want the user to have to remove the HTTP manually. They see an image in their browser, they append "domain.com" before it, http and all and the script retrieves that image and stores it on our server.
The rule I am using is:
RewriteRule ^([\w|.|/]+(jpg|png|gif))$ /upload.php?url=http://$1 [B,L,NC,R=302]
this correctly matches URLs but the colon in http:// causes problems.
If the user inputs: domain.com/www.test.com/image.jpg, it works.
If the user inputs: domain.com/http://www.test.com/image.jpg, it doesn't work and I get a 403 forbidden page (XAMPP on Windows).
If the user inputs: domain.com/http//www.test.com/image.jpg, it works (no colon in http).
EDIT: By working, I mean if I test it locally, I get to see the URL I pass in a $_GET['url'] parameter correctly, instead of seeing an error 403.
Can you please tell me what is wrong with this rule and how to fix it? Or any alternative solutions to achieve the behavior we want?
Thank you.
Well, I think I've found the problem. It wasn't the regex, nor mod_rewrite itself.
So it's a bug in Apache on Windows that has been declared WONTFIX.
For reference, see this StackOverflow thread: and this bug report
I'm posting what I found and will consider this question answered. Thank you all!
You could use urlencode() in php
This approach is cumbersome, error prone and insecure (for example, an image URL isn't required to end with those well known file extensions)
If I understand your use case, it starts when the user is surfing the web and he's viewing an image, and he wants to share it via your service. Then he types by hand http://your.sharing.service in the browser's address bar, just before any text. Then you use mod_rewrite to trigger your script, but I think your regex (and your service too) will fail in a number of unpredictable ways.
I never used a service like this, and I think that the standard approach of using a button to submit the URL to some script (let's say http://my.service.com/upload?url=...) should be preferred.
The problem is in your regex...
Try:
^((http|https)+[\:\/\/\w\.]+(jpg|png|gif))$
I have a Javascript bookmarklet that POSTs to a PHP script, and I need PHP to know the filename of the page that the bookmarklet is POSTing from. I'll be using that filename with file_put_contents(), so I need it to be a real file.
The PHP will also be running on the same server as the page being POSTed from.
For example:
script.php is placed in the root of an arbitrary server (http://site.com/)
The operator browses to an arbitrary page on the server (http://site.com/foo/bar/baz) before executing the bookmarklet.
The bookmarklet sends some data to http://site.com/script.php.
script.php now needs to make some modifications to the file corresponding to http://site.com/foo/bar/baz, but can't resolve the URL to a filename.
There's location.href in Javascript and $_SERVER[ 'HTTP_REFERER' ] in PHP, but in the case of a rewritten URL (via mod_rewrite or whatever) these won't contain the real filename.
Is there any way to find the real filename of a URL in PHP or Javascript?
There's location.href in Javascript and $_SERVER[ 'HTTP_REFERER' ] in
PHP, but in the case of a rewritten URL (via mod_rewrite or whatever)
these won't contain the real filename.
Is there any way to find the real filename of a URL in PHP or
Javascript?
In Javascript: Client side Javascript has no idea about server side code unless the server passes that information to the client. Short answer: not unless you make it possible.
In PHP: I think that realpath will translate a URL to a physical file on the local drive (in ASP it is Server.MapPath), BUT, I don't know if that will work for rewritten URLs. I very much doubt it. If I am correct that it will not, then there could possibly be a related function specific to whatever framework you are using, if one is being used. If you are simply using mod_rewrite or similar without a framework, then you would have to code up your own function which knows how to translate from the virtual path to a real one.
You can't use $_SERVER["HTTP_REFERER"] because the client may choose not to send it, and this seems to be an essential bit of data.
In JavaScript you can only know the URL as it is displayed to the user (via document.location.href). If you want to know the filepath of the php script that handles that URL, just have PHP output the filepath somewhere on the page (in JS source) so JS can pick it up and pass it on.
I'm trying to store a url such as:
http://localhost/pro_print/index.php#page=home
in a variable, but I can't find a function that does that. I found plenty of solutions to store the index.php, but it doesn't include the hashmark and what follows it. Is there a PHP solution for this?
I did see that I can get the full url including hashmark with javaScript using document.write(document.url) or document.write(location.href) but how do I store that into my variable? Is there any way I can combine PHP with javaScript in some sort of solution like this?
<?php $url ="?><script>document.write(document.url)</script><?php "?>
The fragment identifier (the # and everything that appears after it) is handled entirely client side, and is not sent to the server when the URI is requested.
To make it available to PHP, you would have to:
Allow the page to load
Read the location with JavaScript
Send it to the server using an Ajax technique (e.g. XMLHttpRequest) or in a subsequent request
This won't make it available to the server at the time the original script runs, but nothing else can.
An alternative approach would be to duplicate the information in the fragment identifier somewhere else in the URI (e.g. the query string). This is used by this site when submitting an answer.