Can someone help me with my if statement? I am trying to make two checks when people visit my website. 1st one checks the connection type if its not a Broadband connection it sends the header redirecting to google. The 2nd one checks to see if the ip address is a known proxy if so it sends the header directing to google. My problem is no matter if its a proxy or not it always sends the header, and same for the connection type no matter which one it sends the header. What am I doing wrong?
HERE ARE THE OPTIONS FOR $TYPE.
$type = "Corperate";
$type = "Dial-Up";
$type = "Broadband";
//Block based on connection type
if ($type != "Broadband") {
header('Location: http://www.google.com');
} else {
//Do Nothing
}
HERE ARE THE OPTIONS FOR $PROXY.
$proxy = "Suspected Network Sharing Device";
$proxy = "Known Proxy";
//Block based on proxy
if (strlen($proxy) > 0) {
header('Location: http://www.google.com');
} else {
//Do nothing
}
Dont both your options of $proxy have length>0 ?
I think it should be
if($proxy != "known_proxy"){
header('Location:http://www.google.com')
}
Use
if (!empty($proxy)) {
header('Location: http://www.google.com');
}
instead.
Also, I'm not even sure that is your problem since both proxy "options" are not empty strings, therefore have a strlen() > 0.
The only way that if statement will return false is if you were to do $proxy = ""
Related
I'm currenting busy coding a registration page. The page has three steps and every step has its own cookie value. What I'd like to do is checking for the cookies value and transfer the user to the correct page upon visiting the website
Example:
if the value of $_COOKIE['step'] is 'step_two' it should redirect to: www.domain.com/register.php?step=your_details. If the cookie's not set, it should not redirect and stay on the register.php page.
The redirecting is working 'fine', but it gets into an infinite loop. I really cant think clear anymore as I've been awake for almost 24h now. Therefor I would appreciate it if anyone could push me into the right directions.
Piece of code:
$cookie_value = 'step_2';
setcookie("step",$cookie_value, time()+3600*24);
$cookie_not_set = true;
$cookie_step_two = false;
if (isset($_COOKIE['step'])) {
if ($_COOKIE['step'] == 'step_2') {
$cookie_not_set = false;
$cookie_step_two = true;
header('Location: ?step=your_details');
exit();
}
} else {
$cookie_not_set = true;
}
Thank you.
Nowhere are you actually setting your cookie value, so it won't change. That's why you have an infinite loop.
$_GET and $_COOKIE have nothing to do with each other. It looks like you want:
if ($_GET['step'] === 'your_details')`
...which would be better than using a cookie anyway.
You are going to constantly enter your if condition as there is no other manipulations going on to your cookie data.
if your cookie is set to "step_2" you will enter the loop. No changes are in place, so on the refresh to the page. You will re-enter the step_2 condition and be into a redirect.
I'm also assuming that you understand that your $_GET & $_COOKIE requests are completely different. If not, see #Brads answer
A solution to stop this infinite loop would be:
if (isset($_COOKIE['step'])) {
if ($_COOKIE['step'] == 'step_2') {
$cookie_not_set = false;
$cookie_step_two = true;
$_COOKIE['step'] = 'step_3';
header('Location: ?step=your_details');
exit();
}
But also take note, your true/false validations/changes are local changes and will not be absolute on page refresh
I believe your issue is the redirect is not changing your cookie, so you need to look at the GET var you a re passing if the cookie is set to step_2 thus;
$cookie_not_set = true;
$cookie_step_two = false;
if (isset($_COOKIE['step'])) {
if ($_COOKIE['step'] == 'step_2') {
if( !empty($_GET['step']) && $_GET['step'] == 'your_details' )
{
... you have redirected and now can continue ...
}
else
{
// redirect and set the get var to signal to this script.
$cookie_not_set = false;
$cookie_step_two = true;
header('Location: ?step=your_details');
exit();
}
}
} else {
$cookie_not_set = true;
}
Basically I am coding a script where it simply redirects the user to the destination page. And I want to be able to check if multiple websites are not equal to the value; if this is so, it will run a error, else it will proceed.
I can't seem to get this to work though, although I am sure there's a way to check multiple values.
<?php
$url = $_GET['site']; // gets the site URL the user is being redirected to.
if ($url != "***.co", "***.net")
{
echo ("Website is not valid for redirection.");
} else {
echo ("You are being redirected to: " . $url);
}
?>
You can make an array of items to check for and then check if the url is in the array:
if (!in_array($url, array("***.co", "***.net")))
{
}
You can also use multiple conditions like #wrigby showed, but the solution using an array makes it easier to add more (or a dynamic number of) urls. But if there are always two, his is better.
You'll need two complete conditionals, connected with a logical and (&&) operator:
<?php
$url = $_GET['site']; // gets the site URL the user is being redirected to.
if ($url != "***.co" && $url != "***.net")
{
echo ("Website is not valid for redirection.");
} else {
echo ("You are being redirected to: " . $url);
}
?>
I have a PHP script which I will post below. It is a voting website, and my client only wants one user to be able to vote once based on their cookies and IP address.
After voting once, if the cookie or IP is detected as the same they are redirected to a fake voting pg which allows multiple votes. The browser loops between both the legal and duplicate vote pages.
Here is the code, I only added in the exit and die functions after getting this error and seeing online that might be the cause - however adding those functions made no difference.
$q = mysql_query("SELECT * FROM votelog");
while($row = mysql_fetch_array($q))
{
if(($ip = $_SERVER['REMOTE_ADDR']) == $row['ip'])
{
$duplicateIP = true;
}//end if
if(($row['pollid'] == 8))
{
$duplicatePoll = true;
}//end if
}//end while
//check cookies
if(isset($_COOKIE['poll']))
{
$cookieCheck = true;
}//end if
if((($duplicateIP == true) && ($duplicatePoll == true)) or ($cookieCheck == true))
{
show this pg
}//end if
else
{
echo '<meta http-equiv="refresh" content="0; url=/polls/legit" />'; //redirect to legal pg
exit();
die();
}//end else
Any ideas? The other page is the same except that the if and else are switched, like this:
if((($duplicateIP == true) && ($duplicatePoll == true)) or ($cookieCheck == true))
{
echo '<meta http-equiv="refresh" content="0; url=/polls/dupe" />'; //redirect to duplicate
exit();
die();
}//end if
else
{
show this pg
}//end else
P.S - I'm operating in a Wordpress environment
It is hard to guess whats going on there. But if your code is fine, i would expect that you have an caching issue.
Setting the headers (header()) correct, would help to solve that issue. But be carefull, you can make it more worse with setting wrong headers.
So an easy workaround could be to add an ?time() to your url. So the redirected URL would change each second.
echo '<meta http-equiv="refresh" content="0; url=/polls/dupe?'.time().'" />'; //redirect to duplicate
Just a side note:
exit();
die(); // this will never reached, as exit() and die() is the same
About exit() and die()
I want to develop a url Router in which when a particular URL comes then I redirect my program to a particular url. Is it even possible?
Thanks in advance...
You can send a HTTP header to redirect to another page:
header("Location: foo.php");
... or for a full URL:
header("Location: http://www.google.co.uk/");
Note that you should send headers before any other output (i.e. echo).
if you want to test a 'particular' url, you need to construct it first:
$ssl = "";
if ((isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"]=="on") || (isset($_SERVER["SERVER_PORT"]) && $_SERVER["SERVER_PORT"]=="443"))
{ $ssl = "s"; }
$serverport = ($_SERVER["SERVER_PORT"]!="80"?":".$_SERVER["SERVER_PORT"]:"");
$theurl = "http".$ssl."://".$_SERVER["SERVER_NAME"].$serverport.$_SERVER["REQUEST_URI"];
then, you can test it against another url (or array of them):
if ($theurl != $myurl) {
header("Location: index.php");
}
against an array of urls:
if (in_array($theurl,$myurls)) {
header("Location: index.php");
}
I've been banging my head against this for a week. I have a page that we want to only be accessible from another domain. Is it possible with PHP or .htaccess? Ive posted a couple attempts to do this on here, nothing seems to work. Please help!
<?php
$allowed_domains = array('dirtybirddesignlab.com','foo.com');
$REFERRER = $_SERVER['HTTP_REFERER'];
if ($REFERRER == '') {
exit(header('Location: 404.php'));
}
$domain = substr($REFERRER, strpos($REFERRER, '://')+3);
$domain = substr($domain, 0, strpos($domain, '/'));
if (!in_array($domain, $allowed_domains)) {
exit(header('Location:404.php'));
}
?>
To expand on my comment, see the line if ($REFERRER == '') block.
<?php
$allowed_domains = array('mydomain.com','yourdomain.com');
$REFERRER = $_SERVER['HTTP_REFERER'];
if ($REFERRER == '') {
// What do you do here?
}
$domain = substr($REFERRER, strpos($REFERRER, '://')+3);
$domain = substr($domain, 0, strpos($domain, '/'));
if (!in_array($domain, $allowed_domains)) {
exit(header('Location: error.php'));
}
?>
Note, the above will fall through to always referring those browsers that haven't reported a referrer to be redirected to the error.php page.
My suggestion is to do something like...
Generate salt, share with other server ($dsalt = output from something like puttygen.exe)
Generate shared key on the other domain during response - $dkey = sha1($dsalt.date('mDY G'))
Put $dkey within page for requests, resulting in "http://www.mydomain.com/getstuff-ajax.php?key=$dkey"
Recreate the same $dkey on your server and compare against the one in the GET to detect non-allowed access
For instance...
Their domain
<?php
$dsalt = "AAAAB3NzaC1yc2EAAAABJQAAAIBNnuGAM6ZKURAS9h9ag".
"H85T1eIE+jlLkq7GhFny8wMJNpSM0stTDWeEYfL+4xWIE".
"lIF3NFvRpDAG/cgXuVmlBcO0ZxxKosrDv0dXCXNt5ciPJ".
"UjFi1e0FEJtkO32xrTDEB2IUg9rZ0tiqqsqnTCZBQ4AEvpMi";
$dkey = sha1($dsalt.date('mDY G'));
// ... Other stuff or whatnot, possible the above is also just an include file
// Then, they use it...
echo "Download stuff";
?>
Your domain - include('/path/to/domaincheck.php')
<?php
$dkey = $_GET['key'];
$dsalt = "AAAAB3NzaC1yc2EAAAABJQAAAIBNnuGAM6ZKURAS9h9ag".
"H85T1eIE+jlLkq7GhFny8wMJNpSM0stTDWeEYfL+4xWIE".
"lIF3NFvRpDAG/cgXuVmlBcO0ZxxKosrDv0dXCXNt5ciPJ".
"UjFi1e0FEJtkO32xrTDEB2IUg9rZ0tiqqsqnTCZBQ4AEvpMi";
if (sha1($dsalt.date('mDY G')) != $dkey) {
exit(header('Location: error.php'));
}
?>
Notice both the $dsalts are the same. I generated that with puttgen.exe.
Something along those lines. You will need to handle cases in which the key may expire, or whatnot. Another method may be to share valid $dkey's between your servers with a timestamp and expire them after a certain amount of time (maybe one hour).
theirserver.com and yourserver.com
Salt, or in other words, private key, same on both servers
Function to (re)create the hash using the salt and some date stamp, same on both servers
Browser
Links to yourserver.com includes generated key (hash) created from static salt and date stamp function
You can use something like this:
<?php
$allowed = array("xxx.xxx.xxx.xxx", "xxx.xxx.xxx.xxx");
$ip = $REMOTE_ADDR;
if(!in_array($ip, $allowed))
{
header("Location: index.php");
exit;
}
?>
Replace xxx.xxx.xxx.xxx with the ip address of the site?
It will check IP address of traffic and if it's not in the array will redirect them elsewhere as defined in header location
Based on checking if the refferer is from a certain page try this:
<?php
$referer = $_SERVER['HTTP_REFERER'];
$referer_parse = parse_url($referer);
if($referer_parse['host'] == "mysite.com" || $referer_parse['host'] == "www.mysite.com") {
// download...
} else {
header("Location: http://www.mysite.com");
exit();
}
?>
Try the following with .htaccess.
order allow,deny
deny from all
Allow from "domain to allow without www"
if domain name doesn't work, try
Allow from "IP address"
Exclude "" in the actual file.