I'm doing a soap request to an external API using Laravel & Guzzle. All other calls have succeeded to get the actual response but for the redirecting user to the external page has failed because the external API web service only allows my server IP to access that page.
I have tried:
windows.location (javascript)
location header (PHP)
return redirect URL (PHP)
This is their documentation on how to redirect in VB language :
redirection code in VB
All of these methods only use the browser redirection which is using user IP not the server IP.
Any method that I can use to redirect user using my server IP that you guys can recommend?
Thanks in advance.
Extra context/information:
Example screenshot for the fourth call which include get the quotation number and generate the url parameter
That is the code for VB that they provided in API documentation. So why I want to bring the user to the page? It is because when the GetQuotation (fourth call) is already submitted to their database and it will return QuoNo that will be used in the URL parameter. When the user gets redirected to the external page with parameter QuoNo=12412194149124, their backend will query for the quotation details that the user fills in my side (mydomain.com/form) and auto filled it on their side (otherdomain.com/form).
If you see from the screenshot, the System.Diagnostics.Process.Start will execute the url once the Quotation number (QuoNo) is generated. So once the user click on the 'buy now' button on our end (mydomain.com/form), it will call the fourth call (GetQuotation guzzle function) and generate a Quotation Number (QuoNo) then it will be populated in http://otherdomain.com/main.a5w?tokenid=wm-9Kj-14e-Fa4-I1adlXrQ00weqwe3S&QuoNo=QUO022348921312301623. Based on what my understanding on VB code, System.Diagnostics.Process.Start will force the url to be opened.
I'm sorry if it's still lacked of info given. Feel free to ask more. Thank you
What you want can not be achieved sadly. The only thing you can do with the redirect is tell the browser where to go, you have no control over the IP here since this would pose all kinds of issues regarding security and identification. The only way to achieve what you want is to wrap the html of the resulting webpage in your website or remove the restriction of the ip addresses. Another solution could be to build a simple page which is accessible to everyone and limit the API routes to specific IP addresses. For example:
Let's assume the payment gateway is at: example.com/checkout, this one would be accessible to everyone and would contain a form to which you can perform the redirect and fill this form with the passed data.
This form would then post the information to example.com/api/v1/checkout which will process your form data and return if the transaction was succesful. Based on this return the user will be redirected to another page. This is assuming you have control over the other domain since only with your server IP you can access this site.
If this is not the case there is no other way than to post the data to an endpoint via guzzle and use these return values to provide feedback to the user.
I hope this answers your question, if anything is unclear please let me know.
I am working on one website to convert its existing site into Angular, I am using Angular 4, my client wants to keep URL in new site same as its previous site.
Previous site URL was having .php extension in URL e.g. site have agent section with agent listing and agent single page, agents are getting managed from admin it has URL like
www.example.com/our-realtors.php
and for agent detail page
www.example.com/jenny-blain.php
I am using angular default routing strategy. For first time URL is working fine and data is getting fetched but once I reload the page component is not getting loaded.
Can anyone let me know what can be the issue or how can I achieve this?
Currenty I am in development mode.
Thank you in advance.
Please accept my apology if my question has a simple answer. I'm trying to add a functionality to login through google account with PHP and OAuth 2.0. I tried this on a simple login page and its working fine.
Now, I have a page of recipe where user can give their comment. Page URL is something like this mysite.com/recipe-123-recipename. I changed URL through .htaccess. Original link is mysite.com/single_recipe.php?id=123&title=recipename.
There is a option of redirect URL in google API console and it is optional so I left it blank. Every time I try to use script i get redirect URL mismatched error.
I just need to know how can I set redirect URL like single_recipe.php?id=123&title=recipename so user get back to this page? or I need to change the script? I have added facebook login in same page and it is working great.
Please guide me I tried everything but no luck so far.
I saw a few questions out there already about ensuring site access comes from QR code scans, but they seemed to be focused on analytics purposes (tracking where traffic was coming from), whereas my interest is in security/privacy.
I want to set up a site that can only be accessed when a provided QR code is scanned. In other words, I don't want the URL that the QR code possesses to be able to just be manually typed/pasted in for site access via other means.
I've been googling this issue for a bit with no luck whatsoever. I'm trying to think of a way with referring URLs or other means to ensure that a person arrived at the site by actually scanning the provided QR code.
EDIT: The solution would need to be scanner-independent as well (i.e. I cannot force users to download and use a specific QR scanner app) and cross-platform (Android + iOS + WinMo + BlackBerry, etc.).
Now I submit the issue to you wonderful folks.
We got something the same at our company. We provide a link like:
zxing://scan/?ret=http%3A%2F%2Ffoo.com%2Fproducts%2F%7BCODE%7D%2Fdescription&SCAN_FORMATS=UPC_A,EAN_13
Where {CODE} is the code which is returned in the QRCode. So what you can do is create an url like above (see more info for a link). And then put a encrypted data in the QRCode, so only if this url is clicked by the user and the data of the QRcode is correct. People can continue to go on your website. This way if the qrcode is leaked, they won't know the site. And if they know the site, the code is encrypted.
If people scan the barcode by clicking on your website. The zxing will open a new browser with the URL and the {CODE} filled with the scanned code.
But, people do need the barcode scanner from android or iphone.
More info:
zxing download / homepage
zXing scanning from w
You can't ensure that the URL came from scanning the QR code, that isn't possible. QR codes are just a method of encoding text, once the user knows the text they can do whatever they want with it.
You can, however, restrict the usefulness of the QR code so even if it is leaked it isn't useful. If possible, I would start by generating the QR codes on-demand with a random seed and have them expire shortly thereafter. This would make it so even if the QR code were leaked, it wouldn't be useful for very long.
About the best you can do is set a query string in your QR code. Something like:
http://www.example.com/myapp
Could be changed to something like:
http://www.example.com/myapp/?qrcode=1
This can then be handled in PHP with:
if(!isset($_GET['qrcode'])) die();
The problem with this, of course, though, is that anyone with the URL could simply navigate directly to that URL in their normal web browser.
This isn't something you can prevent, however.
You can also check whether $_SERVER['HTTP_USER_AGENT'] claims to be a mobile phone. Here's another question on the topic.
You could add parameters, but ultimately QR codes are just a method of encoding text, so whatever you encode can be typed into a browser if someone knows what's encoded.
If you are making post call to any web URL from QR code, then whatever body you are sending with it, will not be visible unless user went through QR scan mode.So by just entering Web URL user will not able to access web URL contents.
I've built a little mobile web app for the town I live in which aggregates a lot of info and makes it readable. Lately, on my android phone browser, when I go to a certain page it asks me do I want to open it with Browser or MX Android Player. I've looked at the request headers in Chrome and I can't find anything wrong with it. I've had someone test this on an iphone and the issue doesn't happen. Any ideas?
The site in question is http://sligo.me
The page throwing errors is http://sligo.me/Events.
This has nothing to do with your page. It rather has something to do with MX Android Player. Android allows its app to register for URLs to be handled through them. In this way if Chrome is installed on a phone and the user clicks on an URL the system will ask if it should use Chrome or Browser to open the URL. The user can now select a default app or make the choice every time she clicks on a URL.
An app can also register for some URL parts only. A good Twitter app would register for all URLs with the host Twitter and then display the content of that page inside the app.
I guess that MX Android Player registered for some URLs and the http://sligo.me/Events matches that filter. You could experiment a little bit and try to change the URL part that the filter matches. More information about this filtering can be found in the Documentation about Intents and Intentfilters