I'm trying to redirect users within my network to a specific landing page on our website based on their IP and a blank referrer. This code works, but it ends up in a redirect loop. How do I break out of the redirect loop to correctly redirect a user? Thanks!
$visitor = $_SERVER['HTTP_REFERER'];
$clientip = $_SERVER['REMOTE_ADDR'];
$ip = a regex list of IPs;
if (empty($visitor))
{
if (preg_match($ip, $clientip)) {
header('Location: http://example.com');
die();
}
}
Add a session to that user that you know that they were redirected already:
session_start();
$visitor = $_SERVER['HTTP_REFERER'];
$clientip = $_SERVER['REMOTE_ADDR'];
$ip = a regex list of IPs;
if (empty($visitor))
{
//add on if they did not redirect yet.
if (preg_match($ip, $clientip) &&
(!isset($_SESSION['redirect']) || !$_SESSION['redirect'])) {
$_SESSION['redirect'] = true;
header('Location: http://example.com');
die();
}
}
Related
I have redirect page called get.php which contain the following code:
header('Location: '.urldecode($_GET['url']));
$url = (isset($_GET[url]) && !empty($_GET[url])) ? $_GET[url] : NULL;
if(empty($url)){
header('Location: http://www.example.com/404');
}
This link used for ref tracking. When I check logs, I found someone abused it with pointing to non-malware website ie.
http://www.example.com/get.php?s&url=http://i-am-malware.yes
How to prevent this abused and only accept within local domain.
try this one
$url = "";
if(isset($_GET['url']))
{
$url = urldecode($_GET['url']);
}
if($url=="")
{
header('Location: http://www.example.com/404');
exit;
}
else
{
$arr = parse_url($url);
if($arr['host']==$_SERVER['SERVER_NAME'])
{
header("Location:".$url);
}
else
{
header('Location: http://www.example.com/404');
}
exit;
}
I have a full site that has been in OS-commerce and mobile site is in core PHP (codeignitor), and full version and a mobile version on sub-domain.
e.g full site: www.example.com and mobile site domain is m.example.com. when user open full site domain in mobile, then website redirect proper mobile domain, But if mobile user want to view full site then user can view fullsite in mobile.
I have used this to complete the redirect http://code.google.com/p/php-mobile-detect/, But it is not redirecting to the full site or to the mobile site using session. I know that I have to use PHP SESSIONS and REQUEST in order to get this to work but I am not sure how to use them in this instance, so could you please suggest how to solve this redirecting issue using session?
Here my code is:
session_start();
include('includes/Mobile_Detect.php');
$detect = new Mobile_Detect;
if(isset($_REQUEST['fullsite']) && $_REQUEST['fullsite'] == 'yes')
{//check if fullsite view request from mobile or website?
$_SESSION['fullsite']="yes";
if($detect->isMobile()) {
$_SESSION['website']="mobile";
}
else{
$_SESSION['website']="computer";
}
$deviceType = header('Location: https://www.example.com/');
}
else
{
if($_SESSION['website'] =="mobile" && $_SESSION['fullsite'] !="yes")
{
if($detect->isTablet())
{
$deviceType = 'tablet';
}
else
{
$deviceType = 'phone';
}
$deviceType = header('Location: https://m.example.com/');
}
elseif($_SESSION['website'] =="computer" && $_SESSION['fullsite'] =="yes")
{
$deviceType = 'computer';
$deviceType = header('Location: https://www.example.com/');
}
else{
$deviceType = 'computer';
}
$scriptVersion = $detect->getScriptVersion();
session_destroy();
}
From what I could get from github page you should be able to make it work like this:
index.php
session_start();
if ($_GET['fullscreen'] == 'yes') {
$_SESSION['fullscreen'] = 1;
} else if ($_GET['fullscreen'] == 'no') {
$_SESSION['fullscreen'] = 0;
}
if (false == isset($_SESSION['fullscreen']) && ($_SESSION['fullscreen'] == 0)) {
// If session['fullscreen'] has not been set (maybe first visit
// or the user does not what in fullscree
// check the device and do redirect
require_once 'Mobile_Detect.php';
$detect = new Mobile_Detect();
// Any mobile device (phones or tablets).
if ( $detect->isMobile() ) {
}
...
}
// Other code here
When visiting from mobile, if the user wants the full version, provide an anchor to url with GET parameter fullscreen=yes (http://example.com?fullscreen=yes)
If on full site and detect mobile (not included in code above), you could provide a link to mobile version with fullscreen=no
I want to develop a url Router in which when a particular URL comes then I redirect my program to a particular url. Is it even possible?
Thanks in advance...
You can send a HTTP header to redirect to another page:
header("Location: foo.php");
... or for a full URL:
header("Location: http://www.google.co.uk/");
Note that you should send headers before any other output (i.e. echo).
if you want to test a 'particular' url, you need to construct it first:
$ssl = "";
if ((isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"]=="on") || (isset($_SERVER["SERVER_PORT"]) && $_SERVER["SERVER_PORT"]=="443"))
{ $ssl = "s"; }
$serverport = ($_SERVER["SERVER_PORT"]!="80"?":".$_SERVER["SERVER_PORT"]:"");
$theurl = "http".$ssl."://".$_SERVER["SERVER_NAME"].$serverport.$_SERVER["REQUEST_URI"];
then, you can test it against another url (or array of them):
if ($theurl != $myurl) {
header("Location: index.php");
}
against an array of urls:
if (in_array($theurl,$myurls)) {
header("Location: index.php");
}
I am trying to detect if a user on my page has cookies enabled or not. The following code performs the check, but, I have no idea on how to redirect the user to the page they came from.
The script starts a session and checks if it has already checked for cookies. If not, it redirects the user to a test page, and since I had called session_start() in the first page, I should see the PHPSESSID cookie if the user agent has cookies enabled.
The problem is, ths script might be called from any page of my site, and I will have to redirect them back to their selected page, say index.php?page=news&postid=4.
session_start();
// Check if client accepts cookies //
if (!isset($_SESSION['cookies_ok'])) {
if (isset($_GET['cookie_test'])) {
if (!isset($_COOKIE['PHPSESSID'])) {
die('Cookies are disabled');
} else {
$_SESSION['cookies_ok'] = true;
header(-------- - ? ? ? ? ? -------- -);
exit();
}
}
if (!isset($_COOKIE['PHPSESSID'])) {
header('Location: index.php?cookie_test=1');
exit();
}
}
I think its better to make one file set cookie and redirect to another file. Then the next file can check the value and determine if cookie is enabled. See the example.
Create two files, cookiechecker.php and stat.php
// cookiechecker.php
// save the referrer in session. if cookie works we can get back to it later.
session_start();
$_SESSION['page'] = $_SERVER['HTTP_REFERER'];
// setting cookie to test
setcookie('foo', 'bar', time()+3600);
header("location: stat.php");
and
stat.php
<?php if(isset($_COOKIE['foo']) && $_COOKIE['foo']=='bar'):
// cookie is working
session_start();
// get back to our old page
header("location: {$_SESSION['page']}");
else: // show the message ?>
cookie is not working
<? endif; ?>
Load cookiechecker.php in browser it'll tell cookie is working. Call it with command line like curl. It'll say, cookie is not working
Update
Here is a single file solution.
session_start();
if (isset($_GET['check']) && $_GET['check'] == true) {
if (isset($_COOKIE['foo']) && $_COOKIE['foo'] == 'bar') {
// cookie is working
// get back to our old page
header("location: {$_SESSION['page']}");
} else {
// show the message "cookie is not working"
}
} else {
// save the referrer in session. if cookie works we can get back to it later.
$_SESSION['page'] = $_SERVER['HTTP_REFERER'];
// set a cookie to test
setcookie('foo', 'bar', time() + 3600);
// redirecting to the same page to check
header("location: {$_SERVER['PHP_SELF']}?check=true");
}
HTTP_REFERER did not work for me, seems like REQUEST_URI is what I need.
Here is the code I finally used:
session_start();
// ------------------------------- //
// Check if client accepts cookies //
// ------------------------------- //
if( !isset( $_SESSION['cookies_ok'] ) ) {
if( isset( $_GET['cookie_test'] ) ) {
if( !isset( $_COOKIE['PHPSESSID'] ) ) {
die('Cookies are disabled');
}
else {
$_SESSION['cookies_ok'] = true;
$go_to = $_SESSION['cookie_test_caller'];
unset( $_SESSION['cookie_test_caller'] );
header("Location: $go_to");
exit();
}
}
if( !isset( $_COOKIE['PHPSESSID'] ) ){
$_SESSION['cookie_test_caller'] = $_SERVER['REQUEST_URI'];
header('Location: index.php?cookie_test=1');
exit();
}
}
// ------------------------------- //
There's no need to save the original URL and redirect to it afterwards. You can perform a transparent redirect via AJAX which doesn't trigger a page reload. It's very simple to implement. You can check my post here: https://stackoverflow.com/a/18832817/2784322
I think this is easiest solution. Doesn't require separate files and allows you to proceed with script if cookies are enabled:
$cookiesEnabled = true;
if (!isset($_COOKIE['mycookie'])) {
$cookiesEnabled = false;
if (!isset($_GET['cookie_test'])) {
setcookie('mycookie', 1, 0, '/');
#ob_end_clean();
$_SESSION['original_url'] = $_SERVER['REQUEST_URI'];
$uri = $_SERVER['REQUEST_URI'];
$uri = explode('?', $uri);
$q = (isset($uri[1]) && $uri[1])?explode('&', $uri[1]):array();
$q[] = 'cookie_test=1';
$uri[1] = implode('&', $q);
$uri = implode('?', $uri);
header('Location: '.$uri);
die;
}
} else if (isset($_GET['cookie_test'])) {
#ob_end_clean();
$uri = $_SESSION['original_url'];
unset($_SESSION['original_url']);
header('Location: '.$uri);
die;
}
// if (!$cookiesEnabled) ... do what you want if cookies are disabled
I want to redirect to a new page with a message just once to my visitors, but I don't want Google to think my content was moved permanently/temporarily.
How can I avoid this?
This is the PHP i'm using for the redirection:
<?php
#session_start();
$_SESSION['uri'] = $_SERVER['VBSEO_URI'];
function getRealIP() {
if (!empty($_SERVER['HTTP_CLIENT_IP']))
return $_SERVER['HTTP_CLIENT_IP'];
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
return $_SERVER['HTTP_X_FORWARDED_FOR'];
return $_SERVER['REMOTE_ADDR'];
}
if(getRealIP()!=$_COOKIE['cookie']) {
setcookie("cookie", getRealIP(), time() + 31536000, "/");
header('Location: http://www.sie.com/redirect/');
}
?>
the solution i would use;
-Edit .htaccess add this line
RewriteRule robots\.txt robots.php
Create a robots.php file and paste in this code
session_start();
$_SESSION['robot'] = 1;
echo file_get_contents('robots.txt');
exit;
in your code... test this variable
if (!(isset($_SESSION['robot'])))
{
//this is probably human
} else
{
//this is probably a crawler;
}
Create a session variable to test if you've visted and display message only once
There's lots of good code out there to detect crawlers. Try this tutorial to start.