Please help me to resolve hotlinking, how to prevent direct access to this URL and redirect visitors to index.php:
http://www.example.com/index.php?link=http://www.anysite.com/dir/file&name=on&email=on&submit=on
are you searching for something like this:
if(!strpos('mysite.com',$_SERVER["HTTP_REFERER"])) header('Location: index.php')
For purposes of answering this, I'm going to assume you don't care if the same user accesses
it multiple times (provided that the first visit came through the main index page). This also assumes the user will accept a cookies.
When on the main index page:
start up a session on index.php
put some random value inside their session. eg: md5(microtime()) = af1929191...
also put that random value inside each url as another parameter eg: index.php?verify=af19...&link=http://foo.com
When loading a url:
check to see if the "verify"
param is set if it isn't there,
redirect them back to main index
page. Or more helpfully, since you are creating a weird behavior, show them
a error message indicating what you are doing, and why.
Start up the
session and make sure that the value
in their session matches the value
in the url.
Using an htaccess file is a common solution to this problem:
from http://altlab.com/htaccess_tutorial.html
This code in particular redirects anyone trying to hotlink an image.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://img148.imageshack.us/img148/237/hotlinkp.gif [L]
Related
I have php files that i do not want users to be directly access by typing in the URL, therefore I have hidden these using .htaccess. However I want the user to be passed on (referred) to the next php file once they have logged in.
e.g. 123.456.789:8080/one.php is the login page and the user will then be sent to 123.456.789:8080/two.php.
Below is an example of some code that i found on here, but have not been able to make it work for my variables, and the fact I have the IP address and port no. Thanks
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?site\.com/ [NC]
RewriteRule (^|/)B\.php(/|$) - [F,NC]
If you are using php for the logon can you not use something like this?
if( $logged_in){
header("Location: http://somesite/two.php");
}
So I was thinking of a way to remove the parameters from url when page is downloaded to client and respond different in each different value of the get parameter.
Let me take it clearer for you. Say I have this url: www.abc.com/?q=jsdfnjns. Ideally, I am thinking of shortening this url with goo.gl and then send it to the customer. When customer clicks on it, it will automatically go to www.abc.com clean url and set a cookie to the client with the q's value. I have seen it before in many affiliate links except that the initial url had no get parameters but value was actually a sub-folder e.g www.abc.com/jsdfnjns
So what's the way to actually get the value of a get parameter and manipulate it with php, while removed from the url without user's notice, or setting a cookie when parameter is given as a sub-folder. I suspect it must be some htaccess rules and php tricks but can't find a way.
With given url www.abc.com/jsdfnjns how can i redirect immediately to www.abc.com
and have the jsdfnjns saved ideally server-side in apache or in a user cookie ?
Is there any way to make it also happen with actual get parameters too ?
And a schematic:
www.abc.com/jsdfnjns convert it to -> goo.gl/sjbjsb -> when clicked, user is going to www.abc.com but somehow i get the jsdfnjns and respond in the main page different.
Hope my question is well defined, any ideas will be appreciated.
Thanks.
Firstly you need to set .htaccess file
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?q=$1 [QSA,L]
</IfModule>
index.php code:
session_start();
if(isset($_REQUEST['q'])) {
$_SESSION['q'] = $_REQUEST['q'];
header('Location:index.php');
die();
}
else{
if(isset($_SESSION['q'])) $q = $_SESSION['q'];
else $q = null;
//YOUR CODE
var_dump($q);
}
i tryed to search everywhere for this problem but i didnt found nothing.
I want to make make a url seo friendly so i used this code:
RewriteEngine on
RewriteRule ^Homepage index.php [NC,L]
Then i want to redirect to it so i tryed to write this code:
RewriteRule ^index.php$ http://localhost/siti/socialmark/Homepage [R=301,L]
The error it's a loop of redirections, can someone help me?
SORRY FOR MY BAD ENGLISH!
The rewrite rules don't just make the URL string look different, it actually directs the user to the file at the end of the path even if you don't see it in the address bar. If Homepage is a directory containing index.php, even if that php file name doesn't appear in the URL, then it's causing a loop because it's directing you to a directory with an index.php.
The rule is executed every time that page loads. So, you're redirecting to a page which runs the redirect script, so it runs the rule to redirect again, and that causes the loop. What you want to do is create a condition that says "Don't run this code if the requested page is http://localhost/siti/socialmark/Homepage"
Something like this (you may have to adjust it)
RewriteBase /
RewriteCond %{REQUEST_URI} !=/siti/socialmark/Homepage
RewriteRule ^Homepage index.php [NC,L]
For more details, see the caveats and example here:
http://httpd.apache.org/docs/2.2/rewrite/flags.html#flag_l
Everything was working fine till I added my .htaccess file. What I'm trying to do is route all my users to their profile page. So www.darudude.com/user1 routes to www.darudude.com/userinfo.php?user=user1
My .htaccess file as this:
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)\?*$ userinfo.php?user=$1 [L,QSA]
However ever since I added this, it breaks my sessions. On every page I have a initialize a session, and the sessions stores the referrer. This is the piece of code that handles the important part.
if(isset($_SESSION['url'])){
$this->referrer = $_SESSION['url'];
}else{
$this->referrer = "/index.php";
}
//this echo is used to debug why this thing isn't working!!
echo "<script>alert('".$this->referrer."');</script>";
/* Set current url */
$this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];
and then I'm returned to the original page using this piece of code:
header("Location: ".$session->referrer);
So for example, without the .htaccess file, if I login through one of the pages everything works and I get redirected back to the page I logged in from (i.e. if I logged in from index.php I get redirected back to index.php; if faq.php, I get redirected back to faq.php). With the .htaccess file I keep getting sent to /userinfo.php leading me to thing its something wrong with my rewriterule
This is how its supposed to work:
index.php loads. the $_SESSION['url'] is set to index.php
a login form is enacted whos action redirects to process.php
process.php the $session->referrer is set from $_SESSION['url']
After the login is confirmed the page should redirect using: header("Location: ".$session->referrer);
This is how it worked originally without any problems.
However, after the .htaccess was created it seems to redirect me to userinfo.php. I think it has something to do with my rule.
Any ideas?
I'm not sure if I understand the problem, but the rewrite rule you're using seems to turn the request to /index.php into a request to /userinfo.php?user=/index.php which may not be what you want.
It's because you're relying on $_SERVER['PHP_SELF'], which does not include the query string (the ?user= part of the URI). It worked before because your pages didn't rely on query strings to uniquely identify themselves. You can use $_SERVER['REQUEST_URI'] instead, though look out for circumstances where you don't want the query string to be preserved and now it is being.
Incidentally, the \?* in your RewriteRule regex is doing exactly the same as thing as if it weren't there.
You could try logging in with AJAX, thus never having to refresh the page at all. A simple Google search will throw up plenty of results, see below. Even if you're not using jQuery (which alot of the tutorials seem to expect you to), it's still possible with basic Javascript, in fact that's how I wrote my AJAX log-in script before converting it to use jQuery later.
http://www.google.com/search?q=php+ajax+log-in
So basically I want users to be able to go to my website with a URL of something like /45678, instead of having to use /?p=45678, so really I just want to remove the variable name. I've tried using mod_rewrite, but it seems that is only for removing the name when the page is visited.
Here is the current code:
RewriteEngine On
RewriteCond %{QUERY_STRING} ^p=([0-9]+=$
RewriteRule ^/$ /%1 [R]
Simply change all of your links to /45678 rather than ?p=45678. Or did I misunderstand you completely? Because what I got from your post is that it works properly, unless you manually access the ?p=45678 where as it stays as ?p=45678.
EDIT:
This is what I am using for http://www.madphp.org/dev/, give it a go, works like a charm for me (it also removes the index.php part). To access your now cleaner URL you would simply explode the $_SERVER['PATH_INFO'] variable to get all of the required parameters within your PHP script.
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
Have you set up mod_rewrite correctly? If so, you can use variables like simple $_GET variables, in this case you must access $_GET['p'] in PHP.
I did this without using .htaccess, but it does query a database. I wrote this a while ago so it uses PEAR DB, adjust to your database/connection method. I'll just copy my code and let you figure out what changes you need.
$db=connect_db();
$name=substr($_SERVER['PHP_SELF'], 20);
$name=strtolower($name);
$id=$db->getone("select id from user where login='{$name}'");
header("Location: /dragonart/profile?user=" . $id);
If you store your information in a database this may be a nice alternative. The downside is that the the URL is not rewritten and the user is ultimately sent to a page with ending in a $_GET variable.
edit:
Just realized that using my method a simpler method can be used for the answer. Since my solution was used to find the id of a user using their username and then send someone to their profile (which requires the id) a better solution would be something like:
$var=substr($_SERVER['PHP_SELF'], $length);
header("Location: /path/to/page?p=".$var);
where $length is the usual length of the URL without the variable at the end.