i am trying to access a webpage. I manage to get the redirect webpage session id as shown:
http://www.sbstransit.com.sg/mobileiris/(tqkjtlnqkh2lw5v4rz4yurzf)/mobresult_svclist.aspx?stopcode=16101
I added mobresult_svclist.aspx?stopcode=16101 after the session id to retrieve the information.
However, i could not access the page and keep been redirected to the root url: http://www.sbstransit.com.sg/mobileiris/(tqkjtlnqkh2lw5v4rz4yurzf)/index_nextbus.aspx?__redir=1.
Do anyone know how to prevent that redirection to the root url using php or any other codes? Thanks.
You cannot. If the server sends a redirect header, you can of course choose not to follow it, but the page body would still be empty if the server side doesn't generate it.
You would like to have access to data the webmaster doesn't want you to have. Just contact the webmaster and ask for it to achieve this in a proper way.
Related
Please I am designing a website and passed two IDs to through URL and got it using GET .But I noticed that anyone could change the value of ID in the URL and it alters the page content. Is there anyway to prevent this ...
A code like
www. site.com/main.php?user1_id=4&user2_id=7
If changed by anybody to
www.site.com/main.php?user1_id=6&user2_id=10
It shows another detail not meant to be seen.
Implement control at server side and check if the user requesting the resource has access to it or not. Anyone can change anything at client side easily. This should be controlled from server.
Hello! I am trying to put together a landing page that will allow individuals to visit, enter an access code, and be redirected to a directory that corresponds to the access code. For example, access code is 12345, user is redirected to example.com/12345 upon submit. We will be using direct links for the most part, but in the event that someone hits a 404 or try to visit the root directory, we want to have an interface for returning to the project / an alternative way for people to access the page.
What might be the best way to redirect a user after they enter the access code in the form?
Thanks for your advice!
It's really hard to say what the 'best' solution would be as it's open to interpretation. Here's what I would do.
Instead of routing to a specific page, I would route them to a controller that includes the code and/or content from the user directory. This will allow you to secure any contents of the user directories through server configurations, and give you better programmatic control of what happens when something goes wrong.
The user key should be set to a session key but if you don't want to do that, you could set it to a POST or GET parameter just as easily.
if(array_key_exists("user",$_SESSION)){
include_once("/".$_SESSION['user'].".php");
//use the included file if it won't automatically run itself
}
else{
echo "error - missing user key";
}
I'm trying to check whether the user has moved from a specific site.
But this site doesn't send $_SERVER['HTTP_REFERER'], so I can't use it.
Maybe some one knows, how to realise this:
1) User navigates to my site from example.com (no HTTP_REFERER)
2) When user loads my page, I need to check where this user is from.
Can this be done without the HTTP_REFERER header?
I answer IT.
I will use API on referring site.
Thanks!
I have a php file which takes in a path and file name and opens a page. Users are able to enter the path and file name directly in the url rather than navigating through the main menu page. Users also are able to change parameters in the url and view other text files which he is not supposed to view. I need to prevent users from changing the url and entering the page directly.
Can anyone help me with a way to avoid users from entering the page directly changing the parameters the url.
You can't control what resources users request.
Solve the real problem instead:
Users also are able to change parameters in the url and view other text files which he is not supposed to view
Authenticate the user so you know who they are
Authorise the user so you know if they are allowed to view the file they are asking for
Give them an error message if they are not
You can encode the parameters of the url.
Instead of having var1=a&var2=b, you can have something like var=thhr6tghfdgfe56
Your users wont be able to guess the encoded format and they will be forced to use your page/menu.
Keep track of which user id tries to access an illegal encoded url - block him after X tries.
You can use the $_SERVER['HTTP_REFERER'] server variable which
referred the user agent of the current page. This is to check
whether the user navigate from your website or directly hit the URL.
You can't control the users to change the request parameters.
Hope this will help you.
simple question:
how to find the location (url) where a user came from before accessing my page?
and
how to find the location (url) where a user goes after exiting my webpage?
any ideas where i should start?
thanks
In PHP, you can use the $_SERVER['HTTP_REFERER'] to know where the user came from.
There is no mechanism to know where the user is going, unless they clicked a link on your site to leave your page. (If that is the kind of exit that you want to track, you'll need to rely on javascript and implement something like Google Analytics outbound link tracking: http://www.google.com/support/analytics/bin/answer.py?answer=55527)
To the first question:
Usually if someone comes to your page via a link or something like this a HTTP referer entry points to the refering page. See rfc2616
Second question:
If you have a link which links to an external page you may notice this by wrapping these links with some script. If someone types in a page by hand you will not be able to determine the location where the user went.
If the from page and destination pages are made by you, You can send the source page's url within GET or POST method and grab it in the destination and redirect user back to that url.