i have some problem i try to get the uri in php.
I'm using:
$_SERVER['REQUEST_URI']
It works just fine if i do it in the index.php, but, i NEED to get the url in a include file, but, when i do it, it takes the FILE adress, i mean, it shows something like this
adress bar: www.webpage.com/index.php
$_SERVER['REQUEST_URI'] output: webpage/includefile.php
I am explaining myself here? Thanks!
How are you including the file? If it's being included via an HTTP reference then it's actually being served as a page and the functionality you are seeing is correct. If the include path is a local file, you shouldn't be seeing this behaviour
Found this whilst trying to solve the same issue.
My solution that worked is to use $_SERVER['HTTP_REFERER']
This worked well in that it also included the parameters (e.g. ?this=that&foo=bar)
Maybe somewhere in your code (or in another include file) the value is overwritten.
Related
So I am redirecting from a page if an error appears. I saved the URL I want to redirect to in a configuration file I am including: require("config.php");
Inside config.php I stored a variable $errorURL which is set equal to http://www.mywebsite.com/etc.php
And in my script I have the following code:
header('Location:'.$errorURL.'?&error=dataNotSet');
die();
The error variable in the URL is the only thing that changes.
This works perfectly on my localhost but not on the server I have online. I use php 5.5 on both servers.
If I change the redirect part of the code (see above) to:
header('Location:http://www.mywebsite.com/etc.php?&error=dataNotSet');
die();
It works. Any ideas why this is happening?
Right, I figured it out.
The reason why nothing worked was because I had a couple of and tags at the beginning of my configuration.php file.
Make sure any file included in your script only contains pure php before the redirect!
Proof $errorURL via :
add this line to top of yours code:
die($errorURL);
And remove dot from start of $errorURL variable.
Probably your $errorURL variable is dirty.
Regards.
I have an ajax request that I'm trying to call a specific file from which is located at:
ROOT/admin/functions/upload/filename.php
And the page making the request from is located at:
ROOT/admin/customers/123
Which is modified through htaccess from
ROOT/admin/customer.php?id=123
I have tried every combination of paths I could think of but I get some strange behaviours for example when I use
../functions/upload/filename.php
It looks for the file in
ROOT/functions/uploads/filename.php
And when I use
functions/upload/filename.php
It looks for the file in
ROOT/admin/customers/functions/uploads/filename.php
So I tried
../admin/functions/upload/filename.php
And it looks in
ROOT/admin/admin/functions/upload/filename.php
I'm pulling my hair out here, has anyone got any ideas as to what this might be?
Any help would be greatly appreciated.
Thanks, James.
Since the browser knows NOTHING about your server-side paths, and it only has the path you see in the address bar, e.g.
http://example.com/ROOT/admin/customers/123
then if your ajax code looks like
$.ajax('functions/foo/bar.php');
Then the ajax call will be requesting
http://example.com/ROOT/admin/customers/123/functions/foo/bar.php
Similarly, adding ../ just strips off levels of the source page's address:
$.ajax('../../functions/foo/bar.php');
results in
http://example.com/ROOT/admin/customers/123/../../functions/foo/bar.php
^-A-^
^-------B------^
http://example.com/ROOT/admin/functions/foo.bar.php
You probably want
$.ajax('/ROOT/functions/foo/bar.php');
With that leading /, the browser ignores ALL of the subdirectory stuff in the url and uses the entire path from the ajax call as the entirety of the path.
http://example.com/ + /ROOT/functions/foo.bar.php
I've read so many different inputs on this, so I figured I would ask on here.
Is there anything wrong or dangerous about using full links inside a php include?
Examples,
<?php include('http://www.domain.com/blah.php'); ?>
<?php
define('WEB_ROOT', './'); // relative path to /
include('layout.php');
?>
compared to using
<?php
include('../blah.php');
?>
include('http://www.domain.com/blah.php') goes out and makes an actual HTTP request to the web server, returning the contents of the URL after the web server has processed them, just as you'd see when entering that URL in your browser.
include('../blah.php') includes the local file from disk one directory higher.
The two are completely different things and you do not want to include a URL when you mean to include a local file. Even if the two are supposedly the same file, PHP cannot know that. Accessing a URL and accessing a local file path are entirely different things. It's not possible to infer that the two are the same.
<?php include('http://www.domain.com/blah.php'); ?> is very dangerous, you can't know in 100% what is the code you will get!!! becuse PHP do HTTP request and someome can do ManInTheMiddel attack and to change the code you will get, and to hack your site.
So I made a script so that I can just use includes to get my header, pages, and then footer. And if a file doesnt exist a 404. That all works. Now my issue is how I'm supposed to get the end of the url being the page. For example,
I want to make it so that when someone goes to example.com/home/test, it will automatically just include test.php for example.
Moral of the story. How to some how get the page name. And then use it to "mask" the end of the page so that I don't need to have every URL being something.com/home/?p=home
Heres my code so far.
<?php
include($_SERVER['DOCUMENT_ROOT'].'/home/lib/php/_dc.php');
include($_SERVER['DOCUMENT_ROOT'].'/home/lib/php/_home_fns.php');
$script = $_SERVER['SCRIPT_NAME']; //This returns /home/index.php for example =/
error_reporting(E_ALL);
include($_SERVER['DOCUMENT_ROOT'].'/home/default/header.php');
if($_GET["p"] == 'home' || !isset($_GET["p"])) {
include($_SERVER['DOCUMENT_ROOT'].'/home/pages/home.php');
} else if(file_exists($_SERVER['DOCUMENT_ROOT'].'/home/pages/'.$_GET["p"].'.php')) {
include($_SERVER['DOCUMENT_ROOT'].'/home/pages/'.$_GET["p"].'.php');
} else {
include($_SERVER['DOCUMENT_ROOT'].'/home/default/404.php');
}
include($_SERVER['DOCUMENT_ROOT'].'/home/default/footer.php');
?>
PHP by itself wouldn't be the best choice here unless you want your website littered with empty "redirect" PHP files. I would recommend looking into the Apache server's mod_rewrite module. Here are a couple of guides to get you started. Hope this helps!
The simplest way would be to have an index.php file inside the /home/whatever folder. Then use something like $_SERVER['PHP_SELF'] and extract the name if you want to automate it, or since you are already writing the file yourself, hardcode it into it.
That however looks plain wrong, you should probably look into mod-rewrite if you are up to creating a more complex/serious app.
I would also recommend cakePHP framework that has the whole path-to-controller thing worked out.
I know how to find out the current domain name in PHP already, the problem is when I put this code into a file and then include it from another server it shows the domain name of where the file is located. Is there any way for it to find out the domain or the site containing the include() code?
Are you doing something like:
include 'http://example.com/script.php';
?
NB: This approach generally considered to be a bit of no-no from a security point of view.
Anyway, the included script is actually being executed on the other server, then the output of the script is being executed on the current server. You can get around this by echoing actual code, something like this:
Currently:
<?
//do something
echo '$v = '.$_SERVER['HTTP_HOST'].';'
?>
Other way:
<?
//do something
?>
$v = $_SERVER['HTTP_HOST'];
But then maybe I'm misunderstanding your question.
You can run it locally using "eval" then it should use the proper domain
store your script as a text file then download it and then execute:
eval(file_get_contents("http://someDomain.com/somePhpscript.txt"));
If you include a PHP page from another server, the page will get parsed by the original server and the result will be sent to you - the page you receive is nothing but text, no PHP code included.
This is a crude hack, but on the remote server, you could look up the domain name of $_ENV['REMOTE_HOST'].
This would be the domain name of the guy doing the "include" from the perspective of the remote server.
I assume you have some reason for wanting to implement this strange topology--restrictions in a virtual host environment, or something. I would suggest looking into alternative infrastructure if possible.