I'm using this variable to get the current page URL, like this:
$request = $_SERVER["REQUEST_URI"];
$page = (is_ssl() ? 'https' : 'http').'://';
if ($_SERVER["SERVER_PORT"] != "80")
$page .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$request;
else $page .= $_SERVER["SERVER_NAME"].$request;
The app. I doing this for is public, and the problem is that on some sites (very rare) this variable returns the entire URL, including the domain name, not just the requested page. Is this a server misconfiguration?
It could be somewhere in your code (or 3rd party package) is changing this variable.
You could grep.
grep -r -E '\$_SERVER\[[\'"]?REQUEST_URI[\'"]?\]\s?=[^=]+?'
That regex should find where $_SERVER['REQUEST_URI] is being assigned, and not just used normally or testing for equality, for example. Note too I removed the -i flag because PHP variables are case sensitive and so are array keys.
Related
Is there a way to get the entire URL used to request the current page, including the anchor (the text after the # - I may be using the wrong word), in included pages?
i.e. page foo.php is included in bar.php. If I use your solution in foo.php, I need it to say bar.php?blarg=a#example.
No, I am afraid not, since the hash (the string including the #) never gets passed to the server, it is solely a behavioural property of the browser. The $_SERVER['REQUEST_URI'] variable will contain the rest however.
If you really need to know what the hash is, you will have to use the document.location.hash JavaScript property, which contains the contents of the hash (you could then insert it in a form, or send it to the server with an ajax request).
// find out the domain:
$domain = $_SERVER['HTTP_HOST'];
// find out the path to the current file:
$path = $_SERVER['SCRIPT_NAME'];
// find out the QueryString:
$queryString = $_SERVER['QUERY_STRING'];
// put it all together:
$url = "http://" . $domain . $path . "?" . $queryString;
echo $url;
// An alternative way is to use REQUEST_URI instead of both
// SCRIPT_NAME and QUERY_STRING, if you don't need them seperate:
$url = "http://" . $domain . $_SERVER['REQUEST_URI'];
echo $url;
You can't - you'll have to write the value of the hash to a cookie via Javascript to send it to the server on the subsequent request.
You can pass up the full URL, including the anchor (the part after the #), using a Javascript onload function that sends that URL to an Ajax endpoint.
This example show's full URL request with port or https
function curPageURL() {
$pageURL = 'http';
if(isset($_SERVER["HTTPS"]))
if ($_SERVER["HTTPS"] == "on") {
$pageURL .= "s";
}
$pageURL .= "://";
if ($_SERVER["SERVER_PORT"] != "80") {
$pageURL .= $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . $_SERVER["REQUEST_URI"];
} else {
$pageURL .= $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
}
return $pageURL;
}
usage : echo curPageURL();
It is true that you can't pass hash data to server. but sometimes what you want is get some url with '#blablabla' from the server, like when you share link to someone with '#', but the site need to login. below is another way to think, maybe not vary detailed.
First, sometimes you want to share your link with '#',like:
www.so.com#lala
First, you can change your url use javascript and pass some data with '?' and '#' at the same time, like:
www.so.com?foo=lala&&flag=hash#lala
then, as the '#' nerver pass to the server, but you can get the data from $_GET[''],like:
if($_GET['flag'] === 'hash'){
// base url
$_SESSION['url'] = strtok('http://'.$_SERVER['HTTP_HOST'].$_SERVER["REQUEST_URI"],"?");
// hash data
$_SESSION['hash'] = $_GET['foo'];
}
then, you can do everything with the '#' data, if you want to pass it to client, you can:
$url = $_SESSION['url']."#".$_SESSION['hash'];
header("Location:".$url);
At last, the url is back
Syntax Error is right.
And what I'd like to do is intercept the #foo from the call dosomething.org/page.php#foo and act as if I'd found a dosomething.org/page.php?x=foo call. Yes, this may function on the client but it's theoretically available at the server.
Why do I want this? Because people have old links stashed in their emails and I want to handle them differently.
You can pass the anchor using rawurlencode funcion.
Basically you just need to do something like this:
bar.php?blarg=a<?php echo rawurlencode('#blahblahblah')?>
if (strpos(file_get_contents($_SERVER['SERVER_ADDR']),'<html>')) {
echo 'true';
}
I'm trying to check if the current page contains a string, and if so echo true. I've tried this however it doesn't work.
$_SERVER['SERVER_ADDR'] contains a completely different value than you seem to be expecting:
The IP address of the server under which the current script is executing.
To get a working link to the current page:
$currentUrl = $_SERVER['HTTPS'] ? 'https://' : 'http://';
$currentUrl .= $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
However, this becomes a giant mess, if you're requesting your own page from that page's code you'll get a clusterf*ck of endless recursive retrievals which will eventually blow up your server. I would 'recommend' not downloading the page in which you are doing this.
Basically, I want my script to output its absolute URL, but I don't want to statically program it into the script. For example, if my current URL is http://example.com/script.php I want to be able to store it as a variable, or echo it. i.e. $url = http://example.com/script.php;
But if I move the script to a different server/domain, I want it to automatically adjust to that, i.e. $url = http://example2.com/newscript.php;
But I have no idea how to go about doing this. Any ideas?
$url = "http://" . $_SERVER['HTTP_HOST'] . '/script.php';
If there's a possibility the protocol will change as well (i.e. https instead of http), use this:
$url = ($_SERVER['HTTPS'] ? "https://" : "http://") . $_SERVER['HTTP_HOST'] . '/script.php';
$_SERVER['HTTP_HOST'] and $_SERVER['SCRIPT_NAME'] contain this information.
UPDATE: As #Col. Shrapnel points out, SCRIPT_NAME returns the actual path of the script relative to the host, not the requested URL, which may be different if using URL rewrite. Also, unlike REQUEST_URI, it doesn't include the possibly appended variables.
Note that SCRIPT_NAME is equivalent in content to PHP_SELF, the difference is that:
SCRIPT_NAME is defined in the CGI 1.1
specification, and is thus a standard.
However, not all web servers actually
implement it, and thus it isn't
necessarily portable. PHP_SELF, on the
other hand, is implemented directly by
PHP, and as long as you're programming
in PHP, will always be present.
by bet (:
$_SERVER['HTTP_HOST'] and $_SERVER["REQUEST_URI"];
however, $_SERVER['HTTP_PORT'] and $_SERVER['HTTPS'] could be used in the critical case
however, most of time you do not need all of these, save for $_SERVER["REQUEST_URI"]
because browser knows the rest already: port, host and everything.
Try using
$url = "http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}";
I have a library that helps me do this across webservers and is also agnostic to mod_rewrite.
The library is called Bombay: http://github.com/sandeepshetty/bombay
To use it you need to do this:
<?php
require '/path/to/bombay.php';
requires ('uri');
echo absolute_uri('script.php');
//prints http://example.com/script.php if hosted on example.com and accessed over http
//prints https://example2.com/script.php if hosted on example2.com and accessed over https
?>
You could also study the code, and take what you need.
Newbie question here, is there any inbuilt PHP tag that can be used to retrieve the URL of a page and echo it on the screen?
Thanks.
Echos the URL of the current page.
$pageURL = (#$_SERVER["HTTPS"] == "on") ? "https://" : "http://";
if ($_SERVER["SERVER_PORT"] != "80")
{
$pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
}
else
{
$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
}
echo $pageURL;
If your web server runs on standard ports (80 for HTTP or 443 for HTTPS) this would work:
getservbyport($_SERVER['SERVER_PORT'], 'tcp') . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']
Take a look at the $_Server variable. Specifically you probably want the REQUEST_URI value.
$base_url = _SERVER["HTTP_HOST"];
$url_path = _SERVER["REQUEST_URI"];
echo $base_url.$url_path;
Assuming the requested page was http://sample.org/test.php, you would get:
sample.org/test.php
You would have to add more $_SERVER variables to get the scheme (http://). REQUEST_URI also leaves any GET variables intact, so if the page request was http://sample.org/test.php?stuff=junk, you would get:
sample.org/test.php?stuff=junk
If you wanted that left off, use $_SERVER['PHP_SELF'] instead of REQUEST_URI.
If you want a really easy way to see which global variables are available, create a page with the following:
<?php
phpinfo();
?>
and put that script in any directory you are curious about. Not only will you see all sorts of neat info, you will also see how various factors such as HTTP vs HTTPS, mod_rewrite, and even Apache vs IIS can set some global variables differently or not at all.
What's the most reliable, generic way to construct a self-referential URL? In other words, I want to generate the http://www.site.com[:port] portion of the URL that the user's browser is hitting. I'm using PHP running under Apache.
A few complications:
Relying on $_SERVER["HTTP_HOST"] is dangerous, because that seems to come straight from the HTTP Host header, which someone can forge.
There may or may not be virtual hosts.
There may be a port specified using Apache's Port directive, but that might not be the port that the user specified, if it's behind a load-balancer or proxy.
The port may not actually be part of the URL. For example, 80 and 443 are usually omitted.
PHP's $_SERVER["HTTPS"] doesn't always give a reliable value, especially if you're behind a load-balancer or proxy.
Apache has a UseCanonicalName directive, which affects the values of the SERVER_NAME and SERVER_PORT environment variables. We can assume this is turned on, if that helps.
I would suggest that the only way to be sure and to be secure is to define a constant for the url in some kind of config file for the site. You could generate the constant with $_SERVER['HTTP_HOST'] as a default and replace with a hard coded definition on deployments where security really matters.
define('SITE_URL', $_SERVER['HTTP_HOST']);
and replace as needed:
define('SITE_URL', 'http://foo.bar.com:8080/');
As I recall, you want to do something like this:
$protocol = 'http';
if ( (!empty($_SERVER['HTTPS'])) || ($_SERVER['HTTPS'] == 'off') ) {
$protocol = 'https';
if ($_SERVER['SERVER_PORT'] != 443)
$port = $_SERVER['SERVER_PORT'];
} else if ($_SERVER['SERVER_PORT'] != 80) {
$port = $_SERVER['SERVER_PORT'];
}
// Server name is going to be whatever the virtual host name is set to in your configuration
$address = $protocol . '://' . $_SERVER['SERVER_NAME'];
if (!empty($port))
$address .= ':' . $port
$address .= $_SERVER['REQUEST_URI'];
// Optional, if you want the query string intact
if (!empty($_SERVER['QUERY_STRING']))
$address .= '?' . $_SERVER['QUERY_STRING'];
I haven't tested this code, because I don't have PHP handy at the moment.
The most reliable way is to provide it yourself.
The site should be coded to be hostname neutral, but to know about a special configuration file. This file doesn't get put into source control for the codebase because it belongs to the webserver's configuration. The file is used to set things like the hostname and other webserver-specific parameters. You can accomodate load balancers, changing ports, etc, because you're saying if an HTTP request hits that code, then it can assume however much you will let it assume.
This trick also helps development, incidentally. :-)
$_SERVER["HTTP_HOST"] is probably the best way, after some validation of course.
Yes, the user specifies it and so it cannot be trusted, but you can easily detect when the user is playing games with it.
One idea for validating that $_SERVER['HTTP_HOST'] is valid could be to validate it by DNS. I've used this method in one or two cases without serious consequences to speed and I believe this method fails silently if provided a IP address.
http://www.php.net/manual/en/function.gethostbyname.php
Peusudo code might be:
define('SITEHOME', in_array(gethostbyname($_SERVER['HTTP_HOST']), array(... valid IP's)))
? $_SERVER['HTTP_HOST']
: 'default_hostname';
why {if you wish the user to continue using http:///host:port/ that they are on do you wish to generate full urls}
whan you can use relative urls instead of either
say on page http://xxx:yy/zzz/fff/
you culd use either
../graphics/whatever.jpg
{to go back one directory from current and get http://xxx:yy/zzz/graphics/whatever.jpg
or
/zzz/graphics/whatever.jpg
{to goto site root and work up the directories as specified}
these both avoid mentioning the host:port part and inherit it from the one currently in use