I am trying to redirect visitors to a site based on their referring url.
Here is the script:
php
$domain='blankds.com';
$referrer=$_SERVER['HTTP_REFERER'];
echo $referrer;
if (preg_match("/$domain/",$referrer)) {
header('Location: http://www.blackisgreen.org/page_1.php');
} else {
header('Location: http://www.blackisgreen.org/page_2.php');
};
Errors: I get a "Warning: cannot modify header" error because I am echoing $referrer before sending headers.
If I remove the echo the script does not work.
Any suggestions?
PHP is sending headers to the user requesting the page when you echo $referrer. The header function you are then calling attempts to modify these headers and affix a location redirect but cannot as the headers have already been sent along with the start of your page content.
To get around this problem, take a look at PHP's Output Control functions, especially ob_start(); which inserted at the top of your script should allow you to continue echoing the redirect location and allowing you to redirect at the same time.
Just as a note: Any output will auto-generate headers. If you want to redirect with headers you just need to comment out echo $referrer; If you need to see what referrer is going to which site for debugging purposes, just put it in the URL, the receiving page should ignore it.
Related
so this is driving me crazy I understand the error. But I am trying to redirect to the page regardless. meaning : if condition = 1 => redirect to this page... or redirect to another.
any other alternatives?
Have you tried using <?php ob_start(); ?> at the start of the page?
You need to make sure nothing is being sent to the browser before you send the redirect header.
One possible solution (although quick and dirty) is using output buffering, so at the start of the page put
<?php
ob_start();
// any code you need to check whether to redirect
// note that output from between the ob_start()
// and the ob_end_clean() won't be sent to the user
ob_end_clean();
and then do your redirection checks and redirection. Remember, don't let anything output. So no echos, etc.
My main page call is 'www.xxxx/!#/hear-us'
I want to redirect the crawler to html version call hear-us.php
I used
<?php
if (strpos($_SERVER['HTTP_USER_AGENT'],"Googlebot")) {
header('Location: http://xxxx/hear-us.php');
}
?>
When the url is submitted to Google web master, it does not see the redirect.
You may want to add the actual redirect code in the header you're sending either by sending the Status header before the Location one or with:
header("Location: /foo.php", TRUE, 301);
Note, this is a permanent redirect, change the code as needed.
Also, a good practice is to call exit as soon as you send the headers, otherwise any output may modify (or garble) the message.
Basically, I am checking to see if the user is logged in and if not I will use header('location: login.php') to redirect to the login page.
I am confused if the browser is actually redirecting or the server? If it is the browser then would it be possible for the user to prevent the browser from redirecting and view the contents of the page?
Yes, it is not the browser that is re-directing, but php before anything is sent to the browser.
Just make sure you use exit() after your header call and that nothing is outputted to the browser before your header call.
If by "enough", you mean that the information will not be exposed to anyone who is not authenticated, even if they sniff the network traffic, then you must simply not send the information in the body of the response to any non-authenticated request.
Something like this should be enough:
header('location: login.php');
exit; // make sure not to echo anything in the body
It will cause the browser to receive an HTTP header and start a totally new request to login.php, while not revealing any of the sensitive info in the response.
Well, keeping it simple, checking for specific variable and based on it , deciding for redirect / showing contents is okay...something like this will work for you..
if(your condition){
header(Location: login.php)
exit() or die() ;
}else{
show contents.....}
The server is redirecting. The client browser gets directed to the page the server sends through the header modification. The user is not able to prevent the redirection from the page, but is able to see content after that line of redirect code header('location: login.php');
// print to error log before and after header redirect to show code is executed after the redirect
error_log("before redirect");
header('location: login.php');
// this will get get executed. To prevent, exit() script immediately after the header redirect
error_log("after redirect");
I have an HTML page that I do not want to be available unless the login is successful. My login starts a session, however I don't know how to check for the session in the HTML and if the session exists I want to display the page, if not I want to display a unauthorised message. How can I do this?
You can't check for the session in the HTML per se you'd have to do it in PHP. Depending on how your page is built using PHP you could try putting something like this at the top of your HTML file:
<?php
if (!isset($_SESSION['my_login_var'])) {
echo 'Unauthorised';
exit();
}
?>
But you'd be far better off doing this earlier on in your PHP code, in which case you could use the header function to send the user to a proper 403 page.
UPDATE
Usually PHP does some processing before the HTML is outputted and the headers are sent to the connecting client, so you want to send a 403 header before that output happens. This could be in an included PHP file that is run before the HTML is built, or even in the HTML file itself if no other content has been outputted before the script reaches that point.
You can make a small adjustment to the code above to send a 403 header and 'properly' deny access to the page:
<?php
if (!isset($_SESSION['my_login_var'])) {
header('HTTP/1.1 403 Forbidden');
exit();
}
?>
You're going to need to look up PHP sessions. See http://us.php.net/manual/en/function.session-start.php for PHP session_start() documentation.
Basically you will need to do session_start(). If the login is successful, set a session variable like $_SESSION['logged_in'] = true;. Then do some logic on your page and redirect/display message depending on the result.
You should attempt something and come back and ask a more specific question if you have problems.
I'm developing a custom content management script, and I'm working on page redirection.
The code below compares the URL code to the URL for the a certain page ID in the database, and if the two URLs are not the same, the user is redirected.
However, I want to add a variable, so that we can check if the page has been redirected or not. It isn't working.
if (isset ( $_GET ['id'] ) && $rawdata) {
if ($_SERVER ["REQUEST_URI"] != $rawdata ['htmltitle']) {
header ( "HTTP/1.1 301 Moved Permanently" );
header ( "Location: http://${_SERVER['SERVER_NAME']}:${_SERVER["SERVER_PORT"]}${rawdata['htmltitle']}" );
$redirected = true;
;
}
}
if ($redirected == true) {
print_redirect_nonexpected ();
}
function print_redirect_nonexpected (){
echo "<!-- REDIRECTED _ NOT _ EXPECTED ? -->";
}
The function isn't being run, so no echoing.
Any ideas what I'm doing wrong here?
Use this:
header ( "Location: http://".$_SERVER['SERVER_NAME'].$_SERVER['SERVER_PORT'].$rawdata['htmltitle']);
If $rawdata['htmltitle'] is full URL of your page, use this:
header ( "Location: http://".$rawdata['htmltitle']);
And also adding die() after header() is good.
When you send a Location: header, the user-agent stops loading the current page and loads whatever page you tell it to load, so you'll never see the output.
However, your code may* continue to execute in the background, so usually you want to follow your header() with an exit; to prevent unwanted behavior.
* Depends on server configuration and on ignore_user_abort.
Also, header("Location: /{$rawdata['htmltitle']}"); will suffice. Since you are redirecting to the same server, an absolute path suffices. Don't overcomplicate your redirects for nothing with $_SERVER variables.
As soon as the Location header is sent the browser will abort the current operation and fetch the page at the redirected location. This means that for all intents and purposes a location ('header: example.com') will have essentially the same effect as a die (). You can override this behaviour by using output buffering, or you can move the header() calls to lower down in your script. However you can't move them to after the print_redirect_unexpected call, as sending any output to the browser will cause all headers to be sent as well and you won't be able to send any more.
So basically, you need to turn on output buffering.