I have a page called club.php. I want to disable people from being able to see my webpage if they type in www.mysite.com/club.php unless they are linked from another page. I have a page where you need to enter a password to access this.
I'm hoping I can simply drop code into my pages (javascript or something?)
There is an HTTP header called Referer, which contains the URI of the site from which the request to your site originated from. You can read the content of this header in PHP via $_SERVER["HTTP_REFERER"] (see http://php.net/manual/en/reserved.variables.server.php).
But please be aware that you can't rely on that this header field is set or not, so testing against the content of the header is not a serious security measure for protecting a particular page from beeing viewed from unauthorized visitors. You can set/unset the value of the header to any arbitrary value with your Browser or Addon.
Related
I have a page in Squarespace that I only want viewable after someone inputs their contact information. For example, I would create a Form Block, and then direct them to the otherwise locked page so they can view for that session. But if they close the window, they would need to re-enter their information (Name + Email).
lets say the address to the otherwise unviewable page is www.website.com/access
Once the viewer puts in their Name + Email and hit submit, they can see the /access page. If they do that and say share the address with someone who has not entered in their information, then they would get the Form Block where they need to enter their information.
Is there a way to do this in Squarespace? Would that need to be done with some sort of PHP Session that can be injected into the header of the specific page?
Ideally it would be like if they could see the page which is normally hidden, but of course unless they are an admin, the page is not viewable to the public.
Squarespace doesn't support PHP since it uses JSON template, so you can't create a session there. Please refer to this page: https://support.squarespace.com/hc/en-us/articles/205815358-Custom-code-FAQ
The only option to achieve this will be to create a cookie via JS and redirect if there is no cookie. The page will be still accessible if you turnoff the JS.
Please have in mind that SquareSpace is very limited when it comes to this kind of changes.
I am compiling a lead generation landing page and, in the form I have inserted a hidden field which collect whatever is written in the url bar after
"?rel=".
This is done in order to track where the leads come from (Facebook ads, direct linking etc).
To be more clear if this is the url: www.mywebsite.com/form.html?rel=fbads
the hidden field will be fill with "fbads" and this is working.
In the landing page I have a link to another page with more details and in this webpage I have the same form.
My idea is to run campaings on the first page with the rel link, but then if the user clicks on the link and go to the detailed page (and then compile the form from there), I am losing the rel field.
How can I pass the rel field to the url of the second page?
Thanks
You may refer the this stackoverflow page. Once the HTTP GET request comes, traverse in HTTP headers in your controller and look for Referer field but it is not always set and the client can change the header value. May be using google analytics is the better option.
If you just want to know that whether if they came to your form page from your landing page or not, you may add fix HTTP URL parameter prior to HTTP redirect.
If you save your rel in a variable, you can add it on your link to detailed page, for example in case of =fbads just once variable is set up, add it: <a href="http://myDetailedPage.com/detailed/?=<?php $rel;?>"</a>
I have a facebook page tab iframe and would like to access the browser url in order to get the current facebook page url.
I know it's not possible to use a javascript that interacts with the parent frame because of browser security issues.
An approach that didn't work for all browsers was to read the HTTP_REFERER header from the request.
Is there a better way?
I hope this is impossible at all. Otherwise it will be a security issue, likely to be closed.
You should not write code depending on compromising other users.
It is not possible to get URL of a parent Frame due to cross-domain policy. And there is no way to get the information about page your application running on in client-side.
But on the server-side you can reconstruct the Page URL using details passed in signed_request. For Page Tab Applications it contains page:
A JSON object containing the page id string, the liked boolean (set to true if the user has liked the page, false if not) and the admin boolean (set to true if the user is an admin of the page, false if they're not).
Using that page id you can build the Page URL:
http://www.facebook.com/pages/-/PAGE_ID
If you want the link to your Page Tab with your application use:
http://www.facebook.com/pages/-/PAGE_ID?v=app_APPLICATION_ID
Beware, HTTP_REFERRER is provided by client and cannot be trusted, and it's may be cut by plugin/proxy/etc...
Notes:
Pages may have different URL in real life, but using this technique user will be landing the correct Page since Facebook will issue redirect to correct URL of a Page.
Sample URLs use HTTP scheme, feel free to use HTTPS if you need it.
In PHP for example you can detect the current scheme like this:
$scheme = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']!=="off") ||
(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
$_SERVER['HTTP_X_FORWARDED_PROTO']=="https")
) ? 'https' : 'http';
HTTP_REFERRER might not work as expected in my experience. If the tab app is designed for a specific page (which I suppose it kind of should), have you tried recreating it?
https://www.facebook.com/MYPAGENAME/app_MYAPPID
Where MYPAGENAME is your page name and MYAPPID is the app id, of course.
If the tab is applied to multiple pages though, I'm quite sure you'll get the relevant data to apply the above from https://graph.facebook.com/PAGEID, where PAGEID is the ID of the page which you get from the signed request.
I am looking for a way to detect which page a user comes from (the users referring page). If the user does not come from a page called "index.php", they should be redirected to a page, like, google.com. Any programming language that can be embedded into an html file. Thanks!
you can get the previouse url by :
$_SERVER['HTTP_REFERER']
in some cases this can be forbidden by the browser user settings
'HTTP_REFERER' The address of the page (if any) which referred the
user agent to the current page. This is set by the user agent. Not all
user agents will set this, and some provide the ability to modify
HTTP_REFERER as a feature. In short, it cannot really be trusted.
check it on the php manual
http://php.net/manual/en/reserved.variables.server.php
Look at the HTTP Referer header field?
You can use the HTTP referrer header: http://en.wikipedia.org/wiki/HTTP_referrer
There's a tutorial here on how to access it using javascript.
You would use the header called Referer [sic] . See: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html (section 14.36)
Obtain its value however you want.
I am making a website, where a person could be redirected to a form page several different pages within the site and depending on where they were redirected from, the form would be filled out certain to make it quick for them. This is all on the mobile, so data has to be kept in mind.
That information is usually contained in the HTTP Referer header field.
You can get this data from the headers sent by the browser (referrer URL) - usually these are stored as "Server variables"
However, I would recommend staying clear of this method as it can introduce a few other problems. I would recommend using session/cookies to keep track of the last page the user has visited.