Check if URL is different in PHP

Asked

Viewed 939 times

0

In Javascript, we can check if the url is different, we have window.location.href

You can do it:

var urlAtual = window.location.href;
var urlCadastro = "www.teste.com/cadastro";
if(urlAtual != urlCadastro){
  window.location.href = "www.teste.com/login";
}

What I tried would work?

$atacadoLogado = $this->helper('customer')->isLoggedIn();
$urlDoCadastro = "https://www.meusite.com/cadastro";
$pegarDominio = $_SERVER['HTTP_HOST'];
$urlAtualizada = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://" . $pegarDominio . $_SERVER['REQUEST_URI'];
if(!$atacadoLogado && $urlAtualizada != $urlCadastro){
    header("Location: https://www.meusite.com/login");
}
php
  • 2

    Knows the super global variable $_SERVER?

  • No, Anderson, I’m gonna do some research here, thanks for talking.

2 answers

3

You can use the super global $_SERVER

$server = $_SERVER['SERVER_NAME'];
$endereco = $_SERVER ['REQUEST_URI'];

 $clienteLogado = $this->helper('customer')->isLoggedIn();
$urlCadastro = $server.$endereco
if(!$atacadoLogado && !$urlCadastro){
    header("Location: http://www.meusite.com/login");
}

At this link you find all the indexes and function of each on this super variable $_SERVER.

  • This SERVER_NAME shouldn’t be HTTP_HOST?

  • The two return the server localhost, no different use one or the other

  • In the link I provided in the reply this is easily found

  • 1

    It does matter. The SERVER_NAME does not include the door used, while HTTP_HOST yes. If the requested port is not the default, it must be present in the URL, that is, it must be used HTTP_HOST because it will work even if the door is different from 80.

  • Where did you see this? can you send me the link so you can update me? What I know about server_name is that the server name can be forged by the user and if the application depends on security it can easily be broken.

  • 1

    In the documentation. The port used by the server is stored in SERVER_PORT, not in SERVER_NAME. And what did you mean about SERVER_NAME be forged by the user?

Show 1 more comment

2

Yes friend is possible let’s take an example

$url = "https://www.google.com";
//Aqui ira pegar o dominio
$dominio= $_SERVER['HTTP_HOST'];
//Aqui ira concatenar com o http:// ou https:// e salvar em url

 $urlAtual = (isset($_SERVER['HTTPS']) ? "https" : "http")."://".$dominio. $_SERVER['REQUEST_URI'];
//Verifica se é diferente
if($url != $urlAtual){

echo "Diferente";
}
else{
echo "Não diferente";
}

  • Utilize $_SERVER['HTTPS'] to check whether the requested URL protocol.

  • Thank you, Anderson. Now you confused me with Bruno’s answer, put your has HTTP_HOST and his has REQUEST_URI and SERVER_NAME

  • @Lucascarvalho Basically what request_uri does is to take the file contained for example will load the index, it will take the name of the example file "www.seusite.com/ index.php" it will take this index.php, html whatever it has

  • This will depend on the url you want to compare if it’s https you put, if it doesn’t leave http even, I’m producing a better answer here, Aja I edit for a easier way but briefly that’s it @

  • Can you look at my edition there, Anderson? The code under "What I tried, it would work?"

  • @Lucascarvalho you confused everything. Review the answers and compare with your code.

  • Okay, I’m rereading here. I think I really got it wrong.

  • Sorry for the delay @Lucascarvalho I’m at work ai ta meio corrido kkk good but let’s go there to get the http protocol or https alone you can do as in the edited part, Note: If you are testing locally probably the $_SERVER['HTTPS'] will return errors

  • I think this is not ideal, even can be considered a security problem. The HTTP_HOST trusts the Host header, it can be modified by client. Use the SERVER_NAME it is better if it is configured properly..

  • @Inkeliz I don’t think the SERVER_NAME is better, because as in the answer below Anderson commented, It generates conflicts when the port is 80 or 443

  • Do you consider it best to trust a host that can be changed by the user? Whereas use apache and use this configuration, if you use Curl as curl http://127.0.0.1/ -H "Host: blabla.com" using the HTTP_HOST will get blabla.com, while using the SERVER_NAME, which by me is preferable, you will get 127.0.0.1, due to Apache configuration. The situation is, either you trust a client data or server information, because I trust the server is more secure.

  • @Andersoncarloswoss can see my issue now?

  • @Inkefeliz independent of one or the other is possible to detect a host, from bobiar until a dns Reverse in the server name would already pick up, so I do not see this "great" security that you see, a simple nmap would already bar this your huge security

Show 8 more comments

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.