Jump to content

Masking Or Redirecting Url In .htaccess


podarum
 Share

Recommended Posts

Hi, I'm in dire need for help.I'm trying to direct users if they came from paypal.com to one of my sites and if they did not come from paypal.com to another site.. I tried the $_SERVER and for some weird reason that didn't work, all my users were going to the not paypal.com site, even if they did come from there.. I'm hoping someone knows any other way or how this can be done in .htaccess..This is the code I used for $_SERVER :

<?phpif (1==(preg_match('#http(|s)://([a-z]+\.)*paypal\.com/#', $_SERVER['HTTP_REFERER'])){header ("Location: http://www.aaaa.ca/process5.php");}else {header ("Location: http://www.aaaa.ca/Disagree.html");}?>

Or even

<?phpif (1 == preg_match('#http(|s)://([a-z]+\.)*paypal\.com/#', $_SERVER['HTTP_REFERER'])){echo "<body onload=\"document.location.href='http://www.aaaa.ca/process5.php'\">";}else {echo "<body onload=\"document.location.href='http://yahoo.com'\">";}?>

Link to comment
Share on other sites

Print out the referer header to see what it actually is. The referer header is the only way to find out where they came from, but not all browsers may send it, some security software removes it, and it never gets sent when you go from HTTPS to HTTP.

Link to comment
Share on other sites

Ok...So I just insert this code (below) to my output page from paypal ?

<?phpprint  $_SERVER['HTTP_REFERER']?>

The other thing is, that I've heard that using $_SERVER['HTTP_REFERER'] is not so reliable as is .htaccess..could that be a reason for chosing one over the other?

Link to comment
Share on other sites

Both PHP and Apache have access to the same referer header, you aren't going to get different values in PHP vs. htaccess. htaccess is more useful than PHP for other things, but you're just dealing with a request header here, which is going to have the same value no matter where you access it.

Link to comment
Share on other sites

I got you. See I did not know that.. ThanksAs for my other question is doing the print $_SERVER[HTTP_REFFERER] part what I should do and then post what I get back ? Like what should I be looking for... I don;t have access to my web host at this moment, I woun't be able to do it until later tonight.

Link to comment
Share on other sites

I'm not sure if that was a typo, but the code should be this:<?php print $_SERVER['HTTP_REFERER']; ?>You can also do this:<?php var_dump($_SERVER['HTTP_REFERER']); ?>or, to see the entire $_SERVER array:

<pre><?php var_dump($_SERVER); ?></pre>

Link to comment
Share on other sites

OK,doing <?php print $_SERVER['HTTP_REFERER']; ?> I got a blank page.doing <?php var_dump($_SERVER['HTTP_REFERER']); ?> I got the word "NULL"and for :

<pre><?php var_dump($_SERVER); ?></pre>

I got the whole dump, what should I be looking for?

Edited by podarum
Link to comment
Share on other sites

If it's null then it's simply undefined, that means the browser didn't even send a referer header. You can look through the rest of the $_SERVER array to see if you can find something identifying that they came from PayPal, but I don't think there's going to be anything there. You might want to have PayPal link to a HTTPS URL on your site instead of HTTP, and see if the referer gets sent that way. Like I said, the referer never gets sent if you go from HTTPS to HTTP. I assume the PayPal page is going through HTTPS.

Link to comment
Share on other sites

Ahhh, very good my friend I think we're on to something here... I beleive PayPal is running wiht Https, now my questions are:1) How can I change a page from http to https on my site. and.2) I need to get back to a process page that is http (I suppose I can make it https)3) I'm basically trying to make Process Page avaialble to only those that confirmed a successfull payment through PayPal, and I don't want them to be able to view that page if they come from anywhere else including typing in the [url="http://www....."]http://www.....[/url]. what will be available is a page that is full of information with SESSIONS from the Form that the user started off along other things.. So like the USer types in Age=68, then go to PayPal and through a series of Fails/Successful payment, then the user would see a process page Age=68, is Hgh Risk or something like that.
Link to comment
Share on other sites

Just try to access the page via https, if it shows up then it's working. If not, you may need to install an SSL certificate or enable security for the file or directory. Your host should be able to help with that.

I need to get back to a process page that is http (I suppose I can make it https)
You don't need http for anything, it's the same as https except the communication is sent in plain text instead of encrypted.
Link to comment
Share on other sites

I don't know now... I'm also looking at using iFrames in my process page, this way I'll let PayPal direct the success/fail page to it and the user can't see the URL (preventing him from typing it in without paying). The only thing he'll see is the frame URL.. I don't even know if that'll work with SESSIONS and php...

Link to comment
Share on other sites

That's not going to work, you can't load a page into a frame on an external page that isn't open yet. You can't send a request to open one page that contains a frameset, and then another request to load another page inside one of the frames on that page. PayPal would need custom coding just to work with your specific setup.You can always just set a session value when you redirect the user to PayPal, and check for the session value on your processing page. If it's not there, then they didn't go through your process.

Link to comment
Share on other sites

I know I've thought of that, but maybe I looked at it the wrong way. The session value would be set on user's form before they hit Paypal and now he has it, so once he checks the URL to the process page, that page would recognize it and open..being able to bypass the PayPal process... maybe I'm not seeing something here, but how can I intergrate this into PayPal? so the user has this session value only if it came form paypal?

Link to comment
Share on other sites

Ok, I came up with an idea.... Once the customer pays, he has to press the 'Return to Merchant' button (or something like 'Return to Company ABC').. all this shows up in the return URL something like this..... How can I put in a code that says if the the URL has the 'merchant_return_link=Return+to+CompanyABC, then allow user to see process5.php if not Dismiss.php .... I'm thinking the only way to validate if the customer came from that 'paid' page, because it's really the last page of te PayPal process, technically the customer finalized his pay..Thanks

Edited by podarum
Link to comment
Share on other sites

That's just another URL check, if you want to do that you can find that data in $_GET. But someone can just type that also, or copy and paste the link and give it to someone else. The best way to validate is to get PayPal to send data back to your site other than in the query string. Check the PayPal documentation and see if there's a process that does that.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...