PHP: Check if URL is being redirected?

Question

PHP: Check if URL is being redirected?

I have implemented a function that runs on every page that I want to restrict from unregistered users. The function automatically redirects the visitor to the login page if he or she is not logged in.

I would like to make a PHP function that runs from an external server and iterates through a lot of set URLs (an array with URLs that is designed for each secure site) to see if they are redirected or not. That way, I could easily make sure that protection is enabled and running on every page.

How can I do that?

Thanks.

+9

function redirect php curl

Industrial Jun 03 '10 at 10:00

source share

9 answers

I use curl and take only the headers, after comparing my url and url from the curl header:

  $url="http://google.com"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_TIMEOUT, '60'); // in seconds curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_NOBODY, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $res = curl_exec($ch); if(curl_getinfo($ch)['url'] == $url){ echo "not redirect"; }else { echo "redirect"; }

+4

Piotr Kazuś Aug 3 '16 at 10:20

source share

You can always try adding:

 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

since 302 means it has been moved, allow curl to follow it and return all the returned URLs.

+3

Bren1818 Jul 14 '14 at 20:26

source share

I'm not sure if this really makes sense as a security check.

If you are worried that files that are called directly without your participation is the user who logs in? checks are performed, you can do what many large PHP projects do. In the central include file (where the security check is performed), define the constant BOOTSTRAP_LOADED or whatever, and in each file check if this constant is set.

Testing is great, and security testing is even better, but I'm not sure what flaw you are looking for to uncover this? For me, this idea seems like a waste of time, which does not bring any real additional security.

Just make sure your script die() after redirecting header("Location:...") . It is important to stop displaying additional content after the header command (the missing die () was not caught by your idea, by the way, since the redirect header will still be issued ...)

If you really want to do this, you can also use a tool like wget and pass it a list of URLs. Get the results into a directory and check (for example, looking at the file sizes that should be identical), regardless of whether each page contains a login dialog. Just add another option ...

+1

Pekka 웃 Jun 03 '10 at 10:27

source share

Do you want to check the HTTP code to see if it is redirected?

  $params = array('http' => array( 'method' => 'HEAD', 'ignore_errors' => true )); $context = stream_context_create($params); foreach(array('http://google.com', 'http://stackoverflow.com') as $url) { $fp = fopen($url, 'rb', false, $context); $result = stream_get_contents($fp); if ($result === false) { throw new Exception("Could not read data from {$url}"); } else if (! strstr($http_response_header[0], '301')) { // Do something here } }

+1

baloo Jun 03 '10 at 10:48

source share

You can use a session if the session array is not installed, the URL is redirected to the login page. ,

0

luckydeng Jun 03 '10 at 10:08

source share

I modified Adam Backstrom's answer and implemented the chiborg proposal. (Only for downloading HEAD). It has one more thing: it checks whether it is redirected to a page of the same server or not. Example: terra.com.br redirects to terra.com.br/portal. PHP will treat it as a redirect, and rightly so. But I just wanted to list this URL, which redirects to another URL. My English is not very good, so if someone has found something really difficult to understand and can edit it, please.

 function RedirectURL() { $urls = array('http://www.terra.com.br/','http://www.areiaebrita.com.br/'); foreach ($urls as $url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // chiborg suggestion curl_setopt($ch, CURLOPT_NOBODY, true); // ================================ // READ URL // ================================ curl_setopt($ch, CURLOPT_URL, $url); $out = curl_exec($ch); // line endings is the wonkiest piece of this whole thing $out = str_replace("\r", "", $out); echo $out; $headers = explode("\n", $out); foreach($headers as $header) { if(substr(strtolower($header), 0, 9) == "location:") { // read URL to check if redirect to somepage on the server or another one. // terra.com.br redirect to terra.com.br/portal. it is valid. // but areiaebrita.com.br redirect to bwnet.com.br, and this is invalid. // what we want is to check if the address continues being terra.com.br or changes. if changes, prints on page. // if contains http, we will check if changes url or not. // some servers, to redirect to a folder available on it, redirect only citting the folder. Example: net11.com.br redirect only to /heiden // only execute if have http on location if ( strpos(strtolower($header), "http") !== false) { $address = explode("/", $header); print_r($address); // $address['0'] = http // $address['1'] = // $address['2'] = www.terra.com.br // $address['3'] = portal echo "url (address from array) = " . $url . "<br>"; echo "address[2] = " . $address['2'] . "<br><br>"; // url: terra.com.br // address['2'] = www.terra.com.br // check if string terra.com.br is still available in www.terra.com.br. It indicates that server did not redirect to some page away from here. if(strpos(strtolower($address['2']), strtolower($url)) !== false) { echo "URL NOT REDIRECT"; } else { // not the same. (areiaebrita) echo "SORRY, URL REDIRECT WAS FOUND: " . $url; } } } } } }

0

jaysponsored Sep 22 '12 at 20:18

source share

 function unshorten_url($url){ $ch = curl_init(); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_URL, $url); $out = curl_exec($ch); $real_url = $url;//default.. (if no redirect) if (preg_match("/location: (.*)/i", $out, $redirect)) $real_url = $redirect[1]; if (strstr($real_url, "bit.ly"))//the redirect is another shortened url $real_url = unshorten_url($real_url); return $real_url; }

0

Ludo - Off the record Jun 2 '13 at 11:35

source share

I do not understand your question. Do you have an array with urls and want to know if the user is one of the listed urls? If I understand your quest correctly:

 $urls = array('http://url1.com','http://url2.ru','http://url3.org'); if(in_array($_SERVER['HTTP_REFERER'],$urls)) { echo 'FROM ARRAY'; } else { echo 'NOT FROM ARR'; }

-2

Gosha Jun 03 '10 at 10:04

source share

Annika backstrom · Accepted Answer · 2010-06-03T10:37:51+0000

$urls = array( 'http://www.apple.com/imac', 'http://www.google.com/' ); $ch = curl_init(); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); foreach($urls as $url) { curl_setopt($ch, CURLOPT_URL, $url); $out = curl_exec($ch); // line endings is the wonkiest piece of this whole thing $out = str_replace("\r", "", $out); // only look at the headers $headers_end = strpos($out, "\n\n"); if( $headers_end !== false ) { $out = substr($out, 0, $headers_end); } $headers = explode("\n", $out); foreach($headers as $header) { if( substr($header, 0, 10) == "Location: " ) { $target = substr($header, 10); echo "[$url] redirects to [$target]<br>"; continue 2; } } echo "[$url] does not redirect<br>"; }

PHP: Check if URL is being redirected?

More articles: