How to stop this?

**Mysterio** · 04.02.11, 21:21

Problem seems to easy to solve but I don't know what you really need. Try to explain once and I will help immediately.

**arnage** · 04.02.11, 21:30

Thanks mate.

Here's an example in the guest book when a visitor clicks on a posted link all is fine:
"http://mysite.tld/index.php?a=going&go=POSTED_site.tld"
but when in the address bar someone type a completely different link, the script sends it there. For example,
"http://mysite.tld/index.php?a=going&go=ANOTHER_site.tld" < There to be blocked.

**wap2k** · 05.02.11, 00:24

PHP Code:


elseif ($a == 'going') {



    $whitelist = Array(

    "google.com",

    "yahoo.co.uk"

    );



    $go = $_GET['go'];



if(!isset($go) || $go == '' || !in_array($go,$whitelist)) { exit; }

    header('Location: http://'.$go.'/');

 exit;

}

Just add the sites you wish to allow to the White List Array.

**khan** · 05.02.11, 00:42

u can send the data in post format. Then it will not show on address bar.

**arnage** · 05.02.11, 10:06

Originally posted by wap2k View Post

PHP Code:


elseif ($a == 'going') {



    $whitelist = Array(

    "google.com",

    "yahoo.co.uk"

    );



    $go = $_GET['go'];



if(!isset($go) || $go == '' || !in_array($go,$whitelist)) { exit; }

    header('Location: http://'.$go.'/');

 exit;

}

Just add the sites you wish to allow to the White List Array.

Thanks for reply but i can't do it this way because visitors post their links in guest book.

Originally posted by khan89 View Post

u can send the data in post format. Then it will not show on address bar.

I'ld like to avoid using _post in this case.

I have tried to define the second variable and preg_match them, then false in if statement, !=, !==, return true/false... Nothing works. I have no idea.

**khan** · 05.02.11, 12:11

if u want to get request then use urlencode()funotion to do the same but in a complicated way

**arnage** · 05.02.11, 12:43

$_GET is encoded automaticly, its not problem in encoding bro.

Probably some detail... I tried now define/defined, strpos and I don't know what else have tried and still can't block it.

**something else** · 05.02.11, 14:47

PHP Code:


else if($a == 'going'){ 

$go = $_GET['go']; 

$link = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM table_name WHERE field_name LIKE '%".$go."%'"));

if($link[0]>0&&$go!='')

header('Location: http://'.$go.'/'); 

else

header('Location: http://back2yourSite.con');

exit; 

}

**frostymarvelous** · 05.02.11, 16:23

As mysterio said, what do you want? Is the page a safe redirect? A redirect to your own site? What? After all, I assume a user won't click a link he doesn't want to visit.

**arnage** · 06.02.11, 14:07

Originally posted by something else View Post

PHP Code:


else if($a == 'going'){ 

$go = $_GET['go']; 

$link = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM table_name WHERE field_name LIKE '%".$go."%'"));

if($link[0]>0&&$go!='')

header('Location: http://'.$go.'/'); 

else

header('Location: http://back2yourSite.con');

exit; 

}

Thanks but i have no sql in this matter and can't figureout how to define needed data.

Originally posted by frostymarvelous View Post

As mysterio said, what do you want? Is the page a safe redirect? A redirect to your own site? What? After all, I assume a user won't click a link he doesn't want to visit.

But I did explain in the next post...

This is not for the lavalair, I never wanted to have a forum, and probably never will. Im trying to write my site script.

**something else** · 07.02.11, 04:25

PHP Code:


else if($a == 'going'){  

$go = $_GET['go'];  

if(substr_count($data,$go)>0&&$go!='') 

header('Location: http://'.$go.'/');  

else 

header('Location: http://back2yourSite.con'); 

exit;  

}

**wap2k** · 07.02.11, 07:25

This also does what you are wanting

Code:

elseif ($a == 'going') {
$go = $_GET['go']; 

$GuestbookPostText = "Please visit my site http://wapmii.com. Thanks"; 

if(strpos($GuestbookPostText,$go)===false || !isset($go) || $go == '') { exit; } 
    header('Location: http://'.$go.'/'); 
    exit;
}

**arnage** · 07.02.11, 17:50

Im sorry for bodering u guys but i think its not problem in processing data, its a problem to define the data to be processed.
One of my last attempt yesterday was to recode guest book lines, i have add new var, $linkrow to read array from file, then
foreach ($linkrow as $go) to read every row in the colon, so it can be get to matching and to display in guest book page.

Link is the same:
echo '
<a href="/index.php?a=going&go='.urlencode($go).'"><span class="si_y">'.$go.'</span></a>';

Now in "going" exit page is:

PHP Code:


$go = $_GET['go'];

$link = $_GET['linkrow'];

$getgo = strpos($link, $go); // preg_match also not work

if ($getgo === true) {

header('Location: http://'.$getgo.'/');

    exit;

}

else { exit; }

Of course, not work.
Im gonna eat the keybord.

**frostymarvelous** · 07.02.11, 18:43

We want to help, but honestly, most of us don't understand what it is you want to do.
Just read the replies. Everyone is assuming one thing or the other

How to stop this?

How to stop this?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment