How to write a PHP redirect script

Question

How do I create a PHP script that will redirect to a custom URL when link added in the URL. For instance, when a user visits this:

http://mydomain.com/link.php?=http://www.google.com

It should redirect them instantly to google.

Ideally, is it possible to ensure that the click itself came locally?

I am aware that this is most likely a very basic PHP code but note that my knowledge of it is very limited which is restricting me from writing it.

score 2 · Answer 1 · answered Oct 15 '12 at 17:09

2

http://mydomain.com/link.php?url=http://www.google.com

<?php
 header("Location: {$_GET['url']}");
?>

This?

answered Oct 15 '12 at 17:09

MrSil

608
6
12

1

Is it possible to ensure that the click itself comes locally? – Henrik Petterson Oct 15 '12 at 17:11
1

As a suggestion, you may want to encode the URL in some way to prevent people from typing what they want into the variable, then decode it when setting your header (as @MrSil's answer) – Chris Forrence Oct 15 '12 at 17:11
You could check to see if the referrer domain is mydomain.com – Prasanth Oct 15 '12 at 17:11
1

What I mean is, I want to ensure that the visitor is clicking the link within my site. I do not want other people to use my redirector externally. – Henrik Petterson Oct 15 '12 at 17:12

Suriyamoorthy Baskaran · Accepted Answer · 2012-10-16T04:26:26.123

2

You can use the HTTP_REFERER of $_SERVER variable to check whether it is from the local domain.

Reference: http://php.net/manual/en/reserved.variables.server.php

For redirection, try using the below

http://mydomain.com/link.php?r=http://www.google.com
header("Location:".$_GET['r']);

Reference: http://in3.php.net/manual/en/function.header.php

I hope the following works for you, you can hard code the $domain variable as mydomain.com

$url = "http://www.php.net/index.html";
$domain = str_ireplace('www.', '', parse_url($url, PHP_URL_HOST));
$refDomain = str_ireplace('www.', '', parse_url($_SERVER["HTTP_REFERER"], PHP_URL_HOST));

if(strcmp($domain, $refDomain) == 0)
{
     //your code goes here
     header("Location:".$_GET['r']);
}

edited Oct 16 '12 at 04:26

answered Oct 15 '12 at 17:12

Suriyamoorthy Baskaran

635
7
17

Can you kindly demonstrate in your code how I would use the HTTP_REFERER of $_SERVER variable? – Henrik Petterson Oct 15 '12 at 17:14
changing the referer value in $_SERVER will do nothing - it's the client's browser that'll go fetch the specified url, and the referer will be YOUR site. You cannot change this. – Marc B Oct 15 '12 at 17:26
@MarcB, he needs to ensure that the url is navigated from the same domain. so i have suggested to use the variable $_SERVER["HTTP_REFERER "] to check the referrer domain. – Suriyamoorthy Baskaran Oct 16 '12 at 04:23

Prasanth · Answer 3 · 2012-10-15T17:54:37.850

0

Ok, I would like to add a complete answer here.

You could use header to send a redirect header like MrSil said,

header("Location: $url"); // will redirect to $url!

If you want to prevent other people from using your redirect script, you can do something like:

$ref = $_SERVER['HTTP_REFERER'];
$host = parse_url($ref, PHP_URL_HOST);
if($host !== "mydomain.com"){
  // out side request
}

But then, HTTP_REFERER can be easily spoofed. So, what would be a better check?

CSRF Protection. It might look like overkill, and it is also not the perfect way to do this stuff, but it helps.

Also, I don't think a perfect solution exists.

Read this for further info about CSRF.

edited Oct 15 '12 at 17:54

answered Oct 15 '12 at 17:27

Prasanth

5,230
2
29
61

This is an excellent answer. Out of curiosity, how can this script be spoofed? – Henrik Petterson Oct 15 '12 at 17:32
Also, can you please add the header redirect code in there as well so that I can accept this answer as correct. Sorry if I am confused but I cannot see where the **$_GET['url'** part is... – Henrik Petterson Oct 15 '12 at 17:35

How to write a PHP redirect script

3 Answers3