Having issue with PHP URL Redirect Between Multiple Domains

Question

My PHP skills are lacking a bit and I've tried troubleshooting this for a while and searching for an answer with no luck... and I'm sure it's something simple.

I have a page on one domain that is checking to see if a cookie exists, and if it does not, it sends the user to a completely separate domain to enter in their Date of Birth. Once they enter it in and are over 21, they are to be redirected back to the original domain, but for some reason my script is only capturing the sub-directory of the referring domain, rather than the whole thing.

So, user visits the following page at a hypothetical URL, abc.com:

<?php 
function over21(){  
    session_start();
    $redirect_url='http://xyz.com'; 
    $validated=false;  
    if(!empty($_COOKIE["over21"])) { $validated=true; } 
    if(!$validated && isset($_SESSION['over21'])) { $validated=true; } 
    if($validated) { return; } 
    else { 
        $redirect_url=$redirect_url."?return=".$_SERVER['REQUEST_URI']; 
        header('location: '.$redirect_url); 
        exit(0); 
    } 
} 
over21(); 
?>

<html>
  <head>
    <title>abc.com page</title>
  </head>
  <body>
    Before you are able to read this content, you will be redirected to xyz.com to validate your age
  </body>
</html>

So far so good, they are now sent to xyz.com to enter in their date of birth:

<?php
session_start();
if(isset($_POST['submit']))
{
    $month = $_POST['month'];
    $day = $_POST['day'];
    $year = $_POST['year'];

    $birthday = mktime(0,0,0,$month,$day,$year);
    $difference = time() - $birthday;
    $age = floor($difference - 662256000);  
    if($age >= 21)
    {
        setcookie("over21",$value, time()+3600*24);
        $_SESSION['over21'] = 1;
        $redirect=isset($_GET['return'])?urldecode($_GET['return']):'./';
        header("location: ".$redirect);
        exit;

    }
    else
    {
        $_SESSION['under21'] = 0;
        header("location: http://google.com");
        exit;
    }
}
?>
<html>
  <head>
    <title>this is xyz.com</title>
  </head>
  <body>
    <form>
      There is a form in here with input's and such to gather day, month and year of birth.
    </form>
  </body>
</html>

The script is working great if I keep the age verification piece and the referring page all on the same domain. But how do I modify this so that the age verification page is capturing the full URL of the referring domain, not just the sub-domain?

Do both sites share a common domain? Are you familiar with the [Same origin policy](http://en.wikipedia.org/wiki/Same_origin_policy)? — ficuscr, Mar 26 '13 at 19:10

score 0 · Answer 1 · edited May 23 '17 at 12:11

0

So, ignore the same origin remark I think, Just seeing the session start code made me think you were trying to share a session across domains.

You are simply asking about $_SERVER variables I see.

'REQUEST_URI' - The URI which was given in order to access this page; for instance, '/index.html'.

Try something like HTTP_HOST instead.

Similar: PHP get domain name

edited May 23 '17 at 12:11

Community

1
1

answered Mar 26 '13 at 19:16

ficuscr

6,975
2
32
52

Thanks @ficuscr , that helps. I've modified the redirect referring page so that the else statement is: $redirect_url=$redirect_url."?return=".$_SERVER['HTTP_HOST']; But now it seems that the full URL of the referring page is being appended to the URL of the referred page instead of redirecting back. To see this in action, visit http://rwd-development.com which will redirect to rwd-development2.com (not the URL string on this redirection). Once you submit your age, it should send you back to rwd-development.com but instead it is just appending the existing URL. Any thoughts? Thanks again – Gregg Richter Mar 27 '13 at 16:34
At first I thought you were losing the GET value when POSTing the age verification form, however I see that the form action URL bears the ?return variable. Think you simply need to express the URI for the location header fully, add the `http://`. Eg. `header("Location: http://www.example.com/");` – ficuscr Mar 27 '13 at 17:02
This works: http://rwd-development2.com/?return=http://yahoo.com Check the rwd-development.com page code, think you are doing an extra redirect. Using a tool like HTTPLiveHeaders of Fiddler can let you see the headers send and any 302 redirects - invaluable tool to use. – ficuscr Mar 27 '13 at 17:08
how can I contact you offline? If you're up for it, I'd be happy to pay you to fix this. For anyone that knows PHP and has access to the code, I'm sure this should be fixable in less than an hour... probably in minutes. If you're on Twitter connect with me via handle 'greggrichter' and we can DM contact info. Thanks – Gregg Richter Mar 27 '13 at 19:51

Having issue with PHP URL Redirect Between Multiple Domains

1 Answers1