-1

I have read through How to make a redirect in PHP, but everything there is based on having an HTML page for users to visit. In my case I am just sending users to an address ending in .php, whereupon they will be redirected to one of two places.

Here is the .php file in its entirety:

<?php
$num = Rand (1,2);
switch ($num) {
case 1: header('Location: http://blah.com/blah'); // "shortURL2"
break;
case 2: header('Location: http://yadda.com/yadda'); // "shortURL3"
break;
}
?>

It seems to work fine in all of my tests, but I want to make sure there isn't a fringe (or not-so-fringe) case user out there that would have an issue being redirected along this (admittedly convoluted) path:

shortURL1.com →1 longURL1.php2 shortURL[2|3].com →3 longURL[2|3].com

  1. Link in email to subdomain 1, whereupon URL rewriting sends them to a .php file on subdomain 2
  2. Code above sends people to "case 1" or "case 2" URL back on subdomain 1
  3. Second round of URL rewriting on subdomain 1 lands user on one of two destination pages

I already know this is not the ideal way to do anything. This is what various limitations have brought me to, and if those could change I would share them. Suffice it to say that this is what I've got, and at this point I just need to make sure that everyone who clicks this link will end up on one of two sites and not floating in some kind of no-php-for-me-thanks limbo. . . or worse.

Community
  • 1
  • 1
Tyler James Young
  • 130
  • 11

2 Answers2

1

This depends on whether you are using some (MVC) framework which utilizes Front Controller pattern - single entry-point PHP which initializes resources, DB, etc... and then routes the request (calls methods on Controller objects) based on request URL

or

You use some really simple web app where each .php file is a Front Controller by itself (is responsible for including another .php files for DB connections etc)

In the first case the framework won't allow you to call other files (.htaccess restriction), the call will throw exception (file tries to use object which is not initialized/available) or nothing happens at all (your file only contains some class definition which does nothing by itself.

In the second case you need to protect sensitive files (like db.php with database login/password) to make sure it does not print out its contents somehow (or better, to make sure it cannot be called directly, only included in other .php file)

Michal Boska
  • 1,041
  • 1
  • 8
  • 26
0

There is not issue until you show some secret on the client side(via HTML) in you .php file.

halkujabra
  • 2,844
  • 3
  • 25
  • 35