Jquery ajax() messing with my .htaccess mod_rewrite - .htaccess

I am performing a simple AJAX() request using Jquery (Google hosted 1.7.1 jquery.min.js code)
The code is pretty simple:
$.ajax({
type: "POST",
url: "../inc/ajax_msgread_sendPM.php",
data: "fromuserid=<?php echo $fromuserid; ?>&pmSubject=<?php echo urlencode($pmSubject); ?>&pmBody=" + pmReply,
success: function(data){
$("#showSuccess").show("fast");
$("#resultResponse").html(data);
}
});
The mod_rewrite .htaccess for this document is:
RewriteRule ^messages/read/([^/]+)/([^/]+)/?$ /msgread.php?usernam=$1&keynode=$2 [QSA,L]
When I view the $resultResponse for some reason the Ajax keeps wanting to turn $1 into 'inc' so any unrelated (or related) mySQL queries using $_GET["usernam"] from the URL ends up returning 'inc'
Why is this happening? There is no relation between my script and the mod_rewrite. There are no variables named "usernam" or "1" on the script (or anywhere on the site).
Firebug gives no help.
Advice please?
UPDATE:
I see where the problem is coming from.. in the ajax jquery code:
url: "../inc/ajax_msgread_sendPM.php",
the "inc" keeps getting set as the username because of its location based on the mod_rewrite rules... I need to somehow exclude this from mod_rewrite... just not sure how to solve this problem

As long as current url for your page is
www.domain.com/messages/read/username/NQ
and you use relative path - it is being rewritten to
www.domain.com/messages/read/username/inc/ajax_msgread_sendPM.php
which is definitely not what you want. The simplest solution would be to change the ajax endpoint url to:
url: "/inc/ajax_msgread_sendPM.php",

Related

Trying to create a back button using HTTP REFERER and PHP that works even after page self reload

I am trying to save the HTTP_REFERER to a $_SESSION[] variable and only updating it if the referring page does not match the current page. This way if I reload the page through a PHP script it does not save the current page I'm on as the referrer.
First I am getting the REFERER and comparing it to the current URL:
$referer = $_SERVER["HTTP_REFERER"];
preg_match('/^(.*?\:\/\/)/', $referer, $start);
$url = $start[0].$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
Then I have an IF statement that says if they DONT match to update Session:
if($url != $referer){
$_SESSION['referer'] = $_SERVER["HTTP_REFERER"];
}
Then I check the output:
echo $_SESSION['referer'];
The issue is that it updates the session no matter what!
I have tried to do the same with cookies instead of the session variable. With cookies, I can see it changing in the consol. It won't update, and then a second later it updates. Almost as if the page is loading twice.
When I set this code
setcookie('test', $_SERVER["HTTP_REFERER"]);
When I go to a new page, it will correctly display the correct refer, and then after a second, it switches to the current page.
My current setup uses .htaccess so that I don't have to type the file names of the pages. I have all requests of any subfolders go to /index.php
So http://example.com/home or http://example.com/coolpage will all go back to http://example.com/index.php
Then with PHP I look for the file named the same as that subfolder and then "include" it in my index.php file as a sort of simple templating system.
Are these .htaccess redirects messing with the $_SERVER["HTTP_REFERER"]? If I just use the $_SERVER["HTTP_REFERER"] directly within my code it works fine (it's not updating). It's only when I try to save it to another variable that things go wonky.
Is there a better way to have a back button that sends the user back to where they came from without taking into account multiple page loads of the same URI?
I found a workaround that seems a bit odd, but it achieves the effect I want.
I wrap the whole thing in an if statement only executing if the $uri != favicon.ico
if($uri != 'favicon.ico'){
$referer = $_SERVER["HTTP_REFERER"];
preg_match('/^(.*?\:\/\/)/', $referer, $start);
$url = $start[0].$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if($url != $referer){
$_SESSION['referer'] = $_SERVER["HTTP_REFERER"];
}
$backButton = $_SESSION['referer'];
}

Nodejs redirect url encoding

I have a server that makes url redirection using nodejs. I use this to make the redirection :
response.writeHead(302, {Location: url}); response.end();
This works well with normal url like google.com but when I have other characters like cyrillic it bugs for example if I do a url = 'ru.wikipedia.org/wiki/Путин,_Владимир_Владимирович' (with https:// infront) then the redirection bugs. Do I have to somehow reencode the string before passing it to the redirection? because when I make a console.log(url), it's displaying the correct url with the cyrilic letters.
After some more test i manage to see that the data encrypted is as follow using node-icu-charset-detector:
----[NOTICE] charset: ISO-8859-2
----[NOTICE] redirect: https://ru.wikipedia.org/wiki/Путин,_Владимир_Владимирович
And the link I'm getting on my browser is like 'https://ru.wikipedia.org/wiki/%1FCB8=,%12;048%3C8#%12;048%3C8#%3E28G'
You can encode the url since HTTP header values doesn't support utf-8 encoded value:
response.writeHead(302, {Location: encodeURI(url)});

.htaccess url rewriting not-fix

By using jQuery I have sent a POST value to another file using window.location
where bname refers to some name from database
$.form(window.location + "?rt=" + bname,{project:project,bname:bname},'POST').submit();
after jQuery execution the following url appears on screen: /m/?rt=Jaypee%20Group
However I need the above one as /m/JaypeeGroup
I have tried htaccess rewrite but can't fix this issue
Is there any other way ("window.location + "?rt=" + bname") in jQuery or how can I fix this in htaccess?
Don't need for htaccess, just replace the space in javascript :
$.form(window.location + "?rt=" + bname.replace(" ", ""),{project:project,bname:bname},'POST').submit();
Invoke JQuery as follows.
$.form(window.hostname+"/"+context+"/m/"+project+"/"+bname+"/","POST").submit();
and add htaccess rewrite as per your requirements.
yourhostname/context/m/(.*)/(.*)/ .......

ExpressJS Route Parameter with Slash

Im using ExpressJS. I want pass url as parameter.
app.get('/s/:url', function(req, res) {
console.log(req.params.url);
});
/s/sg.com //sg.com
/s/www.sg.com //www.sg.com
/s/http://sg.com //http://sg.com
/s/http://sg.com/folder //http://sg.com/folder
How to correct the route such that everything afterr /s/ will be considered as paramenter including slashes.
Thanks
Uh, if you want to stick a URL inside of another URL, you need to URLencode it. If you want to stick one in their raw and suffer the consequences, just use app.get('/s/*'... and then manually parse out the url with req.url.slice(3). But hear me know and believe me later, URL Encoding is the right way to do this via the encodeURIComponent that is built in to JavaScript and works in both the browser and node.js.

HTACCESS - Block everything but specified SEO friendly URL

I haven't found all the answer to my current problem.
Here is the root of the site:
cache
img
display.php
admin.php
What I need is to block all the direct access of the files and allow only access via url formatted like that:
1 ht*p://sub.domain.com/image/param/size/folder/img.jpg (param, size, folder, img are parameters)
2 ht*p://sub.domain.com/action/param1/param2/ (param1, param2 are parameters)
1 would point to display.php with the correct parameters
2 would point to admin.php with the correct parameters
Every other access must be 404 (at best) or 403
my rules are (the htaccess is in ht*p://sub.domain.com/):
RewriteRule ^image/([^/]+)/([0-9]+)/([^/]+)/([^/]+)\.jpg display.php?param=$1&size=$2&folder=$3&img=$4 [L]
RewriteRule ^action/([^/]+)/([^/]+) admin.php?action=$1&param=$2 [L]
Those rules work as I want to but I am stuck on how to block any access that does not come from those URL!
Also (as a bonus) I would like to be able to use the same htaccess on diferrent web address without having to change this file.
Thanks in advance
Have you try moving the image out of the public folder and use php to call the image in?
For the PHP files you can use the switch statement (http://www.php.net/switch).
For the admin.php file you can do something like:
$get_action = $_GET['action'];
switch ($get_action) {
case "edit":
case "view":
case "delete":
case "add":
//Continue loading the page
break;
default:
header('HTTP/1.1 403 Forbidden');
die();
}
Note: I don't know how your code looks or works, but you can have an idea base on the code I added.

Resources