how to stop people from sharing your website page link? - javascript

Is there a way for to make a page link on my website non-shareable, that is, if I share a link to this page with anyone else will not be able to access it, it can only be accessed from the source

If you have a URL to the website you want it to be accessed from, you can check before you load the page if they came from it, if they didn't just close the tab or something, or display a message.
var oldURL = document.referrer;
if(oldURL!="YOURSITEURL.COM"){
location.replace("WHEREVER.COM")
}

Some possibilities (not all of which are created equal):
Authorization: require users to authenticate themselves, then restrict who has access to the specific URL(s).
Don't use URLs: Instead, use a single-page app that doesn't modify the URL.
Just be random: Make every link point to a dynamically-generated URL that can only be visited once.

Related

How would custom user links work?

By custom user links, i mean like for example when a user registers to the website, a page is created specifically for that user with a link.
For Example
https:/domain.com/users/customerName
Then after creating the link, the website will automatically customize the website by using a clone of a specific webpage.
*Btw i've already took Care of the Login/Register part. I just need to know how custom user links would work.
Option 1: example.com/user
Use a single PHP file and an .htaccess file. Check out How to create friendly URL in php?
Option 2: user.example.com
Create sub-domains for each user, also uses .htaccess. Check out How to let PHP to create subdomain automatically for each user?
Option 3: example.com?user=name
Create a single php file and use $_GET parameters. This is the most usual and easiest way to customize the website based on the user who registered and logged in. (usually using user ID number: example.com/profile.php?user=71)
Of course there's also Session handling.
I think you searching for URL rewriting concept.
If user login the page no need to clone the page.you could access the same page with this user data and specification(dynamic page).Many the page content with php functions
URL rewriting
you could the function in .htaccess
if user enters the page
http://example.com/someuser
its rewrite the url with
http://example.com?q=someuser
if you see the url bar its like special page for the user.
It's actually fairly simple. You just use GET within PHP and the URL would be something like http://example.com/user?id=4453623 - If you've ever been on facebook you'll notice they use PHP for the profile pages and much other things too. If you go to your profile page, you'll notice a "id=" variable up in the URL and that's how they determine which profile page to display to you.
This is basically what #Granny commented.

How can i get source page url

Now i need to get source page url when i navigate any page under specific domain i tried this jquery code
$(document).ready(function() {
var referrer = document.referrer;
});
but i get the previous url page but i want to get the main link that open my domain for example i searched about my website from google then i open my website from google then i navigate any page under my domain ..... i want to get in any page that i come from google ..by the way my website is PHP.... can i make some thing like that ?!
On the server side, you can use $_SERVER['HTTP_REFERER'] to get the referrer.
Now when the user links (or submits) from one page to the next in your website, but you still want the website they originally came from instead of the page they just were on, you should remember the original referrer in some way, for instance by storing it in a session variable. Something like this:
$ref = $_SERVER['HTTP_REFERER']; // Get referrer
if (!$ref.strpos($_SERVER['HTTP_HOST'])) // It's not from the same domain?
$_SESSION['originalreferrer'] = $ref; // Nope, store in session
Then you will have $_SESSION['originalreferrer'] as the original referrer, as long as you include this code in each of your pages that may serve as a landing page from outside.

How to redirect a site to the Facebook canvas URL without going to an infinite loop?

If my Facebook canvas page is pointing to mydomain.com, and if a user goes directly to mydomain.com, how do I make the site show up on the Facebook canvas page? Basically, I want my website to always load on the Facebook canvas. If I just do a redirect to apps.facebook.com/mydomain, I think it gets into an infinite loop because the Facebook canvas is trying to load mydomain.com.
Check for the referrer in the HTTP request header, and base your logic on that. That being said, I don't know that redirecting your entire site to Facebook is a good solution to your problem.
A better solution would be to host the Facebook app portions on a separate page or domain, and link to it from your frontpage.
You can do it client side in javascript. Check if the page is currently opened inside an iframe, if it's not the case you are not inside facebook and should execute a redirect:
if(window.parent === window) do the redirect
You could find a way to implement it serverside, but, unless facebook is passing some specific parameters when loading, probably you will need to rely on the HTTP_REFERER parameter and the browsers will not send it always.
If your app is being loaded within Facebook, the page will be POSTed to, and the POST data will contain a signed_request field. This can be used on the server to discover if the user is accessing the app correctly - how you persist this information across navigation within the iframe is up to you.
Client side you can check window !== top, and /canvas/.test(window.name).
I found this on another question and use it in my own script:
<script type="text/javascript">
function NotInFacebookFrame() {
return top === self;
}
function ReferrerIsFacebookApp() {
if(document.referrer) {
return document.referrer.indexOf("apps.facebook.com") != -1;
}
return false;
}
if (NotInFacebookFrame()) {
top.location.replace("https://apps.facebook.com/YOUR_APP_NAMESPACE");
}
</script>
This checks if they are currently in the Facebook frame and *ONLY if they are not it will redirect them to "https://apps.facebook.com/YOUR_APP_NAMESPACE"
Note: you can use this on any page in you app just change the URL accordingly.
For example: If you are using this in http://YourDomain.com/anotherpage.php you can change the URL in the code above to https://apps.facebook.com/YOUR_APP_NAMESPACE/anotherpage.php

Document.referrer wrong when pressing the back button

I have a PHP / Javascript page that automatically logs a user into different systems from one log on. These are external sites and all works good except when the user hits the back button. It then redirects them right back where they came from.
I'm looking to have it redirect back to my main website and avoid getting stuck in this redirect nightmare. So I tried document.referrer, but that only seems to grab the current page I'm on and not the referred site. Am I wrong or can this not be done like this?
function myfunc () {
var frm = document.getElementById("loggedin1");
if(document.referrer != 'https://someurl') {
alert(document.referrer);//Just used to see output
frm.submit();
}
}
window.onload = myfunc;
If I could get it to function I would add an else in there and have it going back to my website.
Thanks!
It sounds like you are trying to go back to a previous page, that is not within the website of the page you're on?
A few points:
1) document.referrer will only work if the person got to the current page through a link, or clicking something.... not if they were redirected through other means.
2) Due to browser security implementations, you will not be able to access the javascript history for other sites. So if you go from your site, site A, to site B for a login, you will not be able to access the site A history from site B.
If you need to take them back to the previous page they were on on your site, can you use an iframe to load the external page? that way they'll never leave your site? Or maybe a window popup?
If what you are trying to accomplish is site logins, have you looked into the available apis? Sites like facebooks have apis for allowing logging in on your site through theirs.
Cheers!

What causes "fb_xd_fragment" to get appended? Does this impact end users in any way?

Note: The question is not how to fix the problem, as that is documented elsewhere on SO (e.g., Integrating Facebook to the leads to blank pages on some browsers / fb_xd_fragment).
1) What causes this, and under what conditions is it triggered?
2) More importantly, does this affect end users at all? For instance, how does this bug affect the URL shared by someone who clicks the FB Like button? If someone clicks the FB Like button from URL A, does URL A still get shared (but with "fb_xd_fragment" appended), or does URL A become your root URL (with "fb_xd_fragment")? In our logs, all the URLs appear as the root URL with "fb_xd_fragment" appended, so we're not sure if this is because people are clicking the Like button from the home page, or if all the shared URLs get morphed into the root URL.
Basically, what happens is whenever you use the JS API it opens your site in another iframe to use as a cross-domain receiver. What you can do is set a custom channel URL and it will use that instead. If seeing this bothers you, you can set a custom channel url. More information on http://developers.facebook.com/docs/reference/javascript/FB.init/

Categories