Hello FQ and Community,

I have a question concerning hiding a complete URL. In detail, I do not want to show the Deeplink in the Addressbox of the Browser (security-reasons).

For example the Deeplink:
http://www.mysite.com/subdir/index.php?newsid=3

And it should look like this (no deeplink):
http://www.mysite.com/

In both cases the newsid=3 should be shown. Is there an easy way to realize this?

TIA
Manfred

To hide the source file, couldn't you just include(subdir/index.php?newsid=3) it into the site's index page? The PHP code would obviously have to live in the index page itself. I'm doing this for one of my sites -- not for security reasons, but just because I can. :rasberry:

Apache will accept mydomain.com/?newsid=3 as a valid URL, so that covers both questions, I think.

... Unless there are multiple subdir/index.php pages involved, in which case you're probably headed into mod_rewrite territiory (shudder).

Randall

Hello Randall,

Thank you for your suggestion. Let me explain the “problem” and the reason for shortening the URL.
I am working on a project with an internal area. In this password protected (with CNC password protection) area there is a special script for the “generation” of an assignment.
This assignment is printed. The problem is that the complete link (http://www.mydomain.tld/subdir/order.php?id=xx) of this assignment is shown on the printed document. The directory “subdir” is password-protected (as mentioned above), but to improve security I want to shorten the URL to http://www.mydomain.tld.

Using the link mydomain/?order=xx is a good step forward but the primary problem is “order=xx”.

I hope this explanation clarify the actual problem. My first thought was mod_rewrite, but after searching different forums I realized that mod_rewrite won’t solve this problem. But I’m not a specialist, don’t hesitate and correct me if I’m wrong!

Manfred

EDIT: Typo corrected ;)

The only way I can think of is to use sessions. You store the URL (eg. /subdir/order.php?id=xx) serverside in the session. When the user presents the token (cookie), you include the URL in your script (which could be /index.php).

Scrambling the URL won't work, because you'll simply be replacing one URL with another.

-Arthur

Interesting solution, but the full URL is still printed on the document, isn't it? The document is generated and printed by the same person.

Client A is generating the document. After that, client A prints the document and sends it to Client B. If i didn't misunderstood your suggestion, the full URL is only available for the owner of the cookie. This would be client A. The problem is, client A is printing the document.

I have found a possible solution for the problem. Working with frames. A mainframe and all files are opened in a different frame within the mainframe. Could this be the solution?

Manfred

the full URL is still printed on the document No, if you store the URL in the session and then redirect to a generic script (which could be /index.php (yourdomain.tld/), /subdir/index.php (yourdomain.tld/subdir/) or whatever) that generates the page, the user will never see the URL.
Of course you don't have store the actual URL in the session, it could be some other identifier.

If you use frames, the user will still be able to see the URL of the script that generated the document, even if it's a tiny bit less obvious.

[edit] didn't read your whole question - What will client A be sending to client B? A printout of the document? You are correct that the document will only be available on screen to the user with the cookie.

-Arthur

Ahhh! This sounds good and like a perfect solution. :yeah:

Manfred

For completeness - a description of how to handle sessions in PHP can be found here; http://www.php.net/session

-Arthur