Yii2 PrettyUrl and ScriptName - php

here is what i did
in web.php
'request' => [
'parsers' => [
'application/json' => 'yii\web\JsonParser',
]
],
'urlManager' => [
'enablePrettyUrl' => true,
'enableStrictParsing' => false,
'showScriptName' => false,
'rules' => [
],
],
.htaccess
RewriteEngine on
# If a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Otherwise forward it to index.php
RewriteRule . index.php
in browser, if the link
http://localhost:8888/site/web/
it will show data in site index but if I dive inside pages, it will show nothing,
if i added index.php the pages work and shows the data , but there is another problem
in some pages I have uploaded images and save there path in db like this:
upload//63b521df1b0e0.jpg
it shows nothing because the link become like this :
http://localhost:8888/site/web/index.php/listing/upload//63b521df27bf0.jpg
and it should be :
http://localhost:8888/site/web/upload//63b521df27bf0.jpg
so what i missed ?

if you need http://localhost:8888/site/web/upload//63b521df27bf0.jpg you must contruct url as follows:
'https://'.$_SERVER['HTTP_HOST'].'/site/web/'.$model->image_path;
in your version you use the relative path, but I suggest to use absolute path.

Related

Change the url in Wordpress admin bar

I need to change the link at wordpress admin bar. I want the Link of Database (ie. /wp-admin/) to /wp-admin/index.php
What I try:
I try changing the link [admin_url() to admin_url('index.php') at /wp-includes/admin-bar.php
.
.
// We're on the front end, link to the Dashboard.
$wp_admin_bar->add_menu( array(
'parent' => 'site-name',
'id' => 'dashboard',
'title' => __( 'Dashboard' ),
'href' => admin_url('index.php'), // 'href' => admin_url(),
) );
.
.
This did not work. How could I do it?
I need to go to /wp-admin/index.php as it says redirect loops on /wp-admin/
Maybe you should rather fix your redirect loop problem before is escalates? I've often seen that happen when FORCE_SSL_ADMIN was on but the Site didn't understand it was being requested via SSL ($_SERVER["HTTPS"] doesn't exist or isn't "on").
However, you could also circumvent that redirect loop by adding
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/$ /wp-admin/index.php [R=302,L]
in your .htaccess before the WP-rules.

Deny directory and file access with both htaccess and PHP

I'm currently working on a web project for a gaming group, and I'm trying to test myself and expand my general knowledge and toolbox. One of the features I'm working on requires me to "clean" the URL of a requested file. I have the system in place, and it works beautifully. Now, in order for my website to work 'flawlessly', I need to deny access to certain folders, and all files within, through htaccess. But there's a slight catch... It needs to operate without the user even realising.
My file structure, preferred access method, path, and status, are as follows:
rogue {allow} {direct} {%domain%/dashboard/} {200}
css {deny} {direct} {%domain%/css/} {403}
js {deny} {direct} {%domain%/js/} {403}
fonts {deny} {direct} {%domain%/fonts/} {403}
files {deny} {direct} {%domain%/files/} {403}
image {deny} {direct} {%domain%/image/} {403}
includes {deny} {direct} {%domain%/includes/} {403}
php {deny} {direct} {%domain%/php/} {403}
index.php {allow} {direct} {%domain%/dashboard/} {200}
html_footer.php {deny} {direct} {%domain%/dashboard/} {404}
html_header.php {deny} {direct} {%domain%/dashboard/} {404}
.htaccess {deny} {direct} {%domain%/dashboard/} {403}
The above list is actually an example of how I'd like the website to operate... The index.php file controls the requested 'files' and displays them accordingly. For example, %domain%/get-in-touch/ would display the contact.php file within the %domain%/includes/ directory. Calling index.php directly displays the same as %domain%/dashboard/.
The following code is from my .htaccess file.
Please, ignore the # NN snippets. These are for your benefit to reduce the need for me to add code snippets. I suppose it would help you, too... You could directly reference the line numbers should you need to.
DirectoryIndex index.php # 01
Options All +FollowSymlinks -Indexes # 02
# 03
<IfModule mod_rewrite.c> # 04
RewriteEngine On # 05
#RewriteBase /rogue/ # 06
# 07
RewriteCond %{REQUEST_FILENAME} !-d # 08
RewriteCond %{REQUEST_FILENAME} !-f # 09
RewriteRule ^(.*?)$ index.php [QSA,L] # 10
# 11
RewriteCond %{REQUEST_FILENAME} -d # 12
RewriteRule ^(.*?)(js|image|css|includes|php|files)(.*)$ index.php [QSA,L] # 13
</IfModule> # 14
I commented out line 06 as the system didn't seem to need it, but I kept it for my own reference and in the off chance that I may need it later. Lines 08 through 10 control redirection to index.php when a file or a directory doesn't exist, and then the responding file controls the rest. The folders css/js/fonts/image/includes/php all exist, so lines 12 and 13 prevent access to them and redirect to index.php where the array of 'directories' can be located and the relevant files can be selected for inclusion. An example of the array is included at the bottom of the post. Lines 12 and 13 can be moved above line 08 and there would be no change, but removing them from the file causes a default 403 Forbidden error to fire.
Removing lines 08, 09, 12 and 13 causes the page to break by loading the files located in the image, files and fonts directories as MIME type text/html, however, the files within any other directories are seemingly unaffected.
Lines 12 and 13 perform as required, until you request access to a file within those directories. The file is displayed, and all of my secrecy is exposed to the world. As a result, certain files that have a great deal of importance are shown to the users. I want to prevent anybody from accessing the files within any folder I choose to deny access to, and have it redirect them to index.php and show a 403. I've attempted it by adding RewriteCond %{REQUEST_FILENAME} -f between lines 12 and 13, but the page shows as broken and fails to load resources.
NOTE: I had to remove -Indexes from line 02 as file requests from JavaScript files would be denied, doing this has also prevented lines 12 and 13 from doing as they were intended, regardless of their placement.
Directory Array [PHP]
$_INCDIRECTORY = 'includes/';
$_PATHINCLUDES = array(
'dashboard' => array(
'allow' => true,
'path' => $_INCDIRECTORY.'dashboard.php',
// The following must remain FALSE; This value will be changed 'on-the-fly';
'exists' => false,
),
'news' => array(
'allow' => true,
'path' => $_INCDIRECTORY.'news.php',
// The following must remain FALSE; This value will be changed 'on-the-fly';
'exists' => false,
),
'search' => array(
'allow' => true,
'path' => $_INCDIRECTORY.'search.php',
// The following must remain FALSE; This value will be changed 'on-the-fly';
'exists' => false,
),
// Excluded/Denied directories;
'css' => array(
'allow' => false,
'path' => 'css/',
// The following must remain FALSE; This value will be changed 'on-the-fly';
'exists' => false,
),
// Error pages;
'403' => array(
'allow' => true,
'path' => $_INCDIRECTORY.'errors/403.php',
// The following must remain FALSE; This value will be changed 'on-the-fly';
'exists' => false,
),
'404' => array(
'allow' => true,
'path' => $_INCDIRECTORY.'errors/404.php',
// The following must remain FALSE; This value will be changed 'on-the-fly';
'exists' => false,
),
);
After spending a while searching for a solution, and the usual trial and error attempts at solving it, I have come up with a solution that works exactly how I want it to. It seemed more fitting to answer my own question for reference to anybody who should come across the same issue.
The following code rests within the .htaccess file at the root directory of your website. A description of what each line does follows after the snippet.
The .htaccess Trickery
DirectoryIndex index.php
Options +FollowSymlinks -Indexes
<IfModule mod_rewrite.c>
# Enable mod_rewrite;
RewriteEngine On
# Detect if SSL Module is enabled;
<IfModule mod_ssl.c>
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L]
</IfModule>
# Check if the directory exists;
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{HTTP_REFERER} !^((((https|http)://([w]{3}\.)?)([a-z0-9\.]+)/).*)$ [NC]
RewriteRule ^(.*?)(js|image|css|includes|php|files)(.*)$ index.php [L]
# Check if the file exists;
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{HTTP_REFERER} !^((((https|http)://([w]{3}\.)?)([a-z0-9\.]+)/).*)$ [NC]
RewriteRule ^(.*?)(js|image|css|includes|php|files)(.*)$ index.php [L]
# Redirect to 'index.php', regardless of the request;
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*?)$ index.php [QSA,L]
</IfModule>
DirectoryIndex index.php defines the primary 'homepage' of the website to index.php, this is not a requirement but it may be good practice to use this should your web-host change the default settings for Apache to use a different default index.
Options +FollowSymlinks -Indexes does the following: +FollowSymlinks allows Apache to 'follow symbolic links', and -Indexes prevents any subfolders from being listed should an index.{ext} be missing. NOTE: Removing All from the previous configuration prevented script calls from being included within the exclusion, allowing all AJAX functionality.
<IfModule mod_rewrite.c> ... </IfModule> allows the basis of the htaccess file to function without the Rewrite Module being enabled within your Apache config.
RewriteEngine On enables the Rewrite Engine. Setting the value to Off disables this feature, and none of the underlying code will operate.
<IfModule mod_ssl.c> ... </IfModule> allows the contained code to function, providing the Apache installation includes, and uses, the SSL Module.
RewriteCond %{HTTPS} off then checks to see if %{HTTPS} is being used by the request, and then RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L] permanently redirects the user to an SSL enabled URI. %{HTTP_HOST}%{REQUEST_URI} simply allows the same functionality over multiple websites without the need of a reconfiguration.
RewriteCond %{REQUEST_FILENAME} -d checks to see if the requested directory exists, RewriteCond %{HTTP_REFERER} !^((((https|http)://([w]{3}\.)?)([a-z0-9\.]+)/).*)$ [NC] then checks to see if the referrer was NOT requesting a full URL, basically a domain name. The RegEx following RewriteCond checks to see if the request uses http or https, optionally uses www. and then checks the rest of the URL. Then RewriteRule ^(.*?)(js|image|css|includes|php|files)(.*)$ index.php [L] checks to see if any of the folders requested were included within the RegEx and then redirects to index.php where the PHP code will handle the tricky stuff. NOTE: See this post for reference.
Following the same course as the above code, RewriteCond %{REQUEST_FILENAME} -f does the same. But handles file requests, should they exist. NOTE: Again, see this post for reference.
RewriteCond %{REQUEST_FILENAME} !-d and RewriteCond %{REQUEST_FILENAME} !-f check to see whether the requested file were a directory or a file and whether they existed, or not, and then RewriteRule ^(.*?)$ index.php [QSA,L] redirected the entire request to the index.php where the request would be correctly handled by PHP. NOTE: To those who didn't already know this, the ! character can be used in most cases as a shorthand for not. NOTE: See this page for a mod_rewrite variables cheatsheet. And this tool for RegEx testing.
The PHP Magic
Following the post, found here, to create your PHP file and then use the .htaccess config from within this answer would seemingly work perfectly, and provide the majority of the functionality that you may request. Severe modifications to the index have been made in my case, the more important ones are displayed below.
switch( $path_info['call_parts'][0] ) {
case 'about-us':
include 'about.php';
break;
case 'users':
include 'users.php';
break;
case 'news':
include 'news.php';
break;
case 'products':
include 'products.php';
break;
default:
include 'front.php';
break;
}
The above code can be changed to create a cleaner environment and an easier to understand configuration. Since some of the website functionality can be controlled by the requested files, changing the code to a more suitable alternative would be advised.
For example: All of your requests can be added to an array that contains a few variables based on the request.
$_INCDIRECTORY = 'includes/';
$_PATHINCLUDES = array(
'dashboard' => array(
'allow' => true,
'path' => $_INCDIRECTORY.'dashboard.php',
// The following must remain FALSE; This value will be changed 'on-the-fly';
'exists' => false,
),
'news' => array(
'allow' => true,
'path' => $_INCDIRECTORY.'news.php',
// The following must remain FALSE; This value will be changed 'on-the-fly';
'exists' => false,
),
'search' => array(
'allow' => true,
'path' => $_INCDIRECTORY.'search.php',
// The following must remain FALSE; This value will be changed 'on-the-fly';
'exists' => false,
),
'register' => array(
'allow' => true,
'path' => $_INCDIRECTORY.'register.php',
// The following must remain FALSE; This value will be changed 'on-the-fly';
'exists' => false,
),
####################################
## DENIED PAGES/DIRECTORIES ########
####################################
'css' => array(
'allow' => false,
'path' => 'css/',
// The following must remain FALSE; This value will be changed 'on-the-fly';
'exists' => false,
),
'files' => array(
'allow' => false,
'path' => 'files/',
// The following must remain FALSE; This value will be changed 'on-the-fly';
'exists' => false,
),
####################################
## ERROR PAGES #####################
####################################
'403' => array(
'allow' => true,
'path' => $_INCDIRECTORY.'errors/403.php',
// The following must remain FALSE; This value will be changed 'on-the-fly';
'exists' => false,
),
'404' => array(
'allow' => true,
'path' => $_INCDIRECTORY.'errors/404.php',
// The following must remain FALSE; This value will be changed 'on-the-fly';
'exists' => false,
),
);
The initial array contains a list of each file, or directory, of the request. Each sub-array then contains request-specific variables that control the inclusion script later on. 'allow' defines whether the user is allowed to view the request. true would display the page, and false would display a 403 error. 'path' defines the file that is requested by the script, the file is checked by another snippet to see if it actually exists before being displayed when everything is green. 'exists' is always false at the beginning of the request, the following changes that.
foreach( $_PATHINCLUDES as $key => &$value ) {
## Check to see if browsing the 'directory' is allowed
## before checking to see if the 'directory' exists;
if( $value['allow'] == true ) {
## Browsing is allowed, check if 'directory'
## actually exists and set 'exists' to '=1';
if( file_exists( $value['path'] ) == true ) {
## Set the value 'exists' to 'true';
$value['exists'] = true;
};
} else {
## Browsing the 'directory' is not allowed,
## so the response should be a '403';
};
};
unset( $value );
The above code handles the array and sets 'exists' to true or false accordingly. Providing the 'allow' variable is true. There is no point in checking a folder/file the user can't access when its existence doesn't matter. .. as $key => &$value .. allows the value of the array to be changed within the foreach( .. ) loop, unset( $value ); removes the variable from being accessed by anything after the loop. NOTE: See this post for reference.
To prevent any nasty PHP errors, such as requested offset [N] not set, etc... Use the following code. This checks that the variable actually exists before attempting to use it, if it doesn't exist, then it uses a predefined value.
$_CALL_PART = isset( $path_info['call_parts'][0] ) ? $path_info['call_parts'][0] : 'dashboard';
$_REQUESTED = isset( $_PATHINCLUDES[ $_CALL_PART ] ) ? $_PATHINCLUDES[ $_CALL_PART ] : $_PATHINCLUDES['404'];
The final code snippet controls the behavior of the included file.
## Check to see if access to the file is
## allowed before doing anything else;
if( $_REQUESTED['allow'] == true ) {
## The file can be browsed to, so check if it exists;
if( $_REQUESTED['exists'] == true ) {
## The file exists, so include it;
include( $_REQUESTED['path'] );
} else {
## The file does not exist, so display a 404 page;
if( $_PATHINCLUDES['404']['exists'] == true ) {
## Check to ensure the file exists before including it;
## This prevents an error;
include( $_PATHINCLUDES['404']['path'] );
} else {
## The file does not exist, so simply display a message;
echo '<h1>404 - File Not Found: No ErrorDocument supplied</h1>';
};
};
} else {
## The file cannot be browsed to, so display a 403;
if( $_PATHINCLUDES['403']['exists'] == true ) {
## Check to ensure the file exists before including it;
## This prevents an error;
include( $_PATHINCLUDES['403']['path'] );
} else {
## The file does not exist, so simply display a message;
echo '<h1>403 - Forbidden: No ErrorDocument supplied</h1>';
};
};
if( $_REQUESTED['allow'] == true ) { ... } else { ... } checks to see whether the request is allowed. If so, the next section of the script can be executed. if( $_REQUESTED['exists'] == true ) { ... } else { ... } checks whether the requested file exists. If so, the script executes include( $_REQUESTED['path'] ); which displays the page. Otherwise, the script then returns a 404 which is subsequently checked in the same manner, excluding the allow parameter, and then displays it. If the prior if( .. ) statement was to return true, then the 403 error would be checked and displayed if the exists parameter returned as true. If neither the 403 and the 404 pages could be found, then the script would show a basic error response.

Clean URL using .htaccess in PHP pages

Hi i have a site called finittra.com all menu's are dynamically linked with the page. I tried to make the site as like as a CMS. If i click on the about menu the url shows that http://www.finittra.com/?page=about & if i click on the contact page the url shows site url /?page=contact but i want that i would like to show everything within the finittra.com/finittra/ as like as a folder or canonical link type which is search engine optimization url friendly. Please anybody here to help me?
You might want to rewrite your URLs using .htaccess. You can use this mod-rewrite generator: http://www.generateit.net/mod-rewrite
Example:
RewriteEngine On
RewriteRule ^([^/]*)$ /?page=$1 [L]
But a proper & organized way would be using a Router, try Aura.Router
Example usage:
$routes = [
[
"name" => "My_route",
"pattern" => "/{page}",
],
[
"name" => "Another_route",
"pattern" => "/pages/{page}",
]
];
This is your routes array, the router will go through all routes and check if the given request url matches any of them.
$factory = new RouterFactory;
$router = $factory->newInstance();
foreach ($routes as $route) {
$router->add($route['name'], $route['pattern']);
}
$path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$match = $router->match($path, $_SERVER);
if ($match) {
$params = $match->params;
echo $params['page'];
}
URL to echo the page param: http://www.finittra.com/about
You will need to do the same as get for POST requests, but instead u'll need to add them manually to the url path. Atleast how I do it.
I'd try something like
RewriteEngine On
RewriteRule ^([a-zA-Z]+)/?$ index.php?page=$1 [L,NC,QSA]
This rewrites every finittra.com/xyz/ (which will be visible) to finittra.com/?page=xyz.
If you want your pages to have different names, you'll have to do that manually, I guess.
RewriteEngine On
RewriteRule ^finittra/?$ index.php?page=contact [L,NC,QSA]
Also, you have to adjust the links on your website
you must use .htaccess file in your project ,like :
.htaccess :
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^user/(\d+)*$ ./page.php?id=$1
If url request equl : http://www.finittra.com/user/123
Load :page.php?id=123

How to create absolute url on Yii https?

I am creating a website which runs on https.. But when i create absolute url using
echo Yii::app()->createAbsoluteUrl('site/index');
it always return http://mydomainname.com/site/index.
my expected output is https://mydomainname.com/site/index.
How can i create a url with https ?
Try this
Yii::app()->createAbsoluteUrl('site/index', array(), 'https');
Edit .htaccess file in your project folder and add these lines.It will Redirect all http traffic to https.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://mydomainname.com/$1 [R,L]
Try to change host
'components' => array(
...
'request' => array(
'HostInfo' => 'https://mydomainname.com',
),
...
),
The "single shot" way is to set https:// in the baseUrl parameter from the configuration:
...
'components' => array(
...
'request' => array(
'baseUrl' => ' https://mydomainname.com/site',
),
...
),
You're best off creating a custom UrlManager implementation as described here:
http://www.yiiframework.com/wiki/407/url-management-for-websites-with-secure-and-nonsecure-pages
The benefit is that your users won't have to suffer through needless double redirects every time you have a genuine redirect.

static URL Rewriting the subdir

i already shearch, and i never found this that i am asking, soo i want to know if it is even possible... or not ...
I am testing this in IPB.Board 3.4.5, with the app IP.Downloads.
I have this static url in my site that users can acess to download one file:
mysite.com/files/file/2-filename.txt
The original dynamic url is something like:
.../?app=downloads&showfile=2
The change of the url is made by that app (IP.Downloads)...
i want to change it to url:
mysite.com/text/2-filename.txt
so when the user insert in browser
1 mysite.com/text/2-filename.txt
they see the file
2 mysite.com/files/file/2-filename.txt
they are rewrite to mysite.com/text/2-filename.txt
and see the file.
How can i do that? change from ( /files/file/ ) to ( /text/ ) ...
that can be made by .htaccess or i have to change the app files? or is impossible?
::UPDATE::
I have done it! without .htaccess , i change the core files that rewrite the url...
see the Answer below ...
Thanks for any help.
Add this to your .htaccess in your web root / directory
RewriteEngine on
RewriteBase /
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/+files/file/([^?\s]+) [NC]
RewriteRule ^ /text/%1 [R=301,L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/+text/ [NC]
RewriteRule ^ /files/file/%1
I made it by changing the core files ... it is more simple for me, so i use this way.
thanks #ravi-thapliyal for trying to help making this by .htaccess, but i prefer this way ...
First open this file:
{forum-root}/admin/applications_addon/ips/downloads/extensions
Edit this code ['idmshowfile'] in the $_SEOTEMPLATES = array
This will tell the server that when the user go to (myserver.com/text/) they want to see the file...
'idmshowfile' => array(
'app' => 'downloads',
'allowRedirect' => 1,
'out' => array( '/app=downloads(&|&)showfile=(.+?)(&|$)/i', 'text/$2-#{__title__}/$3' ),
'in' => array(
'regex' => "#/text/(\d+?)-#i",
'matches' => array(
array( 'app' , 'downloads' ),
array( 'showfile' , '$1' ))
)
),
And add this code to $_SEOTEMPLATES = array, in any position ...
this will tell to server that if the user go to (myserver.com/files/file/) they will be rewrite the url (myserver.com/text/) , and see the file.
'idmshowfile2' => array(
'app' => 'downloads',
'allowRedirect' => 1,
'out' => array( '/app=downloads(&|&)showfile=(.+?)(&|$)/i', 'text/$2-#{__title__}/$3' ),
'in' => array(
'regex' => "#/files/file/(\d+?)-#i",
'matches' => array(
array( 'app' , 'downloads' ),
array( 'showfile' , '$1' ))
)
),
You can add as many rewrites as you want to the Forum, and create nice and friendly SEO URL.
Of course i know that this file can be overwrite in future updates of the app, soo i will make backup, and if possibel create an hook or app to make this (... if possibel).

Categories