I can't wrap my head around this, and it is SO frustrating. I have no idea how I'd be solving my problem.
I use sockets to connect with my NodeJS server, and I use PHP for routing people to the correct pages. When I route someone to the admin page I check if he is allowed to continue, if so I'll redirect him, if not I won't. Now here's the issue, people can just go to mywebsite.com/browser/admin.html and read everything that's in the admin panel (just the layout and stuff). I don't want people to be able and visit my admin panel to see what admins can do and can't do.
Can I do this in any way? E.g. only show the admin panel if they have a certain rank; if they don't have that rank they WILL NEVER be able to visit the admin panel. I'd like to hide the html files and other files somehow.
Routing - .htaccess
RewriteEngine on
RewriteRule ^/browser/admin.html$ index.php?page=admin [L,NC,QSA]
RewriteCond %{DOCUMENT_ROOT} !-f
RewriteRule ^(\w+)$ index.php?page=$1 [L,NC,QSA]
RewriteRule ^(\w+)+\/$ index.php?page=$1 [L,NC,QSA]
Routing - index.php
function route(){
global $db;
global $user;
$page = $_GET['page'];
if(!isset($page)) {
header('Location: /home');
}
if($page === 'home'){
loadWebpage('index.html', array());
}else if($page === 'admin'){
if($user['rank'] !== 'admin'){ /* This works but people can still access the files since they are loaded on the frontend with myexample.com/browser/admin.html */
echo 'Access denied.';
return;
}
loadWebpage('admin.html', array())
}
}
route();
I'm sorry if I haven't explained it well, but I hope you understand what I mean; I find it difficult to explain the things I want. I appreciate the help.
I believe there are plenty of ways to go about what you're trying to achieve, but I'll just explain one way of "access-protecting" a certain file.
Create a file in your directory, admin.php. Here, just have some basic code like this:
<?php
$accessKey = $_POST['accessKey'];
if ($accessKey == "MyVeryAwesomeAccessKeyThatNobodyKnows") //Change this to whatever you want
{
?>
<b>This info will only be shown if you're an admin!</b>
<?php
}
else
echo("Invalid access key.<br>");
?>
This code basically checks if the correct access key was sent in, and only if it was, will it load your protected file.
And then, wherever you have to access the admin page, you can put a form or something there like this:
<form method="POST" action="admin.php">
<input name="accessKey" type="password" />
<input type="submit" value="Load Admin Site" />
</form>
The user has to enter in the administrator access key to be granted permission into the protected information page. This way is a bit hackish, but it gets the job done!
Related
I have the following file/folder structure for my site:
index.php
games.php
/category-games
/category-games/game-1.php
/category-games/game-2.php
The file games.php is supposed to be a category homepage for /category-games/. Is there any way to make this page show when someone visits mysite.com/category-games/? I tried to put the page into the folder and called it index.php but I guess that's not working.
Probably need to do this via .htaccess. Anyone can help me with this? Right now if anyone tries to access mysite.com/category-games/its going straight to 404.
Cheers!
Case 1: If /category-games/ has no .htaccess then place this rule in root .htaccess:
RewriteEngine On
RewriteRule ^category-games/$ games.php [L,NC]
Case 2: If there is a .htaccess inside /category-games/ then use this rule
RewriteEngine On
RewriteRule ^/?$ /games.php [L]
Well, if you are thinking about in a organize and systematic coding, then I would like to suggest you to use PHP Routing library. There are many ready mate routing classes available. If you want to use that, surely it will help you to make your code more organized way.
For example, if you want to access mysite.com/category-games/, behind the scene, routing will trigger your corresponding page.
Following code will try to access mysite.com/category-games folder but it will trigger out your-page.php file where user can see only mysite.com/category-games url, nothing else.
$router->any('/category-games', function(){
return 'your-page.php';
});
Isn't cool?
The list of routing library are-
https://github.com/chriso/klein.php
https://github.com/nikic/FastRoute
Hope, will help you to do your project. TQ
Try making a new page called index.html under /category-games/ with the following contents:
<meta http-equiv="refresh" content="1;url=http://yoursite.com/category-games/games.php">
That would make index.html load by default but instantly redirect to games.php. The 1 is for how long to wait before redirecting. 1 is best so it doesn't overload your browser.
Toodles!
-HewwoCraziness
I was wondering if it was possible to force users to access my website from the homepage only.
For example, if the user enters the address mysite.com/subdirectory (which a valid directory) I want them to be redirected to mysite.com/index.html . From there the can navigate to /subdirectory with the hyperlinks on the homepage.
Thanks in advance!
As all you want to do is to ensure your users see some advertising, and you're currently using the standard Apache directory listing, I'd simply substitute a PHP script (as index.php in each subdirectory) that lists the files in a similar way, but inside an HTML page that you can customise with your advertising. Something along these lines, perhaps, where I've adapted this answer and wrapped it in a web page:
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Download Page Example</title>
</head>
<body>
<h1>Download Page Example</h1>
<p>Here's some advertising.</p>
<ul class="file-list">
<?php
// Iterate all files in this directory
$dir = new DirectoryIterator(dirname(__FILE__));
foreach ($dir as $fileinfo) {
$filename = $fileinfo->getFilename();
// If it's not a hidden "dot file"
if (!fnmatch('.*', $filename)) {
// And put it on the list as a link, encoding the
// filename as a url path safely in the achor attribute
// and as HTML in the text.
echo '<li>' . htmlentities($filename) . '</li>';
}
}
?>
</ul>
</body>
</html>
You could use a $_SESSION variable defined in the homepage and check in other parts of the website if it is defined. If it's not redirect to your homepage.
For example, your homepage could be:
session_start();
if (!isset($_SESSION['homepage']){
$_SESSION['homepage'] = true;
}
// Your homepage code
and any other page should start with:
session_start():
if(!isset($_SESSION['homepage'] || $_SESSION['homepage'] != true){
header("Location: index.php");
}
Anyway, I can't understand why you would want to do this and I think it should be a proper way of doing what you desire without forcing the user to do this.
One method is to require a POST request to access each subpage. If the user accesses the page directly, it will be a GET request instead. On your home page, do something like this for each link:
<form method=post action="/subdirectory">
<input type=submit value="My stuff">
</form>
(You can use client-side JavaScript to re-work those buttons into links which activate the forms, if desired.)
Then on each subpage:
<?php
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
header('Location: /');
die();
}
you should be able to do this using apache's mod_rewrite
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
put this in an .htaccess file in your main directory
I am having a severe problem and have no clue about what is going on... I will specify the general issue which is causing multiple issues on this Wordpress powered portal.
Steps to reproduce:
Visit the URL: http://gamersgeographic.com/en/ (or any post on this site)
Append #abc or #anything to the URL
The URL tries to resolve for a second and magically deletes the "#" and instead changes to /abc or /anything , which of course does not exist and gives a 404 page not found.
Even if the local anchor with #abc exists, behaviour is the same.
Now, consider the case below:
Visit http://gamersgeographic.com/monster-hunter-diary-1/
Comment link appends a #comments or #respond depending on whether a comment is there or not.
Both the anchors exist on the single post page
Still it redirects after finding them, to /comments and gives 404
Direct URL with #comments works e.g. http://gamersgeographic.com/monster-hunter-diary-1/#comments works but when I change any base URL to #comments, it redirects to 404...
I have tried several combinations with Permalinks, so it is not a problem with that. I even wrote my own Comment link generator in php with just a plain
href="#comments"
but still no luck...
If you need any further information about any function's code in theloop.php or anything please let me know.
Thanks in advance !
Regards
The contents of .htaccess are as below:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
This is not a PHP issue, it is Javascript: it is evident when you reproduce it, and you can test it by disabling Javascript and adding #comments at the end of the URL; it will work.
Now, I have done some work for you, and the culprit is a Javascript file aptly named hashchange.js. Look, for example, at this line:
function second_passed() {
if(current_page!=location.href {
get_page_by_hash(location.href);
}
setTimeout(second_passed,1000);
}
Which explains why you see it “working” for a second.
And here is the redirect:
jQuery(window).hashchange(function() {
var link = window.location.hash.replace("#", "");
get_page_by_hash(link)
});
Note that hashchange is a method for event handling available in jQuery Mobile.
<link rel="canonical" href="URL OF YOUR HOMEPAGE HERE>
add this in your header.php in <head></head> section and then try . it shouldn't be giving 404 error !
The way that page bookmarks are used is, as you know, the href="" of an anchor points to an #some-place. In order for this to happen #some-place must be the id of the element within the page you wish to go to.
For example:
http://gamersgeographic.com/monster-hunter-diary-1/#respond
should take you to the element with id="respond" in that page.
If the element with that ID doesn't exist you won't be able to travel to it, and may be the reason it results in a 404 Not Found. However, if the element does indeed exist on the page with the proper ID and it still redirects to a 404 then you may want to check your web server configuration to make sure it isn't filtering the # in some way.
I have the folowing htaccess file:
RewriteEngine on
RewriteRule ^(.*)-(.*)-(.*)$ index.php?page=$1&id=$2&im=$3
And inside the php page I have:
href="home-46-126" //Contact Us
href="home-38-129" //News
I want to know how the redirection done?
What is the function that did this redirection ?
How Does the website know where to go if the user clicks on "Contact Us" ?
It isn't htaccess function, htaccess just parse "home-46-126", and redirect to index.php with these values.
If you want to work later with these values, you have to type it in PHP script.
<?php
$_GET["page"]; // including "home"
$_GET["id"]; // including "46"
$_GET["im"]; // including "126"
?>
Then you have to put these values to database or somethink, where you find out, that this ID and IM is page with Contact Us
My present htaccess file contains mod_rewrite rules to perform this:
www.mysite.com/articles/jkr/harrypotter --> www.mysite.com/index.php?p=articles&author=jkr&book=harrypotter
www.mysite.com/articles/jkr --> www.mysite.com/index.php?p=articles&author=jkr
www.mysite.com/articles --> www.mysite.com/index.php?p=articles
In my root directory, I have some PHP files like: index.php, pre.php, view.php, etc.
What I want: block direct access to php files.
Eg:
www.mysite.com/index.php --> "404 - Page Not Found" or "File not exist"
www.mysite.com/view.php --> "404 - Page Not Found" or "File not exist"
I have tried a code that I found on searching. It uses "f" flag. But i did not understand it. When I used it do not show the home page also. So, I removed everything that I was testing. My htaccess file now contains three rules only(to accept page, author, book).
Please help.
I saw another question that was previous asked in here : mod_rewrite error 404 if .php
A change that I made to it is, added [NC] flag. Otherwise, if we put the uppercase letter in extension(say, "index.PHP") it will load.
So,
SOLUTION:
RewriteCond %{THE_REQUEST} \.php[\ /?].*HTTP/ [NC]
RewriteRule ^.*$ - [R=404,L]
thank you
Create a simple 404.php that throws a 404 error, then rewrite index.php to 404.php etc.
You can also do this at your script level. If you add a rule within your index.php to check whether you have been passed GET variables or just called the page without any parameters like so:
<?
if(empty($_GET))
header('Location: http://www.yoursite.com/404.php');
else
//your usual script
?>
Then you have control to either redirect people to a 404 error or show something more helpful, like a landing page with an index or some form of website navigation.