I'm trying to analyse the packets sent by an application through WireShark and I came across this line:
POST /main.php/login/authkey HTTP/1.1
Question:
1. Is main.php a directory or a php file?
2. Is authkey a php file? Related to .htaccess?
Sorry if this question was asked before, but I don't know how to describe this to search with.
EDIT:
The response given is: HTTP/1.1 200 OK
Server is apache
It is impossible to authoritatively tell what the server does with any given URL, but the most likely answers are:
A PHP file
It is something which is interpreted by the code in main.php (via $_SERVER['PATH_INFO']).
What you see is the request. As the server can parse at anyway it wants (e.g.: redirect all requests to /index.asp) there is no answer to be given.
We can however guess a bit. Possibilies are that main.php is a script, that uses the '/login/authkey' url-part to start expecting a post for the functionality login (using an authkey perhaps?)
It can be that a .htaccess file either redirects the request to a file called main.php (seems likely from the name), or that it first redirects to some sort of index, that finds the part about main.php.
Technically, main.php can be a directory, too. From the request line alone, it can not be said at all. Same applies to authkey, it could be a PHP file as well. However only from request URI path alone, you actually can not say nothing but just speculate. Instead, you need to look into the server configuration and then look-up the files / directories on the server itself.
To make this more prominent: The response could be a 404. You're not providing any response information.
Apart from that, it's a common feature of the Apache webserver that requests with URI paths that contain a PHP file will get passed along to that PHP file.
Related
I'm trying to get the back end of an app that was built by someone else, and then taked down, up and running again. I have uploaded the unmodified back end sourcecode to a dev server (not the original server it was on).
In the app, the URL to access a certain API is as such:
[hostname]/controllers/api/user/profile
and when looking at the back end php code, under the api folder there is a user.php file, and in that php file there is a function called "profile", and there is one for every api end point.
now the only way I know of to do this is to have an .htaccess file that redirects a request to /controllers/user/profile to /controllers/user.php?action=profile, and have a big switch statement in user.php that calls the function corresponding to "action" parameter.
But the weird thing is that there is no .htaccess file in the the api folder. The only .htaccess file is in the absolute root of the folder containing all the server code, and that just says deny from all
is there any other way to set up a server to cause requests to .../folder/functionName to actually call a function within a php file, other than using .htaccess?
It can be done through a PHP redirect. It is described here in details: How to make a redirect in PHP?
Short version: How can I relocate to C:\Abyss Web Server\htdocs\database\pfs\max\files\public\sdf.png using header()?
Thorough version:
Currently I'm stuck with this piece of code:
header("Location: ".ROOT_URL."\database\pfs\\".$_GET["u"]."\\files\public\\".$c);
(Not completely in context, but it's not needed in this case, since I've managed to track the cause on my own).
$c is the filename, declared in context, and $_GET["u"] is the "owner's" name. ROOT_URL is defined as: define("ROOT_URL", "file://\Abyss%20Web%20Server\htdocs");, which simply is the path to the server directory (I've also tried with define("ROOT_URL", "C:/\Abyss%20Web%20Server\htdocs"); , but there's no luck there either). Anyways, with this, I want the user to be able of downloading uploaded files by $_GET["u"]. The problem is though, that I everytime get a 404 error... And, from experimenting a bit, I've come to the conclusion that the header() function isn't handling the redirect well.
Not sure why this is happening exactly, but I assume that it has something to do with file:// or c:/. My server is currently hosted locally, and therefore I need to use these methods instead (for so long). Answer would be highly appreciated, as I've been stuck with this for a while now...
If it is a local file system link, you need to prepend the file:// protocol prefix:
header('Location: file://C:\\path\\to\\file');
If you omit that, the client (browser) will interprete it as http://C:\\path\\to\\file
This is a beginner question; while Googling, I could not find the answer.
I understand that if I have a URL like this for a PHP page:
http://blah.tld/somearea/myfile.php?param1=foo¶m2=bar
That the page receiving the parameters foo and bar is myfile.php, but if I have a URL like this, what page is receiving the parameters:
http://blah.tld/somearea/?param1=foo¶m2=bar
Is it index.php under whatever /somearea is?
What actual program/file is called depends on the configuration of the web server. For example, in Apache, there's configuration parameter DirectoryIndex, which indicates what is called by default if no file is specified, for example,
DirectoryIndex index.php
will ensure that index.php is called in the above scenario. Moreover, this configuration can be set per directory so that in different directories different files/scripts will be invoked. Without knowing how the target server is configured, it is not possible to answer this question.
This is a server setting. For instance in Apache the setting is DirectoryIndex. Usually on a PHP server, the default is index.php.
If PHP is not installed, the default would be index.html or index.htm. On a ASP server the default would be default.aspx.
Yes in that case index.php will receive parameters.
It is the same file that is used when http://blah.tld/somearea/ is requested.
It may be index.php, or any other file. It may not be a file itself, but a function in a separate file if a framework is being used.
It is nothing but a re written URL using .htaccess so yes, you can and you've to fetch the GET params in the same way, so on index.php it will be
echo $_GET['param1'].' '.$_GET['param2']; //Will output foo bar
I am setting up a new website and currently if I go to mydomian/php/someScript.php it will execute the php script. How can I let the files that include this still include this but not let anyone else execute these scripts from the browser. Currently I have this in my .htaccess file:
deny from all
but when I visit the site a AJAX post request is made to a script in this folder and is getting back a 403 error.
Any ideas on how to achieve this are welcome.
====EDIT====
for clarity, some files in the php directory are requested by AJAX and I've now been made aware that these files cant have the desired permissions. However I would still like to put these permissions on the other files in this directory
Thanks
The best solution is to put them outside of the web root directory if at all possible, that way you can include them but the web server can't serve them, no configuration is required at all in this case.
EDIT: I noticed you want to allow access to the scripts by AJAX. There is no way of doing this as there's no way of telling the difference between an AJAX request or other types of HTTP request with any reliability.
You can still include those files from php, e.g. using include or require.
Calling it via AJAX is not different from calling it by entering the URL in the browser - i.e. you cannot block direct access but allow AJAX access.
I recently saw a website in which the url was formulated like this:
http://subdomain.domain.com/script/?var=value
I was wondering how to do this in IIS, and how he put a slash in between the script and the GET variables, and how he had the script with no extension in the first place. Any help?
There are many ways to do this; I'll describe the simplest.
script is a folder containing a file called Default.aspx (or whatever is configured as the Default Document in IIS)
Therefore, when IIS sees a request to script/, it will send the request to Default.aspx, which then reads the query string.
Lack of filename defaults to the "index" entry, probably default.asp[x] there.
The best way to do it is with a URL Rewriter, like IIRF, or the built-in URL Rewriting module that's included with IIS7 and later.