I have CGI-handled PHP server and basic authentication is not working since PHP_AUTH_USER returns empty string.
I've searched a lot and there was only one solution to this: using .htaccess rewriterule.
The problem is I can't edit .htaccess for some reasons. I want to know if there's a way to do the authentication without changing the htaccess file?
Related
I'm in the process of working on an error system for my site (i.e., if MySQL encounters an error, it sends them to an error page). I'm wondering, is it possible to use a "/" instead of "?err=" for a URL?
What I'd like to do is have people sent to the url "/error/404/" but display on page the content at url "/error?err=404". Is there a way to do this with HTAccess, or something of the sort?
My current way is with lots of files and iframes, and it gets really annoying when you have to update one tiny little thing.
Thanks!
What you are looking for is url rewriting. You can set it up using an .htaccess file, given that your installation of apache has mod_rewrite enabled (if not, check this question).
Here is a nice tutorial on how to do it.
Have a try with this:
RewriteEngine on
RewriteRule ^error/(\d+)$ error?err=$1 [L,QSA]
This should not end in a redirection loop, since this requires a trailing number in the URI.
Note that I removed your leading slashes from both the pattern and the result. .htaccess style files work on relative paths.
In general you should always prefer to place such rules inside your http servers host configuration instead of using .htaccess style files. Those files are notoriously error prone, hard to debug and the really slow the server down. They are only available as a last option for users who do not have access to the host configuration, for example when using a cheap hosting provider.
I am trying to write a content management system and have hit a snag while trying to develop seo friendly urls. I am using php to handle urls, however I have a problem when I try to get the REQUEST_URI for more than one depth level. I am trying to avoid using .htaccess to handle this, because I would like the system to be fairly easy to set up on IIS/nginx/etc also and do not want it to be apache dependent any more than is necessary.
I have in my htaccess file
FallbackResource index.php
and then in my php I have a class that handles the REQUEST_URI slug by checking to see if a record exists in the mysql database. This works fine if the request is something like
http://example.com/foo
however throws an internal server error if the request is
http://example.com/foo/bar
This seems to occur even if I have a completely blank index.php, so I suspect the answer must be at the htaccess level. How can I get my system to handle multiple REQUEST_URI depth levels? Do I need to use a mod rewrite regex or is there a less apache dependent solution?
My bad, I needed to change my .htaccess rule from
FallbackResource index.php
to
FallbackResource /index.php
The missing slash was causing the error. -.-
As I understand it, creating an htaccess file creates a scalability concern since every Apache request requires a lookup of things (as I understand it 4 file accesses).
Since I know exactly when my application needs to look up the "retty urls" - is there a way to just bypass having an .httaccess file and somehow look it up via a file access of my own?
Also, I am able to know before-hand, what the pretty url will look like. How can I do the masking most smoothly?
Here is an example:
I made a test page for all trees:
http://www.comehike.com/outdoors/trees/trees.php
And my application can know the pretty urls to create.
But I have a single tree.php file here:
http://www.comehike.com/outdoors/trees/tree.php?tree_id=24
How can I make it take the tree_id (for db lookup) and also look pretty like this:
http://www.comehike.com/outdoors/trees/oak-tree
ps - I am using php
to make any pretty url (like http://www.comehike.com/outdoors/trees/oak-tree), you have to tell apache what part of that url is your script (without *.php in it, how should apache know). "you have to tell apache" meaning you have to change the apache configuration - no way around this. you can do that via .htaccess (with the performance penalty you mention) or elsewhere.
what you can do to minimize changing the apache config is to set up just one main router (eg. http://www.comehike.com/outdoors) and let it handle all paths below it.
You shouldn't be too concerned with the overhead of using an .htaccess file. It won't have much of an effect on your server load.
As for your pretty URL scheme, you can look no further than StackOverflow! Notice the structure of this question's url. It looks like:
http://stackoverflow.com/questions/[ID]/[QUESTION]
The ID as you probably have guessed, is the unique ID given to every question on SO. The question that follows (your equivalent being the tree name) is simply dummy text. Try changing anything after the /4985258/ and retrying the address. It still sends you to this question. That's because the Mod Rewrite that SO uses ignores everything after the id.
In your case, I would suggest a URL structure like this:
http://www.comehike.com/outdoors/trees/24/oak-tree
Using the following htaccess mod_rewrite:
RewriteEngine On
RewriteRule ^/outdoors/trees/([0-9]+) /outdoors/trees/tree.php?tree_id=$1
This will match any URL that had an ID in it and send it off to the tree.php script. It's up to you to add the dummy title text to all your links.
EDIT
If you are truly concerned about the minute performance hit you'll take with an htaccess file, you can always move all the code from your htaccess files to your VirtualHost declaration and then declare AllowOverride None to prevent Apache from searching for htaccess files. You can usually find your virtual hosts in /etc/apache2/sites-available/default in Linux or C:\apache\conf\vhosts.conf in Windows.
I have made some changes to a clients website.
The client was continually being attacked using SQL injection, and at the moment the URL contains variables that the website needs (i.e. index.php?filenmae=home.php).
So after securing the site as best I could using mysql_real_escape_strings and stripslashes, I then came to do URL rewriting in Apache.
At the moment, the server the website is currently on doesn't support mod_rewrite (i've checked using phpinfo) and it's not a server belonging to us. Is there anything I can do in my .htaccess file that would enable mod_rewrite for this website?
If mod_rewrite is installed, you can configure it in your local .htaccess file.
Create a file called .htaccess in your site's root folder.
First line should be RewriteEngine On.
Second line should be RewriteBase /.
After that, put in your rewrite rules are required.
If it isn't installed, you're out of luck - no web host will install extra software on a shared hosting box just for one client.
Mick, the best solution for you is to change your code. I'm guessing that in your code you then include the filename specified, e.g.
include $_GET['filename'];
In short, there is no way using mod_rewrite that you can make this secure.
However, you can make it more secure very easily by checking that the filename is valid, e.g.
$valid_filenames = array('home.php', 'foo.php', 'bar.php', /* etc... */);
if (!in_array($_GET['filename'], $valid_filenames)) {
echo "Invalid request.";
exit;
}
include $_GET['filename'];
Just make sure that you validate the requested filename before including it and you'll be much better off.
No, you cannot dynamically load mod_rewrite. Most hosting providers have mod_rewrite enabled on Apache servers. If they do not, you could ask them for enabling it. Otherwise, if you really need mod_rewrite, consider switching hosting providers.
As an alternative, you can rewrite URL's in PHP.
$_SERVER['QUERY_STRING'] can be used for getting the part after the question mark (http://example.com/file.php?this_part).
Split it by your preferred parameter separator (e.g. /, ;) using explode('/', $_SERVER['QUERY_STRING'])
Loop through the values, and split those using a preferred value separator (e.g. '=', ':')
Overwrite $_GET with an empty array, and put the newly generated values in it.
Note: filter_input and related functions do not operate on $_GET. Thus, this method will not work for filter_input.
For Shared Hosting Server , It Really Work.
Create a file called .htaccess in your site's root folder.
First line should be RewriteEngine On.
Second line should be RewriteBase /.
After that, put in your rewrite rules are required.
Without a possibility to access .htaccess I find myself in a creative impasse. There is no mod_rewriting for me. Nevertheless, I want to be able to do the nice stuff like:
http://www.example.com/Blog/2009/12/10/
http://www.example.com/Title_Of_This_Page
What are my alternatives?
In respond to the answers:
I'm building with php5
I don't have access to .htaccess
http://www.example.com/index.php/Blog/ is a known technique but I don't prefer it. Is shows the php so to say.
How would I create extensionless PHP-files? Would this do the trick?
How much would using the custom 404 technique hurt performance?
If you've the permissions to set custom error documents for your server you could use this to redirect 404 requests.
E.g. for Apache (http://httpd.apache.org/docs/2.0/mod/core.html#errordocument)
ErrorDocument 404 /index.php
In the index.php you then can proceed your request by using data from the $_SERVER array.
You can also have urls like
http://domain.com/index.php/Blog/Hello_World
out of the box with PHP5. You can then read the URL parameters using
echo $_SERVER['PATH_INFO'];
Remember to validate/filter the PATH_INFO and all other request variables before using them in your application.
I know this question is very old but I didn't see anyone else suggest this possible solution...
You can get very close to what you want just by adding a question mark after the domain part of the URL, ie;
http://www.example.com/?Blog/2009/12/10/
http://www.example.com/?Title_Of_This_Page
Both of the above HTTP requests will now be handled by the same PHP script;
www.example.com/index.php
and in the index.php script, $_SERVER['REQUEST_URI'] for the two pages above will be respectively;
Blog/2009/12/10/
Title_Of_This_Page
so you can handle them however you want.
A quite simple way is to:
declare a 404 ErrorDocument (e.g. PHP) in .htaccess
parse the query using $_SERVER and see if it corresponds to any result
if so replace the HTTP status 404 with status 200 using header() and include index.php
If you omit a trailing slash, Apache will serve the first file [alphabetically] which matches that name, regardless of the extension, at least on the 2 servers I have access to.
I don't know how you might use this to solve your problem, but it may be useful at some point.
For example if
http://www.somesite.com/abc.html and http://www.somesite.com/abc.php both exist and http://www.somesite.com/abc is requested, http://www.somesite.com/abc.html will be served.
The only way is to use custom 404 page. You have no possibility to interpret extensionless files with PHP interpreter without reconfiguring the web server's MIME-types. But you say that you can't edit even .htaccess, so there's no other way.
You can write a URI class which parses the user-friendly URL you defined.
If the MultiViews option is enabled or you can convince whoever holds the keys to enable it, you can make a script called Blog.php that will be passed requests to example.com/Blog/foo and get '/foo' in the $_SERVER['PATH_INFO'].