Ok, so I have set the .htaccess like so:
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^/]+)$ index.php
so as you can see I'm parsing everything to index except files because I need to "include" the php files and also displaying of images.
If users will type for example www.site.com/login.php that will show the login php page.
How do I prevent access to the php pages but also allow to "include" them?
Move them outside of your document root. They can be safely included from there but not accessed over the web.
If I understand the question do you want to not allow the user to go to other files if not logged in ? If so you can use php sessions to set a variable that they are logged in otherwise redirect to index
(If I understand the question)
If you wanna go that route (the outside webroot advise is the correct one!) then you could use a rule like that (see regex negative lookahead):
RewriteRule ^(?!index).+\.php$ - [F]
That's sloppy in that would allow index2.php or indexdir/xyz.php still; it just pevents anything that's not index*.php from being accessed. Make sure to also disallow .cgi or .phtml or .tpl if need be.
Related
All the links in the website are a get-variable. The user opens always the index.php and gives different get-variables, which defines the different content.
Example:
The home page is example.com/?p=1
The contact page is example.com/?p=7
Now I want the URLs to look like example.com/contact. And because the number of pages is not static I can't create a directory for every page.
Probably I need a way to import the content of my index.php (example.com?p=3) to a path, which doesn't exist (example.com/new-path).
I've heard there is a way to solve that using the .htaccess file.
I'm not .htaccess / mod_rewrite expert, but just found this one may be useful for you. Note that you'll have to provide an entry for each page you are redirecting as the system will not know the relationships between the numbers and the pages by itself. You may have to fiddle around with it a bit to try and remove index.php.
# Original URL:
# http://www.example.com/index.php?p=1
# Desired destination URL:
# http://www.example.com/path-to-new-location/
# .htaccess syntax:
RewriteEngine on
RewriteCond %{QUERY_STRING} p=1
RewriteRule ^index\.php$ /path-to-new-location/? [L,R=301]
# Redirect URLs with query parameters (files placed in subdirectory)
Note, # is a sign for comments, anything on that line (in gray) will be ignored, it's sole purpose is to provide you information / comments on the code.
Source (line 52-63): Common .htaccess Redirects - Gist
I am trying to redirect from one url to another using a htaccess file. I have got them all working except from one which causes an infinite redirect loop. The url I wish to redirect from is:
http://website.co.uk/author/ and i want to redirect to http://website.co.uk/author/authorname
Any ideas would be helpful
Sounds a lot like your .htaccess redirect rules are doing pattern matching on your domain name, so that when you redirect to /jamescrawford it matches against www.pragencyone.co.uk/author/ and tries to redirect again.
If you're trying to catch everything that matches http://www.pragencyone.co.uk/author/.* then you'll need to exclude http://www.pragencyone.co.uk/author/jamescrawford (and potentially any assets it uses like images, if they're in the same directory) from being matched by the pattern you're using.
You might try posting the actual rules that you're using to do the redirect, though obviously be sure not to post anything any info from your .htaccess that would compromise your server's security.
try this in your htaccess file
RewriteEngine On
DirectoryIndex index.php
AddDefaultCharset On
Options +FollowSymLinks -Indexes
RewriteRule ^author /author/jamescrawford [L]
RewriteRule ^author/ /author/jamescrawford [L]
I have currently hit a bit of an issue with redirecting users with .htaccess and was wondering if anyone could help me.
1. Background:
I currently have a rather long domain name for the sake of this question lets refer to it as mylongdomainname.com now on this domain I have a subdomain that I use to host files, pictures etc to show friends or share with people this is files.mylongdomainname.com
now obviously the URL can get quite long as I have different directories and files. so to help reduce a bit of space I purchased another short domain, lets refer to this as small.me now what I want to do is use .htaccess and a simple PHP file to redirect small.me to files.mylongdomainname.com and pass on a file reference.
Example:
small.me/pictures/example.jpg should redirect to files.mylongdomainname.com/pictures/example.jpg
2. The problem
Basically I am unsure on the exact rewrite rule I would need to acomplish this. obviously I need a rule that will allow anything after small.me/ to be sent with the GET method to the index file which would then redirect the user accordingly. So that means that the rewrite rule will have to allow all letters, numbers and valid file name symbols to be used. I'm sure it's simple but after looking at a few tutorials and mod_rewrite help sites I still have no idea how to accomplish this.
3. The Code
.htaccess
RewriteEngine on
RewriteRule ^$ index.php?file_location=$1 [L]
obviously wrong
index.php
<?php
//Get the requested files location.
$file_location = $_GET['file_location'];
//Redirect the user to the file.
header('refresh:2; url=http://files.mylongdomainname.com/' . $file_location);
?>
4. Notes
I am aware I could just use a URL shortener, but because I am awkward I would rather it just went through my own domain, so please don't comment or answer telling me to use a shortener or to use a service like dropbox.
So can anybody help me by providing the right rule? Any help is much appreciated.
In .htaccess you can simply use:
RewriteRule ^(.*)$ http://small.me/?$1 [L]
No need for the PHP file if that's all you're trying to do.
Assuming you want this:
Picture to be shared: http://files.mylongdomainname.com/pictures/me/troll.jpg
Desired URL: http://small.me/pictures/me/troll.jpg
Remove the PHP file, just Place this in small.me's htaccess:
RewriteRule ^\/?(.*)$ http://files.mylongdomainname.com/$1 [NC,L]
The following in your .htaccess file should be all you need (no PHP file needed):
RewriteRule ^(.*) http://files.mylongdomainname.com/$1 [RL]
For more information and examples see the mod_rewrite documentation
i was given 3 static pages e.g
proposal.test.com/seo
proposal.test.com/ppc
proposal.test.com/design
I checked those directories in the server and there's no dynamic about their indexes, all plain htm file.
the instruction given to me was, hide those url from anyone that doesn't match a random url from database..meaning e.g
if user typed proposal.test.com/seo ,it shouldn't display the page, if the user
typed something like e.g proposal.test.com/seo/a13sdfa and a13sdfa matched a key from a databased, that's the only time the proposal.test.com/seo page will be displayed
so how am I gonna do this in PHP ? because all 3 directories are made up of pure static pages..
i have done the creating of keys already, i just wanna know how to hide these pages by appending a given random key and checking if it does or don't exists in database.
Since the pages are never considered PHP, you can not block the access using PHP.
You can block access by configuring your web server, for example by using a .htaccess file.
If you blocked access the normal way, you can use PHP to allow access to the files on certain conditions..
You should use mod_rewrite (in case of Apache web-server) and setup a rewriting of /a13sdfa into something like ?key=a13sdfa. Also you should include some PHP code in all static files in order to check the key validity.
How about this: move the static files outside the public folder, so they cannot be accessed directly; redirect all requests to a php file (you can use rewrite engine with apache) which will look in the database for the accessed url/key and return the file_get_contents of the corresponding file.
Here's an example of how the .htaccess file could look like:
RewriteEngine on
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^(.*)$ /index.php
What this does is the following: if the requested file doesn't exist on the disk (as a file or a directory), it will redirect to /index.php. There you should have the logic to render what page you want.
If you don't know in which variable the server will put the slug, just do a print_r($_SERVER) from inside index.php to find it.
There are 2 ways you could solve this problem.
1) (my prefered) Use .htaccess to only display the page if it matches the regex givin in the .htaccess.
2) In PHP (your actual question) 'Get the slug from the URL, query it to the database and if you get a result display it. Otherwise, send a 404 header from php.
Assuming the following: You have an Apache webserver with mod_rewrite enabled (check php info if you arent sure). Your virtual host allows overriding (AllowOveride All).
.htacces
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^/]+) index.php?check=$1 [QSA,L,t]
If the file or directory exsists on the server it will display the page. So it would display seo, design etc. Otherwise it redirects to index.php and gives its slug as a parameter named $check. With this variable, query to the database, check te result and redirect to the desired page.
ok assume i have php page
has this name name.php?get= and has get varible named get
ok
how i can make it appear like that name?get=
If you are using apache, mod_rewrite is one way to go. There is a whole bunch of mod_rewrite tricks here.
I'd seriously reconsider before using (or overusing) mod_rewrite.
In almost all of my projects I use a simple mod rewrite in the .htaccess:
RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^.*$ ./
AddHandler php5-script .php
This tells the server to forward all pages to / (index.php) unless a file otherwise exists.
In the root directory I have a folder called "views" with all of the pages that I use. E.g. the file used for /home would actually be /views/home.php. However, in the index.php I have a script that parses the user's url, checks for the file, and includes that.
$page = substr($_SERVER['REQUEST_URI'], 1);
if(!$page) :
header("Location: /home");
if(file_exists("views/$page.php")) :
include "views/$page.php";
else :
include "views/$page.php";
endif;
This creates a variable called $page that stores the value of everything in the URL after the domain name. I use a substr() function on the Request URI to get rid of the trailing forward slash (/) on the URL.
If the variable is empty, for example if the user is simply at http://example.com or http://example.com/ then it forwards them to /home, where the script then checks for the home.php file inside of the views folder. If that file exists, it includes it, and displays it to the user.
Else, the script will simply include the 404 page telling the user that the file doesn't exist.
Hopefully this helps you, and if you need any further explanation I'd be happy to help!
I think you're wanting to re-write the URL client-side, which would include mod_rewrite.
In the route of your website, create a file called .htaccess and place the following code in it:
RewriteEngine on
RewriteRule ^name?get=(.*) /name.php?get=$1
Now when you type http://www.example.com/name?get=something, it will actually map to http://www.example.com/name.php?get=something transparently for you.
As far as i could understand your question, you can not strip the file extension because otherwise it will not run. In other words, you can not change:
name.php?get=
into
name?get=
But if you mean to create links with query string values that you can put them in hyperlinks in this way:
Click here !!
If you're looking to create links using a variable '$get', then you can create the link like this:
<a href="name.php?get=$get>Link</a>
Or if you want to get the value of the query string variable, you can use this:
$get = $_GET['get']