if (file_exists($filename)) {
echo "<a class='next' href='$filename'><img src='images/next.png'</a>";
}
else {
echo "<img src='images/next-dis.png'/>";
}
well i am trying to do this I will have hudereds of pages like 1.php 2.php 3.php.... but i want them to look like this "index.php?id=1" instead of /1.php, /2.php and want to block users who try to access (for eg.) 2.php directly.. can anyone help?.. is there any simple way to do this?
The following rewrite rule in an Apache .htaccess file should do the trick.
RewriteEngine On
RewriteRule (\d+)\.php /index.php?id=$1
This basically matches any URL in the format [0-9]+.php and redirects it to /index.php?id=### where ### matches ###.php.
Search for .htaccess rewrite rules. You will find examples on similar scenarios. See the practical solutions section in - http://httpd.apache.org/docs/2.0/misc/rewriteguide.html
Inside your index.php you could do this
include($_GET["id"]".php");
This will load whatever id is the get var, however anyone could change this variable and gain access to whatever they enter here.
Related
When browsing sites in the past I always assumed that example this url:
http://example.com/folder/page/something-random that the something-random was an actual folder, and was created in the page.php area.
But recently I've gotten into frameworks and gotten into .htaccess and notices that those things don't necessarily have to be done using a framework, and was wondering how it works?
Is it some type of edit done in the .htaccess to make the /something-random come up as a GET php variable?
If the question is a bit confusing I apologise.
You dont necessary need to create folders for url to look pretty. if you have dynamic urls, i would advise use of .htaccess rewriting rules for url it would make the url look as if its a path yet its a variable
.htaccess are useful for enforcing the Pretty URLs. They are useful in that they always helps you to boost up search engine page ranking and they are also user Friendly. It helps to make URLs looks neat on the browser address bar And not necessarily does it have to be an actual folder.
An example
Original URL.
http://flickr.com/users.php?id=username&page=2
Rewriting Friendly URL.
http://flickr.com/username/2
In the .htaccess file you would have something like this for it to happen
.htaccess file
//First Parameer
RewriteEngine On
RewriteRule ^([a-zA-Z0-9_-]+)$ users.php?user=$1
RewriteRule ^([a-zA-Z0-9_-]+)/$ users.php?user=$1
//Second Parameter
RewriteEngine On
RewriteRule ^([a-zA-Z0-9_-]+)/([0-9]+)$ users.php?user=$1&page=$2
RewriteRule ^([a-zA-Z0-9_-]+)/([0-9]+)/$ users.php?user=$1&page=$2
To capture the variables in php you could have something like
php file
<?php
$key=$_GET['key'];
if($key=='home')
{
include('home.php'); // Home page
}
else if($key=='login')
{
include('login.php'); // Login page
}
else if($key=='terms')
{
include('terms.php'); // Terms page
}
else
{
include('users.php'); // Users Gateway
}
?>
You could learn more about usefulness of .htaccess as you google is usage for example my reference pretty url on 9lessons
I'd like the end user of my website to be able to do something along the lines of: example.com/user/user_name to show the statistics of that user on a different website. In short, I'd like to be able to make queries in php without having the user do: example.com/user/username=user_name I also have no way of knowing all of the possible users. I guess this means I'd like to always redirect to the index, while preserving the querystring that doesn't have "var=" in it. How would I do this?
you cna use the explode function in php. use it on the url slashes "/" and you get valid data to query. Remember to make it secure from sql injections.
EDIT
here you go:
$url = explode('/',$_SERVER['REQUEST_URI']);
echo 'user = '.$url[count($url)-1].'<br />
username = '.$url[count($url)-2];
EDIT 2
yeah you need to use .htaccess
unless you wanna get away with the questionmark
http://example.com?/user/username
EDIT 3
if you use apache you can make all traffic go through index.php with following .htaccess file:
RewriteEngine On
# always run through the indexfile
RewriteRule .$ index.php
Then if you want some folder to not go through to index.php, you add a htaccess file in that folder with:
RewriteEngine Off
The easiest way to do this is to still have the script be somepage.php?username=user_name and then have in your .httaccess file:
RewriteEngine On
RewriteRule ^/user/(.*) somepage.php?username=$1
This way you can still get the variable with $_GET['username'] but it looks nice to the user.
For example a user can not access http://example.com/here but can access anything with more added. An example would be http://example.com/her?action=blah blah.
The point of this is to prevent access to an file by visiting the page directly, however allow the file to be use with more actions/links added.
I would just like to thank everyone for the quick response.
Based off the answers I got, I went with php and it worked.
I used the following:
function access_granted(){
global $pagenow;
if(!isset($_GET['action']) && 'wp-login.php' == $pagenow ) {
wp_redirect('http://example.com/');
exit();
}
}
I do have one question however.
I changed the wp-login.php url to http://example.com/here instead of http://example.com/wp-login.php.
My problem is that now, the function access_granted does not work anymore.
my guess is the $pagenow.
Any suggestions, such as how to check the url/here instead of wp-login.php?
If you want to go .htaccess way do this. Enable mod_rewrite and .htaccess through httpd.conf and then put this code in your .htaccess under DOCUMENT_ROOT directory:
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} ^$
RewriteRule ^here/?$ - [NC,L,F]
This will throw forbidden error for /here or /here/ but will allow /here?bar=foo type of URIs.
Yes, there is.
You don't really need to deal with htaccess, you can do it with php.
First you need to check if required options are set. For example if you have a GET property with name action you can check whether or not it's set using isset function. You also need to specify a custom HTTP 403 page and redirect the user to that page. Here's an example for showing forbidden error if action is undefined:
<?php
if (!isset($_GET['action'])) {
header('HTTP/1.0 403 Forbidden',403);
header('Location: 403.html');
exit;
}
?>
You might also find the following link useful:
How to display Apache's default 404 page in PHP
Is example.com/here handled by a PHP script? If so, do your input validation at the start of the script, and if it doesn't meet the requirements, either give an error page or redirect (http://php.net/manual/en/function.http-redirect.php) to another page.
As you want it to work if anything is appended to the URL, you can use this if /here is handled by PHP:
<?php
if(!$_GET){
die('You are not allowed to access this URL.');
}
else {
... PHP code that will execute in case the user is allowed to access the URL(you can also use HTML by just having ?> here instead and add <?php } ?> at the end of the document) ...
}
?>
Hope it helped.
Sure, you can use PHP for this. on here.php you need a line (in your example) at the top of your code that looks like this:
if(!isset($_GET['action']){
header('location:/notallowed.php');
exit;
}
Where notallowed.php is whatever you want to show when they don't have the full link.
I'm working on a website with a lot of profiles. What I want is that you can simply navigate to one of those profiles with a URL like www.mywebsite.com/userX (just like twitter with twitter.com/userX).
I already know how this is possible by using the .htaccess and rewriterule, but the problem is it changes the entirely URL to something like www.mywebsite.com/?username=userX. It must just load a specific PHP-file without rewriting the URL in the addressbar.
Who knows how I can perform this?
(p.s. sorry for my average English)
See the fine article:
http://www.phpriot.com/articles/search-engine-urls
It explains that yeah, you want a mod_rewrite (placed in an .htaccess file) rule that looks something like this:
RewriteEngine on
RewriteRule ^/news/([0-9]+)\.html /news.php?news_id=$1
And this maps requests from
/news.php?news_id=63
to
/news/63.html
Another possibility is doing it with forcetype, which forces anything down a particular path to use php to eval the content. So, in your .htaccess file, put the following:
<Files news>
ForceType application/x-httpd-php
</Files>
And then the index.php can take action based on the $_SERVER['PATH_INFO'] variable:
<?php
echo $_SERVER['PATH_INFO'];
// outputs '/63.html'
?>
Let' say for example one of my members is to http://www.example.com/members/893674.php. How do I let them customize there url so it can be for example, http://www.example.com/myname
I guess what I want is for my members to have there own customized url. Is there a better way to do this by reorganizing my files.
You could use a Front Controller, it's a common solution for making custom URLs and is used in all languages, not just PHP. Here's a guide: http://www.oreillynet.com/pub/a/php/2004/07/08/front_controller.html
Essentially you would create an index.php file that is called for every URL, its job is to parse the URL and determine which code to run base on the URL's contents. So, on your site your URLs would be something like: http://www.example.com/index.php/myname or http://www.example.com/index.php/about-us or http://www.example.com/index.php/contact-us and so on. index.php is called for ALL URLs.
You can remove index.php from the URL using mod_rewrite, see here: http://www.wil-linssen.com/expressionengine-removing-indexphp/
Add a re-write rule to point everything to index.php. Then inside of your index.php, parse the url and grab myname. Lookup a path to myname in somekinda table and include that path
RewriteEngine on
RewriteRule ^.*$ index.php [L,QSA]
index.php:
$myname = $_SERVER['REQUEST_URI'];
$myname = ltrim($myname, '/'); //strip leading slash if need be.
$realpath = LookupNameToPath($myname);
include($realpath);
create a new file and change it name to (.htaccess) and put this apache commands (just for example) into it :
Options +FollowSymLinks
RewriteEngine on
RewriteRule ^profile/([0-9]*)$ members.php?id=$1
You must create a rewrite rule that point from http://www.example.com/myname to something like http://www.example.com/user.php?uname=myname.
In '.htaccess':
RewriteEngine on
RewriteRule ^/(.*)$ /user.php?uname=$1
# SourceURL TargetURL
Then you create a 'user.php', that load user information from 'uname' GET variable.
See from your question, you may already have user page based on user id (i.e., '893674.php') so you make redirect it there.
But I do not suggest it as redirect will change the URL on the location bar.
Another way (if you already have '893674.php') is to include it.
The best way though, is to show the information of the user (or whatever you do with it) right in that page.
For example:
<?phg
vat $UName = $_GET['uname'];
var $User = new User($UName);
$User->showInfo();
?>
you need apache’s mod_rewrite for that. with php alone you won’t have any luck.
see: http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html