I noticed that most of the frameworks (CodeIgniter for example), do provide a default .htaccess file but don't force its use.
Why don't they force its use?
Does .htaccess work on all servers?
What are the alternatives?
.htaccess files only work on apache servers. When using other servers it highly depends on what you want to do - but usually you need to edit the server config to rewrite URLs, block directories, etc.
The fact that frameworks need .htaccess files is actually an annoying problem from the PHP world since 99% of all applications are stored inside the document root, thus giving users HTTP access to all their files unless they are somehow restricted (e.g. via .htaccess). On the other hand, if you have a WSGI-based python application, you usually store it outside the document root and "mount" it to a certain folder in the document root - this way not a single file can be accessed directly via HTTP.
1) I have to agree with Juhana. The question is: why should they force it? There is no need to restrict a framework with such a thing.
2) I heard that they are not working on IIS Server, where you have to translate it in special config files.
3) It depends on what you're doing. But because of the fact you do not really need .htaccess files, just let them be is a possible alternative :)
Because it does not work on all servers (esp. hosting providers can restrict its use) and there is really no good reason to enforce it.
See #1. Also, they tend to not work in the same way if you're not running Apache.
Very wide question. If you're running Apache it's pretty much the only way to configure the server while not being a privileged user. If you're not running Apache, it's dependent on the specific web server.
Some useful links;
Apache htaccess to nginx rewriterule converter
How to translate htaccess to IIS web.config
How to work around lighttpd's lack of directory specific config
Related
I currently have: www.MYPAGE.com/category (a site I reach from my shop site)
But I want: www.MYPAGE.com/shop/category (so the subpages kinda stack)
So how do I actually achieve that ? Working with .htaccess or a more simple way ?
if you want .htaccess
# Redirect old file path to new file path
Redirect /olddirectory/oldfile.html http://example.com/newdirectory/newfile.html
but you can use framework route if you use one
I'm assuming you're not using a CMS (Wordpress ect) and are just using plain old html.
To change the URL structure simply change directory structure.
So for example put your category index.html file in the directory /shop/category/ and the hyperlink to that page is now www.MYPAGE.com/shop/category/
Can't comment yet, so I'll risk a bad answer.
Up front, it's been a while since I used php (php4). But we never used php without some other software, usually Apache, to actually serve pages.
A quick check on the php and pear documentation sites doesn't show me that the situation has changed much.
Therefore, I'll start with the simplest description I can remember.
Your server machine runs an OS. You have a web server such as Apache, Nginx, Microsoft's IIS, lighttpd, etc., fielding queries from the web in http protocol. (Skipping discussion of https, look that up later.)
If we were using Apache's httpd, there would be a configuration file for Apache, usually called httpd.conf. In a Linux or Unix environment, this is usually under /etc/(somewhere) in the file system. In that file, you would have a declaration of the document root directory.
Unless you add other configurations, the directories under the declared document root are available to the web as they are in your file system. So, if the document root is set as /var/www and your your domain name (which is a separate topic I assume you are not asking about) is set up as in your example -- www.MYPAGE.com, then the file
/var/www/aboutus.html
would be available on the web as
www.MYPAGE.com/aboutus.html
and the directory
/var/www/shop/
would be available on the web as
www.MYPAGE.com/shop/
Apache allows you to redefine that structure with configuration directives such as Alias and ScriptAlias. Script configurations are the basics for hooking php into your httpd server. Apache's configurations for those can be found from their documentation page on url mapping, which you can find through the links above. (I don't have enough cred to post more than two URLS, sorry.)
You might want to look at virtual hosts (vhost) as well, but focus on Aliases for now.
Say you have product photos in
/var/app/products/photos
You could have an Alias like this:
Alias "/shop/images" "/var/app/products/photo"
and (if I remember right and if you don't have locations and url re-writing set up) they would be available on the web at
www.MYPAGE.com/shop/images
And, since I don't have enough cred to post more links, that's as far as I can go with this. Take a quick look at mod_rewrite in the httpd documentation.
Then look in the php documentation for related configuration directives, and it should take you maybe a day of practice at most to understand the basics.
Do get your boss or teacher to allow you to use the time and hardware to practice. Otherwise, your productivity will be stuck in the mud.
I have a doubt about PHP, Apache, server interpretation... I know that when a PHP file is loaded by the browser from an Apache+PHP server it is interpreted and only the HTML and plain text is showed but is there a way to download this files instead of interpreting them?
In this case it would be very unsecure because MySQL passwords would be unsafe.
Is it any security measure to prevent this or it's impossible to download this files?
As long as your server is setup properly it isn't going to happen.
A good step though is to put all of your actual passwords and whatnot in a config.php and including it. That way you can use htacces too block that file so that should your server ever start serving the raw pages that file won't be accessible anyway.
To clarify if you create a .htaccess file and place it in the same folder as the config.php with the below information that file will not be served, even if requested directly. Simply define your config stuff (db name, user name, password, hashes, etc) in this file and include_once it at the top of each page that needs it and you will be good to go.
<files config.php>
order allow,deny
deny from all
</files>
There is no way to 'download' PHP files, but for more security you can place your 'core' PHP files outsite of the public_html folder
Unless the PHP interpreter stops working for some reason, it's not something to worry about. Most servers are designed to interpret the PHP files every time they are requested and serve only the interpreted HTML text. It's possible to secure your sensitive PHP settings files just in case - often by placing them outside of the root directory with modified permissions.
The only way someone could download the files is to have a server set up that serves the raw files. As long as you don't have such a server set up, they're inaccessible. If the only server software on your system is Apache and it's configured correctly, people cannot see your source code.
However, if somebody seeing your source would render your app vulnerable, you might want to give some thought as to how you can fix that problem. Lots of secure open-source software exists — why would yours being open-source cause problems?
With proper configuration apache guarantees that files will always get interpreted and won't be offered for download.
You always may install fault update or make wrong configuration, but with skilled admin and stable release those cases just don't happen.
If our .htaccess files are purely for mod rewrites, is there a security / development downside to committing .htaccess files alongside other files in your repository?
For various reasons (our SEO optimisers like to add pretty urls as new promotions occur, etc) we need a fair few rewrite rules inside these files. Would I be better off pushing the routing into php-land and dealing with it there? Or is reading from a .htaccess via apache fine?
The .htaccess files are not exposed via the web server, so that's not a security risk.
As I recall, once you use one .htaccess file, you already have agreed to pay the price, that price being apache will look all over the place, every request, for .htaccess files. That's a performance issue though.
I think your ideal solution is to not use .htaccess files at all, but set those rules in httpd.conf. PHP is not better at redirection than apache, so no help there. That's the performance answer. Develop however feels best, and then for production move the rules into the server core.
As for version control, if it is a file full of text, that is needed for the code, then yes, I would put it into version control. I'd do that right now in fact. If many people are adding in their own redirect rules in .htaccess files all over the place, you'll want to be able to:
Roll back the changes.
Point the finger! ;)
.htaccess mod_rewrite is waaaaaay faster than routing things on the php side, i would stick with mod_rewrite for url manipulation
Using PHP, how can you make a dynamic folder system, like http://website.com/user/UsernameHere/ show something like http://website.com/user.php?name=UsernameHere
Does this require server configuration, or is it possible with PHP?
Typically this will rely on some amount of URL-rewriting support from the web server, for instance, some mod_rewrite rule under apache.
Whether or not it's a bunch of complicated rewrite rules, or just a simple one that rewrites everything to /index.php (and let's index.php parse and interpret the URI), doesn't matter.
But you'll need some amount of web server configuration to get it going.
There's a few techniques for doing this. It's nearly possible to clean up your URLs using just PHP, but ultimately if you want to get rid of the ".php" extension you'll need to do something with your server. If it's Apache you can clean up using the .htaccess file.
I would like to be able to port some new site pages over to PHP using the same db as in the coldfusion site. Is it possible to have PHP run pages in say other directory and go back and forth ?
Many thanks for your reply.
Terry
As others have said, yes, it is possible. Your configuration doesn't really matter, (unless you're looking for help getting it setup), because it can be done on any modern webserver (Apache, IIS, etc).
Something to think about, though, is the default document. If your web application uses urls like:
http://example.com/myApp/ (no index.cfm or index.php in the url)
Then you need to be aware of the explicit order of default documents. If you have both an index.php and an index.cfm template in the same directory, which will execute?
If your default document list is (a variation of):
index.cfm index.php default.aspx index.html
Then the ColdFusion page will be the one to execute. On the other hand, if the default document list is (a variation of):
index.php index.cfm default.aspx index.html
Then the PHP page will be the one to execute.
Yes, this is possible, I have this available on my production web server (RedHat but it shouldn't matter). If you're looking for details on configuration I couldn't help you though, I had my host set it up. I wouldn't imagine a standard install of both would conflict, just set up the proper handling for each file extension and you should be good to go, keeping them in separate directories or mixing them in one.
It is possible as long as you are running the same web server (i.e. IIS or Apache) for both ColdFusion and PHP. If you let us know what your environment is, people may be able to further assist you - but the answer to your question is yes.
Yes,
It's technically no different to Windows servers which have both PHP and .Net installed, or a Linux server with Perl and PHP.
Speaking generally, after installing the languages you're using you set up your web server to handle files of different extensions. This is done differently depending on whether you're using IIS or Apache, but you effectively say .php files should be handled by the PHP interpreter and .cfm files handled by the Coldfusion interpreter.
As others have said, its entirely possible and not hard to setup. Just watch out for Default Document as Adam Tuttle said.
I will take it a step further: you even run CF and PHP in the same application server!
Use Cauchos Resin for CF and its Quercus support for PHP:
http://quercus.caucho.com/
Of course, if your PHP app is non-trivial and/or relies on some custom extensions or extensions that Quercus doesnt support than your SOL. But might be interesting to check out.