I am trying to create a login page for some sites that I manage. So far it worked easy enough by having a login page which connects to a database which told the page where to redirect them.
I also have an .htaccess that rewrites the URL to pass through an authorisation page that just checks if a session has been started then pushes them through.
The problem I have is that when an admin logs in to the admin page it isn't parsing the php and when I go 'view source' I can see all the code... how do I get it to parse the php?
.htaccess
Options +FollowSymLinks
RewriteEngine on
RewriteRule ^(.*)$ ../authorise.php?file=$1 [NC]
authorise.php
session_name('TSiteStats');
session_start();
if (isset($_SESSION['user_id'])) readfile ($_SESSION['redirect'] . '/' . $_REQUEST['file']);
else header("Location: ../login.php");
Just to be sure.
Does you file use the <?php and ?> tags. These tag will tell Apache to load the PHP code to be executed.
Also, does the script can be executed (has the authorization to be executed by Apache).
Last thing, your code is using readfile which output the content of the file and not execute this one. Are you sure you want to readfile and not include it?
Related
I have a folder named cache. It has sub-folders and files. I need to make cache content accessible only when isset($_SESSION["logged"]).
I have routed all requests to cache folder via index.php by placing the following .htaccess file in cache folder :
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^ index.php [L]
</IfModule>
In index.php following check is written :
<?php session_start();
if (!isset($_SESSION["logged"])) {
die();
} else {
header('Location: ' . $_SERVER['REQUEST_URI']);
die;
}
But I am geting error ::
This web page has a redirect loop
ERR_TOO_MANY_REDIRECTS
Could you please debug where I am wrong.
The reason why you get this error simply is that you explicitly implemented an endless loop. Your header() call redirects back to the same URL originally requested, so the rewriting rule applies again, things start all over again.
Instead you should output the contents of the requested cache file:
<?php
session_start();
$pathToCachedLocation = '/some/path' . $_SERVER['REQUEST_URI'];
if (isset($_SESSION["logged"]) && file_exists($pathToCacheLocation)) {
readfile($pathToCacheLocation);
}
You will still have to add some additional validation and error handling to make sure the request targets a file actually inside the physical cache location (see realpath()) and read permission exists (see is_readable()). Also some http headers probably make sense sending. The above example is kept simple to demonstrate the approach.
I have made one file say a.php. Now I want some thing like if one tries to open a.php then He should ne redirected to another page of same directory of site.
I want it throght .htaccess file.
I have written this code in my .htaccess file
RewriteEngine On
# This allows you to redirect index.html to a specific subfolder
Redirect /b.php /a.php
both pages are stored in same directory..
You could try
RewriteEngine On
RewriteRule /a\.php /otherfile.php [R=301,L]
Change the filenames were necessary.
If you could be more specific as to what you wish to achieve,perhaps I can supply you with a better solution.
Question that might help:
Is it only for the file a.php, or there are other request that will be handled the same way as this pattern?
Hope it helps!
Please refere to the link below. I think so it will help you out.
How do I redirect my site using a .htaccess file?
Thanks
Or, you can use this if your script has a request string.
Like you want to stay on the same page, but not to show a request string.
(in case you want to post or get some data through scripts)
RewriteEngine on
RewriteRule ^/path/to/a/([0-9]+) /path/to/a.php?foot=$1 [PT]
Also, you should consult with the link Codemaster Gabriel and Arvind Sridharan gave you.
you can use header function in order to redirect..
try this
inside a.php
type:-
<?php
header ('location: b.php'); //lets say b.php is the file you want to redirect
?>
it will work..
and it is recommended to use this instead of .htaccess due to security reason of apache
I have been using the following code to redirect users to a domain for over 2 yrs.
Lets say a user will navigate to my-example.com the index page is a template that defaults to load a blog so the actual url is my-example.com/index.php?nid=blog however the the url to displaed in the browser is my-example.com/blog.
I've been using a .htaccess file with the below code to mask this url and make it more reader and SEO friendly: -
RewriteEngine On
RewriteRule ^blog(/)?$ /index.php?nid=blog [NC,L]
RewriteRule ^blog/([A-Za-z0-9-]+)(/)?$ /index.php?nid=blog&article=$1 [NC,L] # Handle product requests
In the index.php file I was using the below code to send users going to my-example to my-example.com/blog
if ($nid == "") {
header("Location: ./blog/");
}
This worked fine in php 4 (default for my host). However I need to use PHP 5 for my new site so have added AddType x-mapp-php5 .php to the top of the .htaccess so that Apache uses php 5 however this has nerfed my php header redirect.
Chrome and Firefox both give similar errors that the page isn't re-directing properly in a way that will never complete - a redirect loop.
I have not changed the php in my template only added AddType and an include for new content. Anyone any ideas?
I've tried using a .htaccess redirect to ./blog but this seems to cause the same error.
You probably had register_globals on earlier.
Read nid from $_GET["nid"] instead.
$nid = #$_GET["nid"];
if ($nid == "") {
header("Location: ./blog/");
}
I'm working on this PHP page wich includes different pages like header.php .
What I want is when you go to header.php, it redirects you to the homepage. I tried using header but when I include it, it keeps redirecting me.
I think it's possible with an if statement with $_SERVER, but I don't know how.
Anyone can help me out? Thanks in advance!
The best way to do this is to create a constant on your main landing page, so let say index.php is one of your main landing pages.
You would create a constant within there, and then do a check in all your sub templates that should only ever be included by a main page.
Example:
<?php
define("IN_VIEW",true);
require_once "header.php";
And then within header.php you can just to make sure that IN_VIEW is defined
<?php
if(!defined("IN_VIEW"))
{
die("Direct Access Forbidden");
}
//Header Here
If its not defined, then obviously the page has been loaded directly and not from index.php.
And then for every other "in-direct" page that should be secured you just place the three lines at the head of the file, and make sure the constant has been defined in your main pages (index,login,logout) etc.
if($_SERVER["PHP_SELF"] == "header.php") {
header("Location: index.php");
}
Although this isn't best practice. You shouldn't allow users to be able to access the PHP files in the first place. The simplest method of disallowing users access to this type of file is by moving the file above the document root, meaning it is impossible to request the header.php file via HTTP.
Another solution is to simply redirect everything to index.php so that direct access to any other script is prevented. On apache for example you can do this using .htaccess as follows:
RewriteEngine On
# redirect everything to index.php except exceptions
RewriteCond %{REQUEST_URI} !/robots\.txt$
RewriteCond %{REQUEST_URI} !/favicon\.ico$
RewriteCond %{REQUEST_URI} !/static/
RewriteRule ^(.*)$ index.php [L]
You can specify some exceptions such as your robots.txt file, and images directory.
Everything was working fine till I added my .htaccess file. What I'm trying to do is route all my users to their profile page. So www.darudude.com/user1 routes to www.darudude.com/userinfo.php?user=user1
My .htaccess file as this:
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)\?*$ userinfo.php?user=$1 [L,QSA]
However ever since I added this, it breaks my sessions. On every page I have a initialize a session, and the sessions stores the referrer. This is the piece of code that handles the important part.
if(isset($_SESSION['url'])){
$this->referrer = $_SESSION['url'];
}else{
$this->referrer = "/index.php";
}
//this echo is used to debug why this thing isn't working!!
echo "<script>alert('".$this->referrer."');</script>";
/* Set current url */
$this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];
and then I'm returned to the original page using this piece of code:
header("Location: ".$session->referrer);
So for example, without the .htaccess file, if I login through one of the pages everything works and I get redirected back to the page I logged in from (i.e. if I logged in from index.php I get redirected back to index.php; if faq.php, I get redirected back to faq.php). With the .htaccess file I keep getting sent to /userinfo.php leading me to thing its something wrong with my rewriterule
This is how its supposed to work:
index.php loads. the $_SESSION['url'] is set to index.php
a login form is enacted whos action redirects to process.php
process.php the $session->referrer is set from $_SESSION['url']
After the login is confirmed the page should redirect using: header("Location: ".$session->referrer);
This is how it worked originally without any problems.
However, after the .htaccess was created it seems to redirect me to userinfo.php. I think it has something to do with my rule.
Any ideas?
I'm not sure if I understand the problem, but the rewrite rule you're using seems to turn the request to /index.php into a request to /userinfo.php?user=/index.php which may not be what you want.
It's because you're relying on $_SERVER['PHP_SELF'], which does not include the query string (the ?user= part of the URI). It worked before because your pages didn't rely on query strings to uniquely identify themselves. You can use $_SERVER['REQUEST_URI'] instead, though look out for circumstances where you don't want the query string to be preserved and now it is being.
Incidentally, the \?* in your RewriteRule regex is doing exactly the same as thing as if it weren't there.
You could try logging in with AJAX, thus never having to refresh the page at all. A simple Google search will throw up plenty of results, see below. Even if you're not using jQuery (which alot of the tutorials seem to expect you to), it's still possible with basic Javascript, in fact that's how I wrote my AJAX log-in script before converting it to use jQuery later.
http://www.google.com/search?q=php+ajax+log-in