let's say we have simple file
<?php
echo "hello world"
I'd like to place the file in /modules/myModul/(somewhere).
Where do I have to save the file and how do i call it via the browser url?
As far as I know, Kohana's default .htaccess already includes the check whether the URL corresponds to a real file
RewriteCond %{REQUEST_FILENAME} !-f
So if you save this php file somewhere and access it by the URL you would expect to find it at, the request will not be sent to Kohana at all.
If you placed the file in /modules/myModul/example.php, then the URL would be http://www.example.com/modules/myModul/example.php
By default every file in application|modules|system will be hidden. You should use webroot directory (were the index.php and .htaccess placed) or another directory (for example, create public folder for your non-framework scripts). So, it will be http://example.com/script.php or http://example.com/public/script.php.
Related
I would like to be able to tell what the base directory of a site is automatically. Say I have a website in this location on a Unix machine:
/home/webserver/mywebsite
And it's publicly accessible here:
http://mywebsite.devserver.com/temp
I would like to be able to move the website from "temp" to the root of the site without having to manually change my php configuration files in my framework.
I guess what I need is the public facing directory of the index.php file, so say I have a .htaccess rewrite rule that means:
http://mywebsite.devserver.com/pages/page
.. will load the index.php file in the root and will return the page at /pages/page, I would need the "base directory" of the site to return "" (An empty string) because the site belongs directly after the domain name. But then say I put the site inside a directory like:
http://mywebsite.devserver.com/directory/pages/page
I would need the "base directory" to return "directory" so I can use it within the code elsewhere.
I am very sorry if this sounds vague and I will happily explain more if needed but any help will be greatly appreciated!
You can use this code in your DOCUMENT_ROOT/.htaccess file:
RewriteEngine On
RewriteCond $0#%{REQUEST_URI} ^([^#]*)#(.*)\1$
RewriteRule ^.*$ - [E=BASE:%2]
It compares REQUEST_URI variable (which is the complete URL) with the URI matched by RewriteRule (which is relative to current path) and gets differential in %{ENV:BASE} variable.
Hi i'm new in web programming. I'm developing a web site with a PHP backend application. I'm using Ubuntu 14.04 Server, Apache, PHP 5.5 and Mysql.
Currently this is my directory structure under /var/www/html:
example.com
app/ # this dir contains the backend
src/ # this contains some common stuffs between front and back ends
web/ # this is the 'public directory' which serves the frontend
I searched so much about .htaccess, but i cant point out a definitive solution to secure all .php files which are not into the web/ directory. Also, i would "hide" .php files through url rewriting (for example, instead of serve mysite.org/accounts.php i would serve mysite.org/accounts, but not just removing the .php extensions, rather redirecting mysite.org/accounts to a file called, to say, youwillneverknowthis.php).
Thanks in advance.
J.
To protect your PHP files, do not put them in the public html directory because it's accessible via the internet. Files that contain private code should be taken out of that directory. Put them in private directories such as /var/www/php/src and var/www/php/app
Now you want users to be able to get "page.php" without exposing the sensitive PHP code. One solution is to have a script in the public directory /var/www/html called gateway.php that looks in the private directory dir for a file named file and execute its contents. The values of $_GET come from step 4 below. Before requiring the file, be sure to sanitize input to prevent a malicious actor from making gateway.php run a bad script. For instance, you can compare the requested file against a whitelist of allowed files and stop execution if there is no match.
<?php #gateway.php
if (empty($_GET['file'])):
//the file is missing
http_response_code(400); //bad request
exit;
else:
$file = realpath(rawurlencode("/var/www/php/$_GET[dir]/$_GET[file]"));
//SAFE_SCRIPTS is a string constant: whitelist of allowed files
//eg:define("SAFE_SCRIPTS",'"path/to/a.php","path/to/b.php"')
if(strpos(SAFE_SCRIPTS,$file)===false):
//script is not in the whitelist
http_response_code(403);//Forbidden
trigger_error("Forbidden script: $file");
die("Access to this resource is forbidden");
endif;
require $file;
endif;
Your next issue was about url rewriting so that mysite.org/accounts could redirect to youwillneverknowthis.php). Place a text file named .htaccess in the public document root var/www/html. Add the following rule (one rule per line): RewriteEngine on. This turns on url rewriting
To redirect a url, add the following rule (single line): RewriteRule ^accounts$ gateway.php?dir=src&file=youwillneverknowthis.php [QSA,L] Adjust the dir and file arguments as required. This will redirect the user to gateway.php, which will then read and execute the private code, all behind the scenes. The Query String Append [QSA] flag ensures that any pre-existing query arguments are passed to gateway.php along with dir and file arguments. The [L] flag lets the rewriting engine know to stop processing and redirect upon finding a match.
Hope that helps.
Edit: improve security by sanitizing input
I've noticed a strange situation that occurs when I try to create a mod-rewrite entry where the source path is also the same name as an existing php file in the same folder. See example
RewriteRule ^users/([^/]*)/([^/]*)$ redirect.php?page=user&name=$1&id=$2 [L]
The issue is that I'm calling the directory "/users/" as the source path in the rule and if I also have a file in the root folder with the same name "users.php" then the rule above ends up pointing to that file instead of the page I want to redirect rule to point to (which is redirect.php in this case).
Any suggestions?
That's because of Apache content negotiation.
To disable it, put this line in your htaccess (for example, before RewriteEngine on line)
Options -MultiViews
I'm not the best with mod rewrite so if anybody can help me out here that would be great.
I'm using a markdown processor script and it's using rewrite to grab any files that end with a markdown file type. However, I'd like this script to grab any files within a folder, rather than any files that end with the markdown file type.
Here's the htaccess:
# display Markdown as HTML by default
RewriteEngine on
RewriteRule .+\.(markdown|mdown|md|mkd)$ /static/includes/markdown/render.php
RewriteRule .+\.(markdown|mdown|md|mkd)\-text$ /static/includes/markdown/render.php [L]
Is there a way to grab all files within a folder called (let's say) "folder" and eliminate the file type on the end?
So maybe have a URL like
website.com/home
that actually is
website.com/home.md
and is processed with the markdown script?
Hope this makes sense.
The re-write module and it's .htaccess files actually work on a per folder basis. Usually one would have a main .htaccess file in the web root of a site/server. However you can add numerous .htaccess files throughout your site's folder structure giving each individual folder specific rules.
All you would have to do is add another .htaccess file to your markdown folder and enable it to parse URL's without file extensions, forwarding it to a script which will be able to detect what original file was requested -
RewriteEngine on
RewriteRule ^(.*)$ /static/includes/markdown/render.php?file=$1 [L,QSA]
Basically what is happening here is that any file requested within this folder will be passed through your render.php file.
Now in your render.php file, you would have a $_GET parameter of file containing the original URL. For a url of http://example.com/markdown/foo, your render.php would have foo in the file parameter -
/static/includes/markdown/render.php?file=foo
If you set the correct headers in render.php it will be able to print out any format of file, hiding it's extension in a "fake" URL.
I'm wanting to upload a standard php file to the root of my website which also has WordPress installed. I think there is something with the .htaccess file that's not letting me access a file even if it exists but instead passing every call through to WordPress's index.php file which in turn throws me to a WordPress 'page can't be found'.
I've looked through similar questions on here with no avail.
What I'm thinking is there is something funky going on, or I need to modify my .htaccess from the standard one that ships with WordPress or ??
Any help is appreciated!!
Thanks in advance,
Mark
If your file is called foo.php, add this line to your .htaccess file, directly below RewriteEngine on:
RewriteRule ^foo.php$ - [L]
Add a RewriteCond with the name of the file you want to access, that checks if the current file is the file that you want to access.