I am using .htaccess RewriteRule on a website I'm working on.
Here is a sample of my .htaccess
RewriteEngine on
RewriteRule ^about.htm$ /index.php?load=about&output=html [NC]
I would like to know if there is a way in my index.php file to detect
if the page have been called via a Rewrite or the user reached it
directly. I'm trying to avoid having to write some security check that
I am not even sure where to start.
If there is no way to make that "check" where should I start to secure
the file ?
My guess would be to make sure only load and output are
passed to the $_GET, make a strip_tags(), trim(), stripslashes() and remove quotes.
Thank you!
Look for REDIRECT_URL or REDIRECT_STATUS in the $_SERVER global. mod_rewrite should be adding these.
You can check the request uri, which is contained in the $_SERVER global variable.
Related
This one is a bit tricky for me, I want to make this URL as minimal as possible. Ideally I would like to change this URL:
http://www.example.co.uk/profile/profile.asp?profile_id=1&top=1&abt=2&ft=3&school=Something%20School
to:
http://www.example.co.uk/something-school/
Using .htaccess file.
This means we would be using the school get variable to replace the .asp file name, getting rid of /profile/ as well as the other get variables.
Is this possible? If so how? If not could you potentially give me an alternative?
Any help would be greatly appreciated!
EDIT
A user Badhorsie has wrote a rewrite rule for me which does the exact conversion. Unfortunately the webpage fails to load as these get variables are unfortunately necessary for the page to load.
I am guessing it is not possible to hide the get variables. In which case would it be possible to retain the get variables but to keep them clean? Looks like the directory is also necessary?
Perhaps something like: www.example.co.uk/profile/something-school/1/1/2/3
We can get rid of the school get variable as it is not needed (only needed to replace the profile/profile.asp section.
Try this:
RewriteCond %{QUERY_STRING} (.+(?=&school))school=([\w%-]+)
RewriteRule ^profile/profile.asp /%2?%1 [L,NE,R=301]
Did you tried this RewriteRule. Try adding this code in your .htaccess file.
RewriteRule ^http://www.example.co.uk/profile/profile.asp?profile_id=1&top=1&abt=2&ft=3&school=Something%20School?$ http://www.example.co.uk/something-school/ [L]
How do I strip a part of the url? I do not know much about htaccess or apache.
I would like to strip www.mysite.com/page=services to www.mysite.com/services for example.
What exactly do I need to put in the .htaccess file in order to achieve this, and would that work for other pages as well?
Thanks.
I tried this for one of my sites lately and came up with this and for me it works fine,
this goes into the .htaccess file:
RewriteEngine On
RewriteRule ^([A-Za-z]+)/?$ index.php?page=$1 [NC,L]
then if you would write yoursite.com/pagename it would send yoursite.com/index.php?page=pagename to your php.
You will link to the page like so: yoursite.com/pagename
it wont change yoursite.com/index.php?page=pagename to yoursite.com/pagename in the adress bar after you send it.(if that makes sense :) )
I hope this is what you are looking for...
I think you mean your original URL to be www.mysite.com/index.php?page=services and not www.mysite.com/page=services
Also, you probably mean the opposite, you should switch www.mysite.com/services to www.mysite.com/index.php?page=service
Anyway, to change www.mysite.com/services to www.mysite.com/index.php?page=services then you need .htaccess, and the rule for that would be RewriteRule ^([^/]+)/?$ /index.php?page=$1 [L]
As suggested earlier, you should read about .htaccess, regex, and rewrite rules. Best resource is the apache documentation here: http://httpd.apache.org/docs/2.2/howto/htaccess.html
I read your comment earlier that you need the opposite, I am not sure why you need that, because the whole idea of URL shortining is to make easy-to-remember URLs in addition to some security concerns that can be resolved. The URL is the first thing that is sent to load your webpage, then .htaccess changes it to some form undrstandable by PHP then PHP deals with get parameters for example.
I want to have the URL http://something.com/somestring where the somestring is picked up by the php $_GET, instead of having to write http://something.com/index.php?var=somestring and inside php using $_GET["var"].
How do I do it?
If you are running on Apache, you can use mod_rewrite. Other servers have different methods, but the general term us 'URL rewriting' to describe this functionality.
Your question has already been answered. But to give you the common example for your case:
RewriteEngine
RewriteCond ./%{REQUEST_URI} !-f
RewriteRule ^(\w+)$ index.php?var=$1 [L]
The first cond prevents the rule from rewriting requests to real files. The second takes any alphanumeric string and appends it as GET parameter to your script.
You can use .htaccess and mod_rewrite to do this, assuming you are using apache as webserver -> http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
Look into .htaccess and mod_rewrite.
Another option would be using the $_SERVER["QUERY_STRING"]
http://something.com/index.php?=somestring
$_SERVER["QUERY_STRING"] would return "somestring"
so my index.php can be this:
<?php
$restOfURL = ''; //idk how to get this
print $restOfURL; //this should print 'FOO', 'VAR3', or any string after the domain.
?>
You want to use,
<?php
$restOfURL = $_SERVER['REQUEST_URI'];
// If you want to remove the slash at the beginning you can use ltrim()
$restOfURL = ltrim($restOfURL, "/");
?>
You can find more of the predefined server variables in the PHP documentation.
Update
Based on your comment to the question, I guess you're using something like mod_rewrite to rewrite the FOO, etc and route everything to just one file (index.php). In that case I would expect the rest of the URL to already be passed to the index.php file. However, if not, you can use mod_rewrite to pass the rest of the URL as a GET variable, and then just use that GET variable in your index.php file.
So if you enable mod_rewrite and then add something like this to your .htaccess file,
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?url=$1 [L,QSA]
Then the rest of the URL will be available to you in your index.php file from the $_GET['url'] variable.
Reading $_SERVER['REQUEST_URI'], as everybody has pointed out, can tell you what the URL looks like, but it doesn't really work the way you want it unless you have a way to point requests for me.com/VALUE1 and me.com/VALUE2 to the script that will do the processing. (Otherwise your server will return a 404 error unless you have a script for each value you want, in which case the script already knows the value...)
Assuming you're using apache, you want to use mod_rewrite. You'll have to install and enable the module and then add some directives to your .htaccess, httpd.conf or virtual host config. This allows you make a request for me.com/XXX map internally to me.com/index.php?var=XXX, so you can read the value from $_GET['var'].
$var = ltrim( $_SERVER['REQUEST_URI'], '/' )
http://www.php.net/manual/en/reserved.variables.server.php
Just by looking at the examples, i think you are looking for the apache mod_rewrite.
You can apply a RewriteRule via an htaccess file, for example:
Options +FollowSymlinks
RewriteEngine on
RewriteRule ^([\w]+)$ /checkin.php?string=$1 [L]
For example this url http://foo.com/aka2 will be process by checkin.php script and will have "aka2" passed as $_GET['string'].
Make no mistake, the URL will still be visible in the browser as http://foo.com/aka2 but the server will actually process http://foo.com/checkin.php?string=aka
mod_rewrite documentation
$_SERVER['REQUEST_URI']
Why bother with all the fancy mod_rewrite/query_string business? There's already $_SERVER['PATH_INFO'] available for just such data.
I want to use htaccess to not only choose the script that processes the request, but also to change the request uri as php sees it. Can this be done?
For example:
RewriteRule /funstuff/ funstuff.php
...How can I change that RewriteRule or otherwise change my .htaccess file to get funstuff.php to think that the original request url was actually http://www.example.com/funstuff.php and not http://www.example.com/funstuff/?
The best I can see is
$_SERVER["SCRIPT_NAME"] or $_SERVER["PHP_SELF"]
(Both should be fine)
in conjunction with
$_SERVER["QUERY_STRING"]
to get the full request. There seems to be no ready-made REQUEST_URI for this.