Help with HTAccess 1

[theniteowl]

Hi All,
I am re-vamping the local middle school web site and would like to have all links from the site piped through my template page so as to enforce a common template to the site but still allow the teachers to create their own pages that will get loaded inside that template.

I am told that using HTAccess should allow for this.
What I need is to have all links in pages under this set of folders to automatically load via my template unless the link is for a site not local to the site in which case I would want it to load into a new browser window.

Can anyone give me a basic rundown on how to set this up? I have read around a bit but am still putting puzzle pieces together from different sources.
A basic example of how to setup to force page xyz.htm to get loaded through the main index.php page should be all I need to figure things out. And if there is any server-side information available such as the folder location of the page the link was called from or other such useful bits of info that would be enormously helpful.

Essentially I have a main page that loads primary and secondary navigation controls based on current page selection and then loads the appropriate html page within the main content window. It works well as is except that if the teachers create an HTML page with links they currently would have to specially forumalate their links to pass values to my script page and I do not want to have to rely on them having to remember how/when to do that.

Thanks.


[blue]It's hard to think outside the box when I'm trapped in a cubicle.[/blue]
In an increasingly self-focused society it is important to recognize the unselfish actions of others so they will feel encouraged to continue such actions. Please give acknowledgement to those who aid you whether it is waving to the person who let you out

 

[theniteowl]

it would if the images were in one of the folders that were "denied". you can get around this with having all images stored in another folder that is not denied.

The main folder is newjfk and the images are in newjfk/images. The .htaccess file is under newjfk/temp so the images should not be denied.

give me an example of a url that is called by a rogue page and what it actually should look like.

I guess I do not understand what you are asking. The URL would be any link at all on one of the content pages. It could be a link to another file in the same directory or in another directory or to an outside site altogether so it is just <a href="nextpage.htm">Next Page</a>.
The teachers would be placing links on their pages pointing to wherever they wanted to point to or to any new pages they created. That link would cause the permission error pointing to the error script where I will have to work on reformatting the URL and then redirect the page.

Currently I do not point to an error script I just point to a copy of my index.php file with your code:
if (isset($_GET['error'])):
echo "requested uri as {$_SERVER['REQUEST_URI']}";
endif;
at the top of the page. The index.php page loads and loads the include files which are all in the same folder as index.php but fails to load the images that are in the images subfolder. At that point if I click on any of the menu links it tries to use the path newjfk/test/ as the base URL to load the next page instead of using the newjfk folder which of course causes another denied error making it load index.php again instead of the requested page.

The true root path (for this site) is jfk and the newjfk folder is a subfolder where I am building the new site so I set the actual line in the .htaccess file to:
ErrorDocument 403 /jfk/newjfk/index2.php?error
so when it redirects it goes to the root then into the newjfk folder.
I had to do this out on the actual server rather than my own at home since I run IIS and could not use .htaccess to do this with. Might have to setup Apache so I can be sure to keep the environments the same and know it will work when I roll out the whole thing.

In any event, the htaccess file redirects to my index2.php and your code at the top displays:
requested uri as /jfk/newjfk/test/test2/test.htm
But what I suspect is that although the server loads the error page as directed it keeps the current folder address so when the page tries to load images from a sub folder it tries to do it from /jfk/newjfk/test/test2/images instead of /jfk/newjfk/images. That is an untested idea though, I have not had a chance to work out a test to confirm it.

I appreciate your help. I do not know PHP and Apache well, I work in IIS with ASP and most of my coding is in Javascript and that is the forum I usually hang out in answering other peoples questions.


It's hard to think outside the box when I'm trapped in a cubicle.

 

[jpadie]

requested uri as /jfk/newjfk/test/test2/test.htm

that's what i was after!

so you actually want
/jfk/newjfk/test/test2/test.htm
to be
/jfk/newjfk/index2.php?url=test.htm

so just parse the requested uri to become as per the above example and then

if (isset($_GET['error'])):
header("Location: ".getparsedaddress($_SERVER['REQUEST_URI']));
endif;

function getparsedaddress($r_url) {
 //do something with the $r_url
}

 

[theniteowl]

I am having problems with this:
I am not sure how the value from the getparsedaddress function gets returned but in the meantime I removed that function and just did this:

if (isset($_GET['error'])):
header("Location: /jfk/newjfk/index.php");
endif;

But it returns this error:
Warning: Cannot modify header information - headers already sent by (output started at /export/home/northampton/jfk/newjfk/index2.php:6) in /export/home/northampton/jfk/newjfk/index2.php on line 11

Which makes me wonder if the whole uri was not shown by the previous code and perhaps I need to the longer path so I put the path into the code as show in the error message but it just returns the same error.

I figured I have to get past this error before I begin working on parsing.

How would the getparsedaddress return the parsed value once I figure out how I want to parse it? Like in VBScript setting getparsedaddress = myparsedvalue?


It's hard to think outside the box when I'm trapped in a cubicle.

 

[jpadie]

the error comes becomes you are outputting some content before the header directive. the content can be as little as a blank line to queer the pitch.

on the last question just use the code i posted

if (isset($_GET['error'])):
header("Location: ".getparsedaddress($_SERVER['REQUEST_URI']));
endif;

function getparsedaddress($r_url) {
 //do something with the $r_url
 $newurl = ""; //something that is done to the old url
 return $newurl;
}

if you post the file that you are using and an example of a mapping (i.e. what should /jfk/newjfk/test/test2/test.htm translate to (including the query string)). then i can better exemplify what i am trying to describe!

 

[theniteowl]

OK, I have it working doing the redirect with your code above. I am not yet parsing out the uri and adding on querystring info as those are projects in and of themselves.
Getting the redirect working was the first step.

I have some thinking to do on how to deal with passing the querystring values. Previously they would be generated and stored in a variable that would have to be manually inserted into the HREF and that manual insertion is what I am trying to avoid so some rethinking of the menu system is needed. I wanted to keep the values on the querysting so that bookmarked pages will load correctly and any menu option click will pass them, just not links from inside the content pages. I might look into setting the current menu values into session variables (is that an appropriate term in PHP?) so that when the error.php file executes it can determine under which top/sub menu option that content page existed and use the info to help build the new querystring to pass into index.php.
I just have to consider how I handle things when they try to link to other parts of the same website rather than just files under their own subfolder.

The menu works by assigning a list of options to each top level option and each one of the sub menu options represents a sub folder in which all content to that option is referenced so all of the links stay relative to that options folder. If they point to a different sub folder then I will have to determine where that is and alter the menu options appropriately but I should be able to figure that out by parsing out the passed uri testing it for sub folder names below the root.

This all turned out to be trickier than I had thought it would be but I think it is going to work. The only special requirement will be that alterations to the navigation menu be handled through a script CM script that I will write for them.

Thank you very much for your help, it would have taken me a very long time researching and testing to figure it out with my limited PHP and Apache experience.


It's hard to think outside the box when I'm trapped in a cubicle.

 

[jpadie]

@theniteowl

I might look into setting the current menu values into session variables (is that an appropriate term in PHP?)

it is the right term. it is usual to hold this kind of "state" information in a session variable.

 

[theniteowl]

jpadie, one more question on this. It is probably more htaccess related than PHP but the Apache forum is pretty slow and there might be a PHP solution as well.

Using the methods you showed me in the above posts I have the .htaccess file blocking a sub folder, sending to the error.php file which redirects the uri to use the index.php with querystring parameters. Those parameters cause the index.php page to load and it does an include on the specified content page which resides inside a folder otherwise blocked by the .htaccess file. It works fine except that images for the page do not load.

Each sub folder has it's own images folder so the page teams is jfk/newjfk/teams with jfk/newjfk/teams/images.
The index.php loads and does an include for teams/teams.htm and the teams.htm uses the path teams/images/whatever.gif to get it's images because it is loading in the context of the newjfk folder.
The images do not load though and I suspect it is the htaccess file preventing it although it does allow the inclusion of the teams.htm which should otherwise be blocked by the same htaccess file.

Any ideas?
Can the .htaccess file be set to recognize calls from the local server account as valid access and block anyone else?
In ASP we can use the IUSR_machinename account so I assume there is something similar for Apache.

Even placing the image into teams rather than teams/images and altering the path does not help but taking away the .htaccess file in the teams folder allows it to load normally so I assume there is some special allowance for the index.php loading the teams.htm page but as the teams.htm page tries to load a file from the images folder it fails.


It's hard to think outside the box when I'm trapped in a cubicle.

 

[jpadie]

the images are being loaded by the browser and not by php. if the htaccess file is in the teams directory then it will also effect the images directory below it.

try butting another htaccess in the images directory that counteracts the deny from all directive.

remember htaccess effects the directory and all subs (i'm sure you can restrict to just cwd but i don't recall how!)

 

[theniteowl]

So when the PHP code does the include of one of the HTML files it operates with server-side permissions to grab the file even though it is in a folder restricted by the htaccess file, so it's only when the HTML is processed and it begins loading the images that it becomes a problem.

So htaccess settings for server-side access is not going to help with the images anyway. Hmm.

I can of course use more htaccess files but then it is going to start getting a bit dicey when people start adding new folders on their own. I am going to have to think about it some more to figure out all the implications.

Thanks.
If you have any ideas on simplifying this I would be glad to hear them. Short of parsing out the HTML files and replacing certain actions with server-side code I do not see everything working exactly the way I want it to. Like parsing out image tags then setting up an image preload with server-side code and swapping out the link to point to the loaded object. But then the system is getting a bit too complex.

It's hard to think outside the box when I'm trapped in a cubicle.

 

[jpadie]

i'm heading back to a partial use of mod_rewrite here...

try replacing your current htaccess with this

RewriteEngine on
RewriteRule \.(html|htm|php|php4|php5)$ [URL unfurl="true"]http://yourdomain.com/index.php?error[/URL] [R,L]

i have a php solution for you if the above does not work. it will take a few minutes to scope out as it uses regex but i will work on it if the above does not work for you.

 

[theniteowl]

This works.
It works with the relative path as well so I just reduced to /jfk/newjfk/index.php?error for the path. It leaves me some other minor issues that are more about how the template page is setup which I will have to work out.

The above does not take into account if no filename is given or a filename without an extension is given but I can setup error detection for that on separate lines.

I should be able to use a single htaccess file to do all sub folders this way and not have to have a lot of disable/enable versions for every set of sub folders.

If you have a better method I am always interested. I have worked with regex quite a bit but have not yet learned it well enough to write any but the simplest of expressions myself. I mostly just keep a library to use in my own code.
But I may be able to make this work so unless you are intrigued by the project and want to play around with it you have certainly spent enough time helping me with this bit.

One possible issue I may still face is that I create the page including html, head, body, etc tags and insert the required content page inside of it. I wonder if I will run into trouble if the teachers create entire HTML pages with their own head, body, etc tags in them contained inside my page. That is one reason I originally thought I might have to read and parse all the HTML to make the template work.

Thanks again.

It's hard to think outside the box when I'm trapped in a cubicle.

 

[jpadie]

great news.

the regex solution was to use a file_get_contents function to retrieve the otherwise "included" files and do a find and replace on the src attribute of the <img tags.

on your possible issue in the last para. i'd consider writing a little script that runs every now and then to parse the php/html files in relevant subfolders searching for dodgy markup. if you can face it, write a rule to comment out the lines but you'll probably find that flagging the file to you in an email, manually editing it and/or berating the author, will be quickest in the end. Of course, the better solution is to control what the editors can type in to start with - but that's a whole different ball game!

the parse file could be as simple as :

$naughties = array (
"<html",
"<body",
"<head",
"<script",
"<link",
"<style",
"style=",
"style =");

$filecontents=file_get_contents($path.$filename);

if (strpos($filecontents, $naughties) === false)):
  //do nothing
else:
  mail($to, "Found a naughty file", $path.$filename, "From: $from \r\n);
endif;

 

[theniteowl]

I use a similar javascript function to generate HTML formatted emails. Rather than having to maintain a complete copy of the form page to send as the output I wrote a function that grabs the innerHTML of the form and parses out all of the form fields altering their properties as necessary to make the submitted email a readonly version and it finds and embeds included stylesheets and style tags as well. It then sends the reformatted output in a hidden form field to my ASP page to be submitted as the body of the message.
It works very well though I had trouble dealing with multi-select boxes since if you set them readonly you cannot scroll through the list to see which options were selected and an inability to accurately judge the width it will take on the rendered page so it does not throw off any formatting of the page from what the original had.

I just have to figure out how to do the same type of things server-side in PHP. I shudder to think of it.



It's hard to think outside the box when I'm trapped in a cubicle.

 

[jpadie]

i think education is the better policy. i'd go for the flag and berate route for a month and see where you end up. you could also block server access to blocked files (just rename the file with a tmp suffix).