How to access a file via htaccess?
Question
I have a folder structure like
Controller
|_check.php
View
|_ .htaccess
|_ index.php
|_ Webroot
|_ js
|_common.js
.htaccess
In .htaccess
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ View/ [L]
RewriteRule (.*) View/$1 [L]
</IfModule>
In View/.htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]
</IfModule>
The outer .htaccess file links to View folder and there View/.htaccess links to index.php.
There is button in index.php (view file) with ajax to check.php .
I have given common.js The corresponding ajax function url as
var url = 'check.php'; // OR '../Controller/check.php'
The problem is the ajax is not working properly with two urls.
Whether I need change the folder structure to correct it or do I need to alter any htaccess file for accessing the check.php ?
2 answers
solution1
2 ACCPTED 2012-07-29 15:47:13
It's not about the folder structure but rather the htaccess rewrite rules that are wrong.
Your htaccess in the "root" redirects all requests to the View folder (which defaults to index.php, I assume)
I don't understand what you're trying to accomplish, if you explain I might be able to help you.
In your current setup, you can't access any file besides View/index.php (even when passing GET argument url)
EDIT:
In that case, if you wish to View/index.php be the only file accessible and force people to pass through View/index.php file, you can use PHP session variable.
Something like this...
in the top of your view.php file:
session_start();
$_SESSION['viewCheck'] = true;
//rest of view.php code
in your check.php code (or the file you're trying to access via AJAX)
session_start();
if (isset($_SESSION['viewCheck']) && $_SESSION['viewCheck'] === true) {
//Code of check.php
} else {
//Error message or redirect to view.php, for instance
//error message example
header('HTTP/1.0 401 Unauthorized');
//Redirect example
header("Location: http://www.yourhost.com/View/index.php");
}
NOTE 1: You should remove the rewrite rules of your htaccess files.
NOTE 2: Keep in mind that this is not bullet proof (and can be spoofed) since:
If someone visits View/index.php then he can access check.php freely. This can be mitigated if the session is killed after the ajax request. You can accomplish that if the ajax request consists in 2 requests, for instance, one to get a session key which expires in 10 seconds for instance, and then use that key to obtain the results from check.php
Session can be spoofed too (read more here )
solution2
1 2012-07-29 16:46:33
Why dont you just set the path for the domain on the "View" folder, so noone can access you controllers etc. ?
I think this should also be more simple than playing around with .htaccess !
This is the way most PHP Frameworks do it..
And if you need to access the functions of check.php you can make a "ajax.php" that checks if the request is ok, and then uses "check.php" to catch the result!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.