I have a problem with my download file due to some wrong coding in htaccess,here is my htaccess code for this url
URL:
https//www.example.com/download.php?fil=`<?php echo $nm ; ?>`&fpath=`<?php echo $fpath ; ?>`&ntid=`<?php echo $ntid ; ?>`
$nm= b5fgh68dsk3nlxz.pdf ,
$fpath= ..uploads/45 ,
$ntid= 146
now htaccess is
RewriteEngine ON
RewriteRule ^n9/([a-zA-Z0-9!##$-_]*)/([a-zA-Z0-9!##$-_]*)/([0-9]+)$ download.php?fil=$1&fpath=$2&ntid=$3
now problem is normally without htaccess files can download easily but with the htaccess download couldn't established
url looks after htaccess
https://www.example.com/n9/b5fgh68dsk3nlxz.pdf/..uploads/45/146
That ..uploads part also looks like a possible vulnerability allowing people to get the source of possibly any file on the server if you're not careful.
But if your download.php file takes precautions before giving them the file contents, I'd seek a workaround to preserve your slashes. From your PHP file which is generating the link, I'd do:
<?php
function base64url_encode($data) {
return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}
?>
download
Then from your download.php on the top I'd use:
<?php
function base64url_decode($data) {
return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));
}
if(isset($_GET['fil']))$_GET['fil']=base64url_decode($_GET['fil']);
if(isset($_GET['fpath']))$_GET['fpath']=base64url_decode($_GET['fpath']);
if(isset($_GET['ntid']))$_GET['ntid']=base64url_decode($_GET['ntid']);
?>
Finally, use can get by with the following clean .htaccess:
RewriteRule ^n9/([a-zA-Z0-9_-]+)/([a-zA-Z0-9_-]+)/([a-zA-Z0-9_-]+)$ download.php?fil=$1&fpath=$2&ntid=$3
Related
I'm trying the second way to run PHP code in HTMl file using a rule in .htaccess file as described by the link https://stackoverflow.com/a/6237056/3208225
RewriteEngine on
RewriteRule ^(.*)\.html $1\.php
But when I try opening my page e.g. test.html I receive
Not Found
The requested URL /test.html was not found on this server.
Why and how to resolve?
UPDATED (from comments)
I try both on localhost and on my shared hosting. htaccess and html files are in document root. BTW, the homepage (index.html) also returns Not found. In local machine the path is D:/Server/vhosts/another. And without this htaccess such virtual host works just fine. So there is no issue with its configuration.
With your shown samples please try following .htaccess rules file. Make sure your htaccess is present along with your php files only. Also clear your browser cache before testing your URLs.
RewriteEngine ON
RewriteRule ^(.*)\.html/?$ $1.php [NC,L]
Fix added by OP: Please note such rule is not execution of PHP code inside of HTML file, but just a redirecting from HTML file to PHP file, so the second file also must exist
I'm trying to make a RewriteRule in .htaccess so that when users visit http://domain.com/pages/1 they actually get a page rendered by Slim framework accessible at http://domain.com/api/v1/pages/1.
The folder structure is as follows:
/api
-index.php <-- This is a Slim index file
-.htaccess <-- This is a Slim .htaccess (unmodified)
/components
-page.php <-- This is a page template that I use for rendering in Slim
index.php <-- This is a homepage
.htaccess <-- This is my wwwroot .htaccess
My page.php template looks like this:
<?php
?>
echo 'This is a page'
Here's the Slim part (for the sake of simplicity it doesn't yet pass the $id' variable to the template):
$app->group('/v1', function () use ($app) {
$app->get('/pages/:id', function ($id) use ($app) {
$app->render('../../components/page.php');
});
});
The rewrite rule in .htaccess under wwwroot is:
RewriteEngine On
RewriteRule ^pages/([0-9]*)?$ api/v1/pages/$1 [L]
There are two weird things that bother me:
In this configuration accessing the page at http://domain.com/api/v1/pages/1 works, but it doesn't work at http://domain.com/pages/1
When I try to access http://domain.com/pages/1 I get a 404 error, which is generated by Slim, rather than apache.
My question is as follows:
What is the correct/proper .htaccess rewrite rule to rewrite an URL for a page rendered by Slim in the above mentioned scenario?
This is due to improper rewrite pattern.
Try
RewriteEngine On
RewriteRule ^pages/([0-9]*)?$ api/v1/pages/$1
I have a problem with my site. After upgrading to mySQL 5.6, then the host povider did a recompilation of Apache and PHP. apparently they also upgraded the WHM cPanel.
as for now my site can display properly, but when tried to login, it can't find the specific page requested.
The error Message:
The requested URL /main/cek_login was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
error messages from cPanel:
[Mon Dec 22 10:10:58 2014] [error] File does not exist: /home/xxx/public_html/main
[Mon Dec 22 10:10:56 2014] [error] File does not exist: /home/xxx/public_html/404.shtml
My analyses so far:
CI version : 2.2
PHP Version : 5.4.3.5
mySQL version : 5.6.21
cPanel Version 11.46.1 (build 4)
main -> is actually a file called main.php
cek_login -> is a function inside main.php that run verification against record in user table.
the folder structure as follows.
/home
/application
/controllers
/main
/view
/login_view
/system
/assets
/cgi-bin
The code as follows
<div class="loginForm">
<?=($_GET[ 'error'])? "<div class='alert'>$_GET[error]</div>": ""?>
<form class="form-horizontal" action="<?php echo base_url().'main/cek_login'; ?>" method="POST">
config.php inside application folder
$config['base_url'] = '';
$config['index_page'] = '';
$config['uri_protocol'] = 'REQUEST_URI'; -> tried AUTO before, but useless. Previously was AUTO
.htaccess in root folder
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
.htaccess in another folder
deny from all
routes.php
$route['default_controller'] = "main";
$route['404_override'] = 'not_found';
I tried to see config files as well and tried a lot of tricks before posting this.
my suspicion is on the base_url function or the routing mechanism. I am not sure.
I am NEW to Code Igniter or PHP, also in Server Administration. my strength lies in Database.
Please help on narrowing the root problem.
best regards,
Ridwan
That error can happen for many reason. here is some
1.make sure you have main.php under controllers folder and inside main.php you should have a class Main which extends CI_Controller like this
class Main extends CI_Controller
2.make sure your .htaccess working.If your previous step is ok then try to hit this link
your_site_url/index.php/main/cek_login//make sure cek_login function exists inside the controller
If this link works you may have .htaccess problem
3.your cpanel error tells that your .htaccess not working.
check your server if it has main .htaccess which is redirecting your site if file not found.If so then your sub .htaccess will not work.
I think this is the main reason that produce your error.
Please check your config.php
$config['base_url']
then check 'routes.php', add the line below
$route['main/(:any)'] = 'main/index';
Then, add your login check in your controller file.
// Login check
$exception_uris = array(
'main/cek_login',
'main/cek_logout'
);
if (in_array(uri_string(), $exception_uris) == FALSE) {
if ($this->user_m->loggedin() == FALSE) {
redirect('main/cek_login');
}
}
Just upload a test file and check document root of your server directory.
1.Create a file info.php
2. Write code
<?php
phpinfo();
3.Open any broswer and type http://www.yourdomain.com/info.php
If it works fine, find document roon in listed information of info.php page
If this http://www.yourdomain.com/info.php not works, contact your server support team to fix it. Basically problem with server configuration, not with Codeigniter files.
I want to redirect from:
http://www.domain.com/index.php?subdomain=subdomain
to
http://subdomain.domain.com/
using .htaccess
This can be done like so:
#Permanent Redirect
Redirect 301 / http://subdomain.domain.com/
Note: there is also a temporary redirect which would use the code 302
However, after reading your question more.. Looks like you want to use a header() Location change instead.
Here is how you can do that in PHP:
<?php
if(isset($_GET['subdomain']) && strlen($_GET['subdomain']) >= 1) {
$sub = $_GET['subdomain'];
$url = 'http://' . $sub . '.domain.com';
header("Location:$url");
}
?>
I think that might be more what you are after.
The .htaccess file controls everything inside its directory so if you set a redirect in the root of www.domain.com it will redirect ALL traffic.
On your .htaccess file type in
Redirect /example.html http://example.com/newdirectory/
Change example with your file/domain, you just
need to adjust it accordingly.
For further clarification,
Click here.
I have created a mod_rewrite rule for my blog which works final on my local server but when I upload to my live server it's not passing the $_GET variables. I've managed to break the problem down into it's simplest form. Here's the mod_rewrite:
RewriteEngine on
RewriteRule ^test/([^/\.]+)$ test.php?var=$1 [QSA]
The file test.php is in the root of the site and simply has the following code in it:
echo '<pre>';
print_r($_GET);
echo '</pre>';
So when I go to mysite.co.uk/test/hello on my local server I'm getting
Array
(
[var] => hello
)
As I would expect. But when I try on my live site I'm still getting redirected to my test.php page, just without the $_GET variables:
Array
(
)
Does anybody have any ideas what could cause this? I've ran into a plethora of weird occurrences whilst trying to get this to work and any suggestions would be appreciated
This is due to Content Negotiation turned on my MultVIews Options in Apache.
Place this line on top of your .htaccess to turn off MultiViews:
Options +FollowSymLinks -MultiViews