Reputation: 9616
How to access a file via htaccess?
I have a folder structure like
Controller
|_check.php
View
|_ .htaccess
|_ index.php
|_ Webroot
|_ js
|_common.js
.htaccess
In .htaccess
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ View/ [L]
RewriteRule (.*) View/$1 [L]
</IfModule>
In View/.htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]
</IfModule>
The outer .htaccess file links to View folder and there View/.htaccess links to index.php.
There is button in index.php(view file) with ajax to check.php.
I have given common.js The corresponding ajax function url as
var url = 'check.php'; // OR '../Controller/check.php'
The problem is the ajax is not working properly with two urls.
Whether I need change the folder structure to correct it or do I need to alter any htaccess file for accessing the check.php?
Upvotes: 1
Views: 193
Answers (2)
Reputation: 116
Why dont you just set the path for the domain on the "View" folder, so noone can access you controllers etc. ?
I think this should also be more simple than playing around with .htaccess !
This is the way most PHP Frameworks do it..
And if you need to access the functions of check.php you can make a "ajax.php" that checks if the request is ok, and then uses "check.php" to catch the result!
Upvotes: 1
Reputation: 18923
It's not about the folder structure but rather the htaccess rewrite rules that are wrong.
Your htaccess in the "root" redirects all requests to the View folder (which defaults to index.php, I assume)
I don't understand what you're trying to accomplish, if you explain I might be able to help you.
In your current setup, you can't access any file besides View/index.php (even when passing GET argument url)
EDIT:
In that case, if you wish to View/index.php be the only file accessible and force people to pass through View/index.php file, you can use PHP session variable.
Something like this...
in the top of your view.php file:
session_start();
$_SESSION['viewCheck'] = true;
//rest of view.php code
in your check.php code (or the file you're trying to access via AJAX)
session_start();
if (isset($_SESSION['viewCheck']) && $_SESSION['viewCheck'] === true) {
//Code of check.php
} else {
//Error message or redirect to view.php, for instance
//error message example
header('HTTP/1.0 401 Unauthorized');
//Redirect example
header("Location: http://www.yourhost.com/View/index.php");
}
NOTE 1: You should remove the rewrite rules of your htaccess files.
NOTE 2: Keep in mind that this is not bullet proof (and can be spoofed) since:
If someone visits View/index.php then he can access check.php freely. This can be mitigated if the session is killed after the ajax request. You can accomplish that if the ajax request consists in 2 requests, for instance, one to get a session key which expires in 10 seconds for instance, and then use that key to obtain the results from check.php
Session can be spoofed too (read more here)
Upvotes: 2
Related Questions
- htaccess do not allow to access a file
- .htaccess allow access to more than one file PHP
- PHP how to access files in a folder protected by htaccess
- Accessing a file through .htaccess
- set htaccess for access to this file Directly
- How to access files from a certain php page that are protected by htaccess?
- htaccess allow access to one PHP file
- .htaccess Load as another file
- How to rewrite folder access to a specific file?
- denied access file