Apache - How can I run a PHP script when opening HTML files?

Question

Background

I am working on a website, which runs on an Apache server on Windows (at least at the moment). My website directories consist of HTML and PHP files. The idea is to have accessible webpages as HTML files, and whenever I need to use dynamic content, I will use Javascript and AJAX requests in order to request what I need from the server. AJAX requests will be made to PHP scripts, which have a directory dedicated to them. Because I would like to keep everything well organised in their own units, this is the way I do it (I try to avoid inline PHP as much as possible).

Objective

Public HTML files do not need any special settings. When it comes to administrator specific HTML files, however, I would like to do something very specific with them. Instead of writing some inline PHP code to authenticate a user as an administrator on an administrator webpage (an HTML file), I would like to execute authentication script whenever a user tries to open administrator specific HTML files, to check, if the user can open the file.

Question

In short, this is my question: how can I run a PHP script when opening HTML files? What kind of configurations do I need to do on the Apache server or can I simply utilize PHP somehow?

Answer 1

You can try with an iframe / embed tag,

OR:

<html>

<head>
    <script src="js/jquery.min.js"></script>
    <script>
        $(document).ready(function(){
            $.ajax({
                url: 'php_File_with_php_code.php',
                type: 'GET', 
                data: 'parameter=some_parameter',
                success: function(data) {
                    $('#thisdiv').html(data);
                }
            });
        });
    </script>
</head>

<body>
    <div id="thisdiv"></div>
</body>

</html>

Source: How to run a php script inside a html file?

Answer 2

If you serve static HTML files, you cannot prevent a user to access it without using a programming language like PHP (or e.g. .htaccess). There are however multiple ways to handle your situation:

1. You could fetch all administrative data from the PHP scripts with AJAX. This means that all your users could theoretically see how your administration is built of (the whole HTML structure without relevant data). Of course, you can create a redirect, if the AJAX call fails, but you are still offering the whole HTML of the administration.
2. You can store your administration HTML file in the back-end. The user then tries to access the administration and the only thing he gets, is an AJAX call to the back-end. If the call is successful, the HTML is delivered with AJAX to the front-end. This prevents the users to see your administration HTML.
3. You can use a small PHP snippet on top of every administration page which checks if a user should have access to this page. This prevents the users also to see your administration HTML.
4. You store the HTML of your administration in an HTML file, also served to the user. Then, you make an initial call to the back-end on page load. In the success case, you make another AJAX call to fetch the administartion HTML. The user could potentially see the administration HTML (if he directly opens the file).
5. You could use a PHP independent server authentication with .htaccess. .htaccess is an apache server authentication configuration file. You can use it to prevent a user from accessing your site (so, there is no access to the HTML file at all). When trying to access the page, a popup appears and the user has to enter his credentials. It is completely independent from your business logic and the allowed users have to be set in a .htpasswd text file. There is no way to use a modern database-relying user management with .htaccess server authentication. With this solution, you also cannot use an HTML form to log in. I would only recommend this solution for testing purposes and not for a modern website.

If your PHP back-end is solidly built, I would go for solution 1. The user cannot do anything with your HTML, if you are properly checking the user's input on your back-end interface. This means, you serve all the HTML, but do not display it to the user until the data is loaded. You can show a spinner while it is loading. Here is some basic code:

JavaScript (jQuery):

$(document).ready(function() {
    $.ajax({
        url: 'administration.php',
        method: 'GET'
        success: function(response) {
            $('input.username').val(response.username);
            // ( ... )
            $('.administration').fadeIn('fast');
        },
        error: function() {
            window.location.href = 'index.php';
        }
    });
});

HTML:

<body>
    <div class="administration">
        <label>Username 
            <input type="text" class="username" />
        </label>
    </div>
</div>

CSS:

.administration {
    display: none;
}

Answer 3

You may simply configure your Server (APACHE) to treat Files with .html extension as regular PHP Files. Here is how: if you don't have a .htaccess File in your Project root, create it. Then inside the .htaccess File add the following line:

    # TELLS APACHE TO HANDLE ALL FILES WITH .html or .htm EXTENSIONS AS PHP FILES.
    AddHandler x-httpd-php .html .htm

However, depending on your Server, the above may not work; in which case you may may try one of the following:

    # TELLS APACHE TO HANDLE ALL FILES WITH .html or .htm EXTENSIONS AS PHP FILES.
    AddHandler php-script .php .html .htm

or this:

    # TELLS APACHE TO HANDLE ALL FILES WITH .html or .htm EXTENSIONS AS PHP FILES.
    AddType application/x-httpd-php .htm
    AddType application/x-httpd-php .html

However, the first variant may most likely work for you. I hope this helps. Good Luck to you, my Friend.