php genious » HTACCESS

URL Rewriting in Opencart

admin — Tue, 06 Jul 2010 17:33:04 +0000

Hello Friends !! Today I am going to introduce that how to enable URL rewriting in Opencart.

I have completed my two projects in opencart and I already faced the problem that how to enable URL rewriting in Opencart.

So today I want to share with all of you guys that how to use URL rewriting in Opencart.

Follow below steps :

1) Rename your htaccess.txt to .htaccess.
2) Enter in admin area.
3) Go to Admin->Configuration->Settings->Server and check SEO URL option Yes.
4) Then you have to enter SEO keyword field in every products/categories/information etc.
5) You can find this field at that time of insertion or edition.

After all this settings, I am sure that URL rewriting is working in your opencart site.

If you have further query or if you have any confusion, then feel free to comment me. I will try my best to solve your issues..

Thanks in advance !!!

URL Rewriting with PHP and IIS 7

admin — Thu, 01 Apr 2010 07:31:04 +0000

Hello friends !! Few days ago, I faced a URL rewriting problem on windows server. After checking the server configuration, I found that there is an II7 installed. After long research about this, I found that II7 is not support .HTACCESS. If youwant to male your site SEO URL friendly, then you have to use web.config file for URL rewriting instead of .HTACCESS. Now the question is how to make web.config file from .HTACCESS ?

IIS 7 uses a file called Web.config to hold settings for integration with applications. The Web.config file contains information that control module loading, security configuration, session state configuration, and application language and compilation settings. Web.config files can also contain application-specific items such as database connection strings.
Today in this post, I will explain you how to make it ? This post contains most common uses of the .htaccess file by PHP applications, and shows how to use the Web.config file for these same functions in IIS.
Now First Here are the sample files of .HTACCESS and Web.config.

.HTACCESS Sample code

#
# Apache/PHP/Application settings:
#

# Protect files and directories from prying eyes.

Order allow,deny

# Don’t show directory listings for URLs which map to a directory.
Options -Indexes

# Follow symbolic links in this directory.
Options +FollowSymLinks

# Make Application handle any 404 errors.
ErrorDocument 404 /index.php

# Force simple error message for requests for non-existent favicon.ico.

ErrorDocument 404 “The requested file favicon.ico was not found.

# Set the default handler.
DirectoryIndex index.php

# Override PHP settings. More in sites/default/settings.php
# but the following cannot be changed at runtime.

# PHP 4, Apache 1.

php_value magic_quotes_gpc 0
php_value register_globals 0
php_value session.auto_start 0
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_value mbstring.encoding_translation 0

# PHP 4, Apache 2.

# PHP 5, Apache 1 and 2.

# Requires mod_expires to be enabled.

# Enable expirations.
ExpiresActive On

# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600

# Do not cache dynamically generated pages.
ExpiresByType text/html A1

# Various rewrite rules.

RewriteEngine on

# If your site can be accessed both with and without the ‘www.’ prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the ‘www.’ prefix. Choose ONLY one option:
#
# To redirect all users to access the site WITH the ‘www.’ prefix,
# (http://example.com/… will be redirected to http://www.example.com/…)
# adapt and uncomment the following:
# RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
# RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
#
# To redirect all users to access the site WITHOUT the ‘www.’ prefix,
# (http://www.example.com/… will be redirected to http://example.com/…)
# uncomment and adapt the following:
# RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
# RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]

# Modify the RewriteBase if you are using Application in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly.
# For example if your site is at http://example.com/application uncomment and
# modify the following line:
# RewriteBase /application
#
# If your site is running in a VirtualDocumentRoot at http://example.com/,
# uncomment the following line:
# RewriteBase /

# Rewrite URLs of the form ‘x’ to the form ‘index.php?q=x’.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

# $Id: .htaccess,v 1.90.2.1 2008/07/08 09:33:14 goba Exp $

Web.config Sample Code

installation to secure the installation. –>

–>

statusReason=”The requested file favicon.ico was not found”
statusDescription=”The requested file favicon.ico was not found” />

feature has been delegated as “Read/Write” at the Web Server level.

–>

Default Document

In the .htaccess file for the sample application, the DirectoryIndex directive tells the Web server which file to load if no filename is included with the URL.

# Set the default handler. DirectoryIndex index.php

For IIS 7, the default document should be set up as high in the Web site hierarchy as the Module Handler. For example, with PHP, the Module Handler is usually set at the Web server level. The default document should be set at that level also, rather than locally within a Web site’s context. The following code within your Web.config file can ensure this:

Error Page Redirects / Handling using .HTACCESS and Web.config

Some applications handle standard errors within the scope of the application. The ErrorDocument directive in the .htaccess file of the sample application tells the Web server to load the home page for any 404 or “File Not Found” errors.

# Make Application handle any 404 errors.

ErrorDocument 404 /index.php

IIS uses the httpErrors directive for this functionality. However, because the capability to set this at the application level is turned off by default for IIS, this section should be commented out.

feature has been delegated as “Read/Write” at the Web Server level.

–>

URL Rewriting using .HTACCESS and Web.config

IIS 7 includes the URL Rewrite module. You can use this extension to provide rules for IIS to rewrite incoming URL requests. The most common use of URL Rewriting is to provide shorter, easy-to-remember URLs.

Many PHP applications currently ship with rewrite rules as part of their .htaccess file. These rules tell Apache’s mod_rewrite how and when to rewrite incoming requests. The IIS 7 URL Rewrite module can read these rules and translate them into URL Rewrite rules.

For the sample application codes, the relevant mod_rewrite rules in the .htaccess file are:

RewriteCond %{HTTP_HOST} ^example\.com$ [NC]

RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteCond %{REQUEST_URI} !=/favicon.ico

RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

The IIS URL Rewriter module can read these rules and translate them. The translated URL Rewriter rules are:

I think this post become very helpful to those peoples who wants to use URL rewriting (SEO friendly URL) in IIS whcih are using PHP.

Feel free to post comment on this post. Thanks You …

CGI Tutorial

admin — Sat, 27 Mar 2010 06:48:53 +0000

CGI stands for Common Gateway Interface, which is the standard for creating dynamic files or web pages. It can be seen in use on thousands of web pages – website guest books which allow a visitor to enter a message which is displayed the next time anyone accesses the guest page, or search engine pages where one types in a query and the search engine responds by displaying the results pages.

CGI scripting actually refers to writing a program that will control how a website’s content can be displayed to visitors.

CGI variables

Before running a CGI application or interpreter, Abyss Web Server sets its environment variables in conformity with the CGI/1.1 specification and adds variables declared in the Custom Environment Variables table as well as the system environment variables. Some Abyss Web Server specific variables are also set.

The following list contains the variables documented in the CGI/1.1 specification and some variables commonly set by web servers:

PATH_INFO: The extra path information, as given in the requested URL. In fact, scripts can be accessed by their virtual path, followed by extra information at the end of this path. The extra information is sent in PATH_INFO.
PATH_TRANSLATED: The virtual-to-real mapped version of PATH_INFO.
SCRIPT_NAME: The virtual path of the script being executed.
SCRIPT_FILENAME and REQUEST_FILENAME: The real path of the script being executed.
SCRIPT_URI: The full URL to the current object requested by the client.
URL: The full URI of the current request. It is made of the concatenation of SCRIPT_NAME and PATH_INFO (if available.)
SCRIPT_URL and REQUEST_URI: The original request URI sent by the client.
REQUEST_METHOD: The method used by the current request; usually set to GET or POST.
QUERY_STRING: The information which follows the ? character in the requested URL.
CONTENT_TYPE: The MIME type of the request body; set only for POST or PUT requests.
CONTENT_LENGTH: The length in bytes of the request body; set only for POST or PUT requests.
AUTH_TYPE: The authentication type if the client has authenticated itself to access the script.
AUTH_USER and REMOTE_USER: The name of the user as issued by the client when authenticating itself to access the script.
ALL_HTTP: All HTTP headers sent by the client. Headers are separated by carriage return characters (ASCII 13 – \n) and each header name is prefixed by HTTP_, transformed to upper cases, and – characters it contains are replaced by _ characters.
ALL_RAW: All HTTP headers as sent by the client in raw form. No transformation on the header names is applied.
SERVER_SOFTWARE: The web server’s software identity.
SERVER_NAME: The host name or the IP address of the computer running the web server as given in the requested URL.
SERVER_PORT: The port to which the request was sent.
GATEWAY_INTERFACE: The CGI Specification version supported by the web server; always set to CGI/1.1.
SERVER_PROTOCOL: The HTTP protocol version used by the current request.
REMOTE_ADDR: The IP address of the computer that sent the request.
REMOTE_PORT: The port from which the request was sent.
DOCUMENT_ROOT: The absolute path of the web site files. It has the same value as Documents Path.
INSTANCE_ID: The numerical identifier of the host which served the request. On Abyss Web Server X1, it is always set to 1 since there is only a single host.
APPL_MD_PATH: The virtual path of the deepest alias which contains the request URI. If no alias contains the request URI, the variable is set to /.
APPL_PHYSICAL_PATH: The real path of the deepest alias which contains the request URI. If no alias contains the request URI, the variable is set to the same value as DOCUMENT_ROOT.
IS_SUBREQ: It is set to true if the current request is a subrequest, i.e. a request not directly invoked by a client. Otherwise, it is set to true. Subrequests are generated by the server for internal processing. XSSI includes for example result in subrequests.

If the current request is served by an SSL enabled host, the following SSL related variables are also available:

SSL_PROTOCOL: The SSL protocol version. It could be SSLv2, SSLv3, or TLSv1.
SSL_CIPHER and HTTPS_CIPHER: The SSL protocol version. It could be SSLv2, SSLv3, or TLSv1.
SSL_CIPHER_EXPORT: It is set to true if the cipher is conforming to US export restrictions (i.e. it is limited to 56 bit symmetric keys and 1024 asymmetric keys).
SSL_CIPHER_USEKEYSIZE and HTTPS_SECRETKEYSIZE: The number of cipher bits currently used.
SSL_CIPHER_ALGKEYSIZE and HTTPS_KEYSIZE: The maximum number of cipher bits that could be used.
SSL_SERVER_M_VERSION: The version of the server’s certificate.
SSL_SERVER_M_SERIAL: The serial number of the server’s certificate.
SSL_SERVER_V_START: The date corresponding to the start of the validity the server’s certificate.
SSL_SERVER_V_END: The date corresponding to the end of the validity the server’s certificate.
SSL_SERVER_A_SIG: The algorithm used to sign the server’s certificate.
SSL_SERVER_A_KEY: The encryption type of the private key of the server’s certificate.
SSL_SERVER_S_DN and HTTPS_SERVER_SUBJECT: The value of the subject’s DN (distinguished name) of the server’s certificate.
SSL_SERVER_S_DN_component: The value of the component of the subject’s DN (distinguished name) of the server’s certificate. component can be CN (Common Name), C (Country), ST or SP (State/Province), L (Locality), O (Organization), OU (Organization Unit), T (Title), I (Initials), G (Given Name), S (Surname), D (Description), Email (Contact Email).
SSL_SERVER_I_DN and HTTPS_SERVER_ISSUER: The value of the issuer’s DN (distinguished name) of the server’s certificate.
SSL_SERVER_I_DN_component: The value of the component of the issuer’s DN (distinguished name) of the server’s certificate.

The Abyss Web Server specific variables provide a means to access to server and host statistics. They are listed below:

X_ABYSS_STATS_SERVER_UPTIME: The total time in seconds during which the server was up.
X_ABYSS_STATS_SERVER_CURRENT_UPTIME: The total time in seconds during which the server was up since the last start or restart.
X_ABYSS_STATS_SERVER_TOTAL: The total number of processed requests for all the hosts. It includes also bad requests that were not targeting a specific host and that resulted in an error.
X_ABYSS_STATS_SERVER_ERROR: The number of requests for which the server replied by an error.
X_ABYSS_STATS_SERVER_HTML: The number of requests the server replied to by a document which MIME type was text/html.
X_ABYSS_STATS_SERVER_IMAGE: The number of requests the server replied to by a document which MIME type starts with image/.
X_ABYSS_STATS_SERVER_NOTMODIFIED: The number of requests for which the server detected that the requested document has not changed.
X_ABYSS_STATS_SERVER_OUTPUT: The total size in bytes of the payload sent by the server to the clients.
X_ABYSS_STATS_SERVER_COMPRESS_TOTAL: The total number of compressed responses for all the hosts.
X_ABYSS_STATS_SERVER_COMPRESS_OUTPUT_TOTAL: The total size in bytes of the payload sent by the server to the clients in compressed responses.
X_ABYSS_STATS_SERVER_COMPRESS_ORIGINAL_OUTPUT: The total original uncompressed size in bytes of the payload sent by the server to the clients in compressed responses.
X_ABYSS_STATS_HOST_UPTIME: The total time in seconds during which the current host was up.
X_ABYSS_STATS_HOST_CURRENT_UPTIME: The time in seconds during which the current host was up since the last server start or restart.
X_ABYSS_STATS_HOST_TOTAL: The total number of requests processed by the current host.
X_ABYSS_STATS_HOST_ERROR: The number of requests targeting the current host that resulted in an error.
X_ABYSS_STATS_HOST_HTML: The number of requests the current host replied to by a document which MIME type was text/html.
X_ABYSS_STATS_HOST_IMAGE: The number of requests the current host replied to by a document which MIME type starts with image/.
X_ABYSS_STATS_HOST_NOTMODIFIED: The number of requests for which the current host detected that the requested document has not changed.
X_ABYSS_STATS_HOST_OUTPUT: The total size in bytes of the payload sent by the current host to the clients.
X_ABYSS_STATS_HOST_COMPRESS_TOTAL: The total number of compressed responses for the current host.
X_ABYSS_STATS_HOST_COMPRESS_OUTPUT_TOTAL: The total size in bytes of the payload sent by the current host to the clients in compressed responses.
X_ABYSS_STATS_HOST_COMPRESS_ORIGINAL_OUTPUT: The total original uncompressed size in bytes of the payload sent by the current host to the clients in compressed responses.

In addition to these variables, all header lines received in the request are added to the environment with the prefix HTTP_ followed by the header name in upper cases. All – characters in the header name are changed to underscore _ characters. For example, User-Agent is translated to HTTP_USER_AGENT.

If the request results from an internal redirection (from an XSSI document or if it is used as a custom error page for example), the environment variables of the parent request are also added and each variable name is prefixed by REDIRECT_. The parent request’s status code is stored in the special variables REDIRECT_STATUS and REDIRECT_STATUS_CODE. The cookies of the parent request are also passed to the redirected request in the COOKIES environment variable. REDIRECT_STATUS_CODE may seem redundant but it is actually useful when with PHP scripts as some PHP configurations require setting REDIRECT_STATUS to a fixed value.

If you have any suggestion or any confusion, feel free to post comments.

Thanks a mill !!

Redirect to https (SSL) in php

admin — Thu, 26 Mar 2009 09:21:13 +0000

Hello Friends !!

Today I found some new things. This post is show you how to redirect to https(SSL) in PHP.

First, What is SSL ? Let me Explained :

SSL meand Secure Socket Layer. It is developed by Netscape to transmit private data via Internet.

SSL uses a cryptographic system that uses two keys to encrypt data – a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:

Most of e-commerce sites uses payment gateway for online payment.And those sites use SSL connection to transfer data to and from the payment gateway.

Most of the sites use http protocol. But in above case wehave to redirect browser to https.
If you want to see example, write “http://www.gmail.com” in browser, it automatically redirects to https.It means site transfer to SSL protocol.

First of all, you should know that SSL must be installed in the server. To redirect the browser to “https” , we must know that the site is using SSL or not at the moment. And for this, there is a server variable in PHP called “HTTPS”. $_SERVER['HTTPS'] returns “on” values when the site is using SSL connection.

PHP function to redirect browser to “https”

function redirectTohttps()
{
if($_SERVER['HTTPS']!=”on”)
{
$redirect= “https://”.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
header(“Location:$redirect”);
}
}
?>

you can call the function in that page where you have to redirect the browser to “https”.

Redirect website to “https” using .HTACCESS

You have to call above function in each and every page if you want to redirect whole sote. But rather than doing so it will be better to write code in .htaccess file to redirect the whole website to use SSL connection throughout the pages.Here is the .htaccess code :

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Just copy this code in yuor .htaccess file and place it in your root directory. Whole site will be redirected to “https” when browser will open with “http”.

If you have any query or any question then please comment on this post.

Thanks in Advance….

Block Proxy Servers using .htaccess

admin — Tue, 10 Mar 2009 06:43:00 +0000

Hello Friends !!

We all know about spamming.

In my last post we can block IP address using .HTACCESS. But suppose proxy server used for spamming then what will you do ? In using proxy server, every time IP address changed.

Generally hackers are also use proxy servers to hack the site.

Don’t worry about this. I found some code of .HTACCESS which blocks proxy servers to access your site.

How to Block Proxy Servers

This code help you to block proxy servers to access your site.

RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ – [F]

You have to simply copy this code into your siteâ€™s root htaccess file.

Upload to your server, and test it. If any problem then comment me.

Original article by Perishable Press: http://perishablepress.com/press/2008/04/20/how-to-block-proxy-servers-via-htaccess/

Thanks….

Block IP addresses Using .HTACCESS

admin — Sat, 07 Mar 2009 06:33:59 +0000

Hello Friends !!

In my previous post, i was write how to block IP address using PHP script ?

Today i will write that how to block IP address using .HTACCESS ?

There are several ways to block a specific IP range.

The first utilizes a CIDR number to block the specified range (via htaccess):

# block IP range by CIDR number

order allow,deny
allow from all
deny from 214.53.25.64/26

The second method is similar, only here we are expressing the range in netmask notation, using corresponding network/netmask values:

# block an IP range via network/netmask values

order allow,deny
allow from all
deny from 214.53.25.64/255.255.255.192

The third method tests all IP addresses against a predefined regular expression via RewriteCond/RewriteRule directives:

RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^214\.53\.25\.(6[4-9]|7[0-9]|8[0-9]|9[0-9])$ [OR]
RewriteCond %{REMOTE_ADDR} ^214\.53\.25\.1([0-1][0-9]|2[0-8])$
RewriteRule .* – [F]

Here is a way of blocking a specific ISP via its IP address(es).

Order Allow,Deny
Allow from all
Deny from 123.123.123.
Deny from 456.456.456.

There is probably a more efficient way to write the regular expressions in the previous example, but that should definitely get the job done.

I think this post become useful to you.