Thursday, June 10, 2010

Adding piece of PHP code in all files within a sub-folder


In this post I will explain about how to add piece of php code in all files (including new files to be added) within a particular sub-folder in Apache server hosting environment.

Let me explain why we need to add piece of php code in all files within a folder.

If you want to make changes in your web pages for displaying them correctly in mobile devices, you need not change all the pages manually. You can automatically add a piece of code in all files. It will greatly reduce the development time and make easy any future maintenance changes.


Recently one of our Customers wanted to restrict the access to the files within a sub-folder so that only the registered members can access them.

Normally, we can do it by adding a include file in all files. Inside the include file we can write a piece of code which will check Session or cookie variable to restrict the access based on whether the user has loged in or not.

But this approach won't work in this case, because our customer wanted this feature to work in any new files that will be added to the sub-folder.

So, I decided to use auto_prepend_file

auto_prepend_file is a file that will be added to the start of any PHP scripts.

First I tried to specify the auto_prepend_file in .htaccess file as below.


php_value auto_prepend_file path\global_prepend.php


It works fine in our local machine. But when I uploaded the .htaccess file to the customers server, it didn't work.

So I tried other options such as placing php.ini file within the sub-folder with below entry.


auto_prepend_file=global_prepend.php


This approach also didn't work in the server. From phpinfo() I understand that the server is not taking/considering the sub-folder versions of php.ini file it is not allowing to use php_value in the sub-folder versions of .htacess file.

So we contacted the support for solving this issue and they changed the setting so that our entry in php.ini file is taken by the server.

And everything worked fine in the server.

We added below piece of code in global_prepend.php for providing member only access for certain files.


<?php

if (strstr($_SERVER['PHP_SELF'],"/")==true)
{
session_start();
include "../config.php";

if(!isset($_SESSION['username']))
{
$targetpage="../index.php?login=loginfirst";
redirect($targetpage);
}
}


?>


Now this setup will not allow the non-members to view the newly created files also.
i-e We need not make any change in any of the files.


Now let us see how to achieve this if the hosting is not allowing to make any change in php.ini file.

Actually I tried below things as workaround before contacting the hosting support.

I know that it is not an effective approach. But still I tried it as I thought the hosting will not allow to enable php.ini out of root.

It uses mod_rewrite module of the Apache.

The steps are,
- Created separate file (logincheck.php)
- Created .htaccess file within the sub-folder to have url-rewrite rules for redirecting the page requests to the logincheck.php with the actual page name as the querystring parameter.

-The logincheck.php will get the querystring parameter and will do page redirection using the value.
For example if you type index.php in the browser address bar, .htacces file will redirect it into logincheck.php with index.php as parameter. And, the logincheck.php will again do redirection to the index.php (passed a querystring) if the member login condition is satisfied.

-The .htaccess file will look something similar to below one.

Options +FollowSymLinks
RewriteEngine on

RewriteRule ^([A-Za-z0-9-]+)?.\php$ logincheck.php?id=$1.php [L]
RewriteRule ^([A-Za-z0-9-]+)?.\html$ logincheck.php?id=$1.html [L]
RewriteRule ^([A-Za-z0-9-]+)?.\htm$ logincheck.php?id=$1.htm [L]



The basic function worked, but there were many issues due to looping/infinite/cyclic redirections.

So, I added below condition also for preventing direction for the logincheck.php itself

RewriteCond %{REQUEST_URI} !^.*logincheck.*$

But still cyclic redirection was there in one scenario. i-e when doing redirection from logincheck after checking the member login using Session variable.

So I wanted to add similar Rewrite condition for HTTP_REFERRER also.

I added below line also in the .htaccess file.


RewriteCond %{HTTP_REFERRER} !^.*logincheck.*$



But it didn't work. I haven't continued this workaround further because the hosting support had solved the issue and everything works fine using auto_prepend_file.

Anyway I am just sharing my experience so that some one not having access to change php.ini can follow these steps. (But they need to solve the last issue. And if you know the perfect solution you can share thro' the comments section).




More Articles...
You can bookmark this blog for further reading, or you can subscribe to our blog feed.

3 comments:

Facebook App Developer said...

auto_prepend_file
that is nice script from your side.

classified ads software said...

Thanks for sharing.Keep it up.

admin@hyperlogicstech.in said...

auto prepend file looks nice. But many web servers dont support custom php.ini. I am using php include for login checks.

Search This Blog