homepage Welcome to WebmasterWorld Guest from 174.129.76.87
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Fool Proof auto prepend file Apache Workaround with a PHP Proxy Script
auto_prepend_files in Apache, CGI and FastCGI even!
incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4578018 posted 11:16 pm on May 26, 2013 (gmt 0)

This is almost an Apache post but it's a very specialized Apache thing needed by many PHP programmers so I thought I'd post it here and link it from the Apache forum.

There are many reasons you need to add some code to an entire site, something that runs prior to anything else, including both .html and .php files (and more) for doing tasks like visitor tracking, input filtering to block cross server scripts, SQL injection, etc. or bot blocker, etc.

Lot's of reasons you might want to run something site wide.

However, short of adding includes in every page, there's no good universal solution because many things like value auto_prepend_file only work in certain conditions and most sites now use FastCGI and that's a bad place to use it as it doesn't work in the .htaccess implementation but may work in personal php.ini's which I didn't try, but it's a mess.

Anyway, here's method #1 that works in many cases.
php_value auto_prepend_file "/var/www/vhosts/example.com/preloader.php"


I could just jump to the end and give you the answer but then you wouldn't learn anything and considering how many hours I suffered looking for a good solution I think you should at least suffer a paragraph or two.

Now that solves the basic problem of adding a script in front of all PHP programs, at least running as Apache or CGI, but it still didn't solve the problem of enabling PHP for .html files so I needed to add the following in my .htaccess

AddHandler x-httpd-php5-cgi .html


At this point I might add, I'm running RHE (Red Hat Enterprise) with PHP 5.4 and Plesk 10.x as a control panel, a configuration many people also encounter using shared hosting like GoDaddy servers. You would think if it worked on my server under PHP 5.4 and Plesk 10.x on a ServerBeach install that the same would work on a GoDaddy PHP 5.4/Plesk 10x box wouldn't you? Well, you would be as wrong as I was as it required the following instead:

AddHandler php-script .html


Several other minor variations which I used on my RHE server didn't work on the CentOS box for whatever reason even though PHP 5.4, Apache 2.x and Plesk 10.x were all theoretically identical except someone obviously renamed something for the different builds, who knows which one is correct, I just know there were multiple answers to the problem.

So having solved 2 problems now I have PHP running a task before all PHP programs and now .HTML is PHP enabled so it runs PHP code but the task I have set up to run before all PHP programs isn't running when you have PHP in .HTML files.

Changed the AddHandler to this:
AddHandler application/x-httpd-php .html


And suddenly the pages are both PHP enabled AND they use the auto_prepend_file option TOO but only if you run PHP as Apache, which causes other problems, and most accounts are set to FastCGI and this won't work in that setting which is most common.

OK, solution almost in hand but it's a PITA and might not work as-is on more than one server host configuration assuming you can get PHP running in the right mode in the first place.

Then it hit me - do a rewrite rule instead and run the code as a proxy!

The following .htaccess code doesn't need to PHP enable the .HTML files, it just redirects all .HTML requests to my PHP file:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} \.html$
RewriteRule .* /preloader.php [L,QSA]


Now you have a new problem, it runs your code and stops, it doesn't display your .HTML file when it's finished which the other solutions did without issue.

The solution to that is simple, you add the following to your PHP file at the conclusion of it's execution, you make it check to see if there was an Apache redirect and if so, dump the .HTML file in the end:

if( isset($_SERVER["REDIRECT_URL"]) )
include( substr($_SERVER["REDIRECT_URL"],1) );


Now your code works as-is in the previous versions using the append method OR you can run is as a redirect and it works as a proxy just passing a file through.

More importantly, the last redirect proxy method can be used for other types of files like image files, PDFs, etc. so you could stop all non-browser user agents from grabbing image files for instace using the following in .htaccess:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} \.(gif|jpg)$
RewriteRule .* /imageprotector.php [L,QSA]


And the best part is, is doesn't matter if you're running PHP as Apache, CGI or FastCGI, it works across the board and you won't find yourself sitting there scratching your head wondering why what worked on 10 other servers suddenly doesn't work on server #11 which is what happened to me with the other methods.

Hope others find this useful!

[edited by: incrediBILL at 1:25 am (utc) on May 27, 2013]

 

Leosghost

WebmasterWorld Senior Member leosghost us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4578018 posted 11:35 pm on May 26, 2013 (gmt 0)

Merits a case of beer :)

Dideved



 
Msg#: 4578018 posted 6:55 am on May 27, 2013 (gmt 0)

RewriteRule .* /preloader.php [L,QSA]

...

include( substr($_SERVER["REDIRECT_URL"],1) );


Interesting trick. The preloader script now behaves a bit like a front controller. All page requests are rewritten to this centralized entry point, then the preloader/front controller fetches the appropriate page.

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4578018 posted 1:48 pm on May 28, 2013 (gmt 0)

BTW, this code has one other unexpected side effect, it makes it appear as if all your HTML files are now PHP enabled because the include will cause any PHP in the HTML to execute.

Just thought I'd toss that out there as it's one less thing you need to configure but also something you need to consider when doing this.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved