.htaccess File Extension Remover Code Breaks Website Form

Question

So I had this code in my HTACCESS which was great because it first removes the .php file extension from my pages if the visitor enters the page with the .php file extension, and then it allows the page to load without the extension. (So it's just prettying up the URL)

# REMOVE FILE EXTENSIONS
RewriteEngine On

# browser requests PHP
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^\ ]+)\.php
RewriteRule ^/?(.*)\.php$ /$1 [L,R=301]

# check to see if the request is for a PHP file
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^/?(.*)$ /$1.php [L]

It works great, but then I run into problems on the page: http://www.CyberBytesInc.com/contact because I have a form which calls out to a .php file to send:

<form id="request-form" action="resources/script/question-send.php" method="post">

And the above htaccess code removes the .php for this file and I get the error code "Direct access to this page is not allowed." which is inside of the script, it's the

} else {
    die('Direct access to this page is not allowed.');
}

Once I remove this from htaccess though then it starts working:

# browser requests PHP
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^\ ]+)\.php
RewriteRule ^/?(.*)\.php$ /$1 [L,R=301]

But then I don't get the perk of it removing the file extension if .php is placed at the end of the page (which much of Google is indexed with the file extension and I'm trying to remove this.

I guess if I could somehow make it so the htaccess code work except for when accessing a file from my /resources/scripts/ folder, I don't know the best way to fix this.

You can go to the site right now to see that it's not working because of this. For the time being I am probably going to remove the above mentioned line of code so my form is atleast working. So if you view the site and the form is working, it's because I removed the above .htaccess until I figure out how to successfully have it in there.

Thanks!

EDIT: Full code for question-send.php

<?php

// Get email address
$email_address = 'email@site.com';

// Ensures no one loads page and does simple spam check
if( isset($_POST['name']) && empty($_POST['spam-check']) ) {

    // Declare our $errors variable we will be using later to store any errors
    $error = '';

    // Setup our basic variables
    $input_name = strip_tags($_POST['name']); //required
    $input_email = strip_tags($_POST['email']); //required
    $input_subject = strip_tags($_POST['subject']);
    $input_message = strip_tags($_POST['message']); //required

    // We'll check and see if any of the required fields are empty
    if( strlen($input_name) < 2 ) $error['name'] = '<label for="question-name">Please enter your <b>Name</b></label>';
    if( strlen($input_message) < 5 ) $error['message'] = '<label for="question-message">Please leave a longer <b>Message</b></label>';

    // Make sure the email is valid
    if( !filter_var($input_email, FILTER_VALIDATE_EMAIL) ) $error['email'] = '<label for="question-email">Please enter a valid <b>Email Address</b></label>';

    // Set a subject & check if custom subject exist
    if( $input_subject ) $subject = "(Question) - $input_subject";
    else $subject = "(Question) - No Subject";
    // $message .= "$input_message\n";
    $message .= "\n\n---\nThis email was sent by $input_name from $input_email";

    // Now check to see if there are any errors 
    if( !$error ) {

        // No errors, send mail using conditional to ensure it was sent
        if( mail($email_address, $subject, $message, "From: $input_email") ) {
            echo '<p class="success"><b>EMAIL SENT SUCCESSFULLY.</b><br />' . "Dear $input_name, " . 'thank you for contacting CyberBytes Inc. Please allow us <b>24-48</b> hours to review your request and get back to you. If you need a response sooner, please contact us via telephone at (716) 876-1824.<br /><br /><b>Please verify that this is your correct Email Address:</b><br />' . "Email Address: <i>$input_email</i>" . '<br /><br /><span class="red"><b>PLEASE NOTE:</b></span><br /> If we do not respond to your request within a reasonable amount of time, please give us a call as there may have been an error on our end with your request.</p>';
        } else {
            echo '<p class="error">There was a problem sending your email! Please give us a call at (716) 876-1824 as there seems to be an error on our end with the form.</p>';
        }

    } else {

        // Errors were found, output all errors to the user
        $response = (isset($error['name'])) ? $error['name'] . "\n" : null;
        $response .= (isset($error['email'])) ? $error['email'] . "\n" : null;
        $response .= (isset($error['message'])) ? $error['message'] . "\n" : null;

        echo "<p class='error'>$response</p>";

    }

} else {

    die('Direct access to this page is not allowed.');

}

Answer 1

Change your rule to skip POST request:

# browser requests PHP
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{THE_REQUEST} ^\s/([^\ ]+)\.php
RewriteRule ^/?(.*)\.php$ /$1 [L,R=301]