2

I recently did some research to find out how to modify my .htaccess file to hide the .php extension in the URL. I got it to work how I wanted with the following code:

RewriteEngine On

# Unless directory, remove trailing slash
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^/]+)/$ http://www.guitrum.com/$1 [R=301,L]

# Redirect external .php requests to extensionless url
RewriteCond %{THE_REQUEST} ^(.+)\.php([#?][^\ ]*)?\ HTTP/
RewriteRule ^(.+)\.php$ http://www.guitrum.com/$1 [R=301,L]

# Resolve .php file for extensionless php urls
RewriteRule ^([^/.]+)$ $1.php [L]

ErrorDocument 404 /404.php

DirectoryIndex index.php

Unfortunately, part of my php script is broken now. Keep in mind, before modifying my .htaccess file, everything worked. On a log in page, I have some script to pass some user input with the POST method like so:

<form method='POST' action='loginconfirm.php'>
Password: <input type='password' name='password'></input>
<input type='submit' name='submit' value='Go'></input>
</form>

on the loginconfirm.php page, I have an encryption class as an included file in the page with the following code:

<?php
//source: http://stackoverflow.com/questions/2448256/php-mcrypt-encrypting-decrypting-file
class Encryption {

    const CYPHER = MCRYPT_RIJNDAEL_256;
    const MODE = MCRYPT_MODE_CBC;
    const KEY = 'SecretKey';

    public function encrypt($plaintext) {
        $td = mcrypt_module_open(self::CYPHER, '', self::MODE, '');
        $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
        mcrypt_generic_init($td, self::KEY, $iv);
        $crypttext = mcrypt_generic($td, $plaintext);
        mcrypt_generic_deinit($td);
        return rawurlencode(base64_encode($iv . $crypttext));
    }

    public function decrypt($crypttext) {
        $crypttext = rawurldecode($crypttext);
        $crypttext = base64_decode($crypttext);
        $plaintext = '';
        $td = mcrypt_module_open(self::CYPHER, '', self::MODE, '');
        $ivsize = mcrypt_enc_get_iv_size($td);
        $iv = substr($crypttext, 0, $ivsize);
        $crypttext = substr($crypttext, $ivsize);
        if ($iv) {
            mcrypt_generic_init($td, self::KEY, $iv);
            $plaintext = mdecrypt_generic($td, $crypttext);
        }
        return trim($plaintext);
    }

}

//source: http://stackoverflow.com/questions/2448256/php-mcrypt-encrypting-decrypting-file
?>

The first thing I do on the page is set a new variable that has the password encrypted like so:

<?php
include ("includefiles/EncryptionUtilities.php");
$passworde = Encryption::encrypt($_POST['password']);
setcookie('password', $passworde, time() + (60 * 5));
?>

When normally it would work fine, now it throws errors saying that:

an empty string was passed into EncryptionUtilities.php, and cannot modify header information - headers already sent.

I think there is something wrong with the .htaccess file that is not allowing the POST method to talk between pages.

halfer
  • 19,824
  • 17
  • 99
  • 186
Guitrum
  • 171
  • 1
  • 10
  • There's likely a blank line or space at the end of one of your PHP files. Virtually always the cause for a PHP `headers already sent` error. Try getting rid of the ending `?>` in your Encryption file. – ceejayoz Feb 14 '15 at 18:20

1 Answers1

4

With external redirection POST data isn't redirected and is lost. Replace your .php rule by this:

# Redirect external .php requests to extensionless url
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{THE_REQUEST} /.+?\.php [NC]
RewriteRule ^(.+?)\.php$ /$1 [R=301,L,NE]
anubhava
  • 761,203
  • 64
  • 569
  • 643
  • 1
    This fixed it!!! Thank you so much! I know very little about how the .htaccess files work, so I appreciate the assistance. – Guitrum Feb 14 '15 at 18:28
  • Here is another question for you if you see this: Now when I try to go to a website within another directory, ie website.com/directory/home.php it will 404. Any idea how to edit my .htaccess file to fix this? – Guitrum Feb 15 '15 at 02:40
  • it is still not working. I tried making a new folder with a sample php page in it and that page as well will not load properly. Is there any information I could provide that could help figure out what is going on? I only have one .htaccess file and it is the root directory. I did however make a new html page that it DOES access properly. It has to be something with page extension being php... I really appreciate your help so let me know what else I can share to make it easier for you. – Guitrum Feb 15 '15 at 08:41
  • When I comment that line out, i get the same errors that I was experiencing when I posted this topic and the php page in the sub directory still doesn't work. – Guitrum Feb 15 '15 at 19:37
  • nope... it still won't go to a php page within a subdirectory, but will only go to html pages. so website.com/folder/test.php throws an error that the page does not exist, but website.com/folder/test.html works as it is supposed to. – Guitrum Feb 16 '15 at 03:40
  • OK that shows you have other problems also not just handling of a POST form. I suggest opening a new question with all the details and I will try to answer it. – anubhava Feb 16 '15 at 04:02
  • I have done that here: http://stackoverflow.com/questions/28534462/after-modifying-my-htaccess-file-to-hide-the-php-extension-from-the-url-some Thank you! – Guitrum Feb 16 '15 at 04:19