removed php extension and $SESSION variables do not work

Question

Hi everyone I found this code here somewhere

RewriteEngine On

# browser requests PHP
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^\ ]+)\.php
RewriteRule ^/?(.*)\.php$ /$1 [L,R=301]

# check to see if the request is for a PHP file:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^/?(.*)$ /$1.php [L]

This removes the .php file extension but my $_GET paramaters do not work anymore how can I go about to solve this thanks in advance. I have read other posts but didn't get what I wanted.

After further examination the problem is that when I log in

$_SESSION[profileId] // doesn't set anymore

When I clear .htaccess everything goes back to normal. My code reads

$sql = "SELECT * FROM mytable WHERE userName='$_GET['profile']' LIMIT 1";
$user_query = mysqli_query($db_conx, $sql);
$row = mysqli_fetch_array($user_query,MYSQL_ASSOC);

$profileId = $row['profileId'];

if($_SESSION['profileId'] === $profileId){
    if(isset($_GET['profile']) && !isset($_GET['edit'])){

    echo '<a id="editButtons" href="../profile.php?profile='.$_GET['profile'].'&edit=1">Edit Profile</a>';
    }

    if(isset($_GET['profile']) && isset($_GET['edit'])){

    echo '<a id="editButtons" href="../profile.php?profile='.$_GET['profile'].'">Done editing</a>';
    }    
}

This is the code where I set the sessions

session_start();

$username = mysqli_real_escape_string($db_conx, $_POST['u']);
$password = $_POST['p'];
$ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));

if($username == "" || $password == ""){
    echo "login_failed";
}else{
    $sql = "SELECT * FROM myTable WHERE username='$username' AND activated='yes' LIMIT 1";
    $query = mysqli_query($db_conx, $sql);
    $row = mysqli_fetch_array($query);
    $profileId = $row['profileId'];
    $compName = $row['compName'];
    $db_username = $row['username'];
    $db_email = $row['email'];
    $db_pass_str = $row['password'];


    if(password_verify($password,$db_pass_str)){

        $_SESSION['profileId'] = $profileId;
        $_SESSION['username'] = $db_username;
        $_SESSION['password'] = $db_pass_str;
        setcookie("id", $profileId, strtotime( '+30 days' ), "/", "", "", TRUE);
        setcookie("user", $db_username, strtotime( '+30 days' ), "/", "", "", TRUE);
        setcookie("pass", $db_pass_str, strtotime( '+30 days' ), "/", "", "", TRUE); 
        // UPDATE THEIR "IP" AND "LASTLOGIN" FIELDS
        $sql = "UPDATE myTable SET ip='$ip', lastlogin=now() WHERE profileId='$profileId' LIMIT 1";
        $query = mysqli_query($db_conx, $sql);

        if($query){
            echo $compName;
        }

    } else {
        echo 'login_failed';

    }       
}

Possible duplicate of [Remove .php extension with .htaccess](http://stackoverflow.com/questions/4026021/remove-php-extension-with-htaccess) — Christian, Nov 05 '15 at 06:23
@anubhava the page displays fine but when the $_GET['edit'] isset it is suppesed to dispaly some buttons to edit each section — Ad Standing, Nov 05 '15 at 07:05
@anubhava `Array ( [profile] => Verycool_Designs [edit] => 1)` I get the same thing — Ad Standing, Nov 05 '15 at 07:12
everything was working ok until I inserted the htaccess code — Ad Standing, Nov 05 '15 at 07:27
@anubhava `!isset($_GET['edit'])` is what stopped working really even if i remove it `isset($_GET['profile'])` doesn't work either — Ad Standing, Nov 05 '15 at 07:58
Ok the problem I found is when I log in the `$_session` parameters do not work, I cleared the htaccess file then `$_session` worked again — Ad Standing, Nov 05 '15 at 09:34
change href="../profile.php profile='.$_GET['profile'].'&edit=1" to href="../profile.php?profile='.$_GET['profile'].'&edit=1" — Chetan Ameta, Nov 05 '15 at 10:18
@AdStanding Itried this on my local, session works for me. can you send your code where your are setting session? — Chetan Ameta, Nov 05 '15 at 12:51

score 0 · Answer 1 · answered Nov 05 '15 at 10:22

0

    You are redirect any url to .php page without passing argument.

    So passed argument also using htaccess.

    Please try these.

    For example :-

    you want to call test page with your id as parameter then
    make request like these /test/12 then it will redirect to test.php?id=12

    RewriteRule ^/?(.*)/(.*)$ /$1.php?id=$2 [L]

Please change htaccess like these

answered Nov 05 '15 at 10:22

Harsh Sanghani

1,666
1
14
32

try to do these for your specific url for example :- RewriteRule ^/?test/(.*)$ /test.php?id=$2 [L] – Harsh Sanghani Nov 05 '15 at 10:37
I just edited my post The $_GET paramaters work now but the $_SESSIONS paramaters do not set – Ad Standing Nov 05 '15 at 10:42
you have started session in your page? – Harsh Sanghani Nov 05 '15 at 10:50

removed php extension and $SESSION variables do not work

1 Answers1