Server giving 410 error for resource that definitely exists in the correct directory

Question

I am creating an e-Commerce site, I had been using Magento previously but am changing to a custom built site instead.

On this site, I had created a page called create_account.php, this was fine for a while and it worked great but then it started throwing a 410 error which I had never seen before. Did a bit of research and could see that this indicates the file did exist but isn't there any more.

I thought fair enough maybe Magento had a file with the same name and it has a record of this file being deleted so it stopped reading my file, so I'll create a copy of it, call it something else and change all references to that file to the new name of account_create.php and put in a line in my .htaccess file to redirect users that may be going to the first one to my new file, but I left the original file on the server.

That worked fine for a while (am talking about days rather than hours/minutes) on multiple computers/browsers/networks etc, but then the same thing happened. This time I thought it couldn't be something left over from Magento or something else that the server still had a record of, but if that fix worked the last time I'll try it and see how it goes.

This has now happened 6 times with 6 different file names for the same file over the space of a month where it is working for a few days and then the server says the file is gone. However, all 6 files are still in the main directory on my server. I have a 7th version with a new name that is currently working but am not holding out hope and my .htaccess file is getting ridiculous.

  RewriteRule ^create_account/?$ create.php [L,NC,QSA]
  RewriteRule ^createaccount/?$ create.php [L,NC,QSA]
  RewriteRule ^accountcreate/?$ create.php [L,NC,QSA]
  RewriteRule ^account_create/?$ create.php [L,NC,QSA]
  RewriteRule ^account_creation/?$ create.php [L,NC,QSA]
  RewriteRule ^accountcreation/?$ create.php [L,NC,QSA]

I'm starting to doubt the actual file itself although everything works fine locally on WAMP and it works fine for a while live before this happens. Here is the contents of this file:

<?php
$active_country_id = $_SESSION["active_country_id"];
$active_country_name = $_SESSION["active_country_name"];
$active_country_code = $_SESSION["active_country_code"];
$active_country_currency = $_SESSION["active_country_currency"];
$active_country_vat = $_SESSION["active_country_vat"];
$active_country_braintree = $_SESSION["active_country_braintree"];

$message = "";
$first_name = "";
$last_name = "";
if(isset($_POST['company_name'])){$company = $_POST['company_name'];}else{$company = "";}
$email = "";
$phone = "";
$password1 = "";
$password2 = "";
$parsed = "";

if(isset($_GET['id']) && $_GET['id'] != ""){
    $id = $_GET['id'];
    $params = [$id];
    $sql = "SELECT * FROM customers WHERE id=?";
    $stmt = DB::run($sql,$params);
    while ($row = $stmt->fetch(PDO::FETCH_ASSOC)){
        $first_name = $row["first_name"];
        $last_name = $row["last_name"];
        $email = $row["email"];
    }
}

if (isset($_POST['first_name'])){
    if (isset($_POST['first_name']) && $_POST['first_name']!=""){
        $first_name = $_POST['first_name'];
        $parsed = "true";
    }else{
        $message .= "<div id='warning'>";
        $message .= "First Name is a required field";
        $message .= "</div>";
        $parsed = "false";
    }
    if (isset($_POST['last_name']) && $_POST['last_name']!=""){
        $last_name = $_POST['last_name'];
        $parsed = "true";
    }else{
        $message .= "<div id='warning'>";
        $message .= "Surname is a required field";
        $message .= "</div>";
        $parsed = "false";
    }
    if (isset($_POST['email']) && $_POST['email']!=""){
        $email = $_POST['email'];
        $parsed = "true";
    }else{
        $message .= "<div id='warning'>";
        $message .= "Email is a required field";
        $message .= "</div>";
        $parsed = "false";
    }
    if (isset($_POST['phone']) && $_POST['phone']!=""){
        $phone = $_POST['phone'];
        $parsed = "true";
    }else{
        $message .= "<div id='warning'>";
        $message .= "Phone Number is a required field";
        $message .= "</div>";
        $parsed = "false";
    }
    if (isset($_POST['password1']) && $_POST['password1']!=""){
        $password1 = $_POST['password1'];
        $parsed = "true";
    }else{
        $message .= "<div id='warning'>";
        $message .= "Both password fields are required";
        $message .= "</div>";
        $parsed = "false";
    }
    if (isset($_POST['password2']) || $_POST['password2']!=""){
        $password2 = $_POST['password2'];
        $parsed = "true";
    }else{
        $message .= "<div id='warning'>";
        $message .= "Both password fields are required";
        $message .= "</div>";
        $parsed = "false";
    }
    if ($_POST['password1'] == $_POST['password2']){
        $parsed = "true";
    }else{
        $message .= "<div id='warning'>";
        $message .= "Password fields must match";
        $message .= "</div>";
        $parsed = "false";
    }
    if($parsed == "true")
    {
        $params = [$email];
        $sql = "SELECT * FROM customers WHERE email=?";
        $stmt = DB::run($sql,$params);
        $customerCount = $stmt->rowCount();
        if ($customerCount < 0) {
            $message .= "<div id='warning'>";
            $message .= "A customer with this email address already exists";
            $message .= "</div>";
        }else{
            if(isset($_GET['id']) && $_GET['id'] != ""){
                $customer_id = $_GET['id'];
                $params1 = [$first_name,$last_name,$email,$password1,$company,$phone,$customer_id];
                $sql1 = "UPDATE customers set first_name=?, last_name=?, email=?, password=?, last_log_date=now(), company=?, phone=? WHERE id=?";
                $stmt1 = DB::run($sql1,$params1);
            }else{
                $params2 = [$first_name,$last_name,$email,$password1,$company,$phone];
                var_dump($params2);
                $sql2 = "INSERT INTO customers (first_name, last_name, email, password, last_log_date, company, phone) VALUES(?,?,?,?,now(),?,?)";
                $stmt2 = DB::run($sql2,$params2);
                $customer_id = DB::lastInsertId();
            }
            $to = $email;
            $subject = "Your example.com account";
            $message_header = file_get_contents("mail/email_header.php");
            $message_content = file_get_contents("mail/account_created.php");
            $message_content = str_replace('%first_name%', $first_name, $message_content); 
            $message_content = str_replace('%last_name%', $last_name, $message_content); 
            $message_content = str_replace('%email%', $email, $message_content);
            $message_footer = file_get_contents("mail/email_footer.php");
            $message_to_send = $message_header.$message_content.$message_footer;
            $headers = "MIME-Version: 1.0" . "\r\n";
            $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
            $headers .= "From: support@example.com" . "\r\n";
            $headers .= "Reply-To: support@example.com" . "\r\n";
            mail($to,$subject,$message_to_send,$headers);

            $cookie_string = $customer_id.'%'.$first_name.'%'.$last_name;
            $cipher = 'aes128';
            $key = '*****';
            $iv = '****************';
            $encrypted_cookie_string = openssl_encrypt($cookie_string,$cipher,$key,$options=0,$iv);
            setcookie("example_customer",$encrypted_cookie_string,time()+(60*60*24*30),"/");
            header("location: create");
        }
    }
}
if(isset($_COOKIE["example_customer"])){
    header("location: account");
    exit();
}
?>

<!DOCTYPE html>
<html>
<head>
<?php include_once("analytics.php"); ?>
<?php include_once("base.php"); ?>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css">
<link rel="stylesheet" href="web/style.css" type="text/css" media="screen"/>
<link rel="shortcut icon" type="image/ico" href="web/favicon.ico"/>
<script src="https://code.jquery.com/jquery-1.12.4.js"></script>
<script src="https://code.jquery.com/ui/1.12.1/jquery-ui.js"></script>
<script src="web/script.js"></script>
<title>
</title>
</head>
<body>
<div id="mainWrapper">

    <div id="pageHeader">
        <?php include_once("page_header.php"); ?>
    </div>

    <div id="pageContent">
        <!--<div id="sidebar">
            <?php include_once("page_sidebar.php"); ?>
        </div>-->
        <div id="mainContent">
            <center>
            <?php echo $message ?>
            <form id="create_account_form" name="create_account_form" method="post" action="create">
            <center><img src="web/example_logo_bg.png"></center>
            <h2>Create Account</h2>
            First Name:
            <br />
            <input name="first_name" type="text" id="first_name" size="40" placeholder="First Name">
            <br /><br />            
            Surname:
            <br />
            <input name="last_name" type="text" id="last_name" size="40" placeholder="Last Name"/>
            <br /><br />            
            Company Name:
            <br />
            <input name="company_name" type="text" id="company_name" size="40" placeholder="Company Name"/>
            <br /><br />
            Email:
            <br />
            <input name="email" type="text" id="email" size="40" placeholder="Email"/>
            <br /><br />
            Phone Number:
            <br />
            <input name="phone" type="text" id="phone" size="40" placeholder="Phone Number"/>
            <br /><br />
            Password:
            <br />
            <input name="password1" type="password" id="password1" size="40" placeholder="Password"/>
            <br /><br />
            Confirm Password:
            <br />
            <input name="password2" type="password" id="password2" size="40" placeholder="Password"/>
            <br /><br />
            <center>
            <button name="create_account" id="create_account" onclick=this.form.submit();>Create Account</button>
            </center>
            </form>
        </center>
        </div>
    </div>

</div>
</body>
</html>

I am seeking a bit more understanding into the 410 error itself or what could cause this.

Edit

My full .htaccess file:

Options -MultiViews
RewriteEngine on

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]

RewriteRule ^category/([0-9a-zA-Z-]+)/?$ category.php?id=$1 [L,NC,QSA]
RewriteRule ^product/([0-9a-zA-Z-]+)/?$ product.php?id=$1 [L,NC,QSA]
RewriteRule ^product/([0-9a-zA-Z-]+)/added?$ product.php?id=$1&added=added [L,NC,QSA]
RewriteRule ^page/([0-9a-zA-Z-]+)/?$ page.php?page_id=$1 [L,NC,QSA]
RewriteRule ^order/([0-9a-zA-Z-]+)/?$ order.php?id=$1 [L,NC,QSA]

RewriteRule ^create_account/?$ creation.php [L,NC,QSA]
RewriteRule ^createaccount/?$ creation.php [L,NC,QSA]
RewriteRule ^accountcreate/?$ creation.php [L,NC,QSA]
RewriteRule ^account_create/?$ creation.php [L,NC,QSA]
RewriteRule ^account_creation/?$ creation.php [L,NC,QSA]
RewriteRule ^accountcreation/?$ creation.php [L,NC,QSA]
RewriteRule ^create/?$ creation.php [L,NC,QSA]

RewriteRule ^([^\.]+)$ $1.php [L,NC,QSA]

If possible I would like to confirm that the php file is ok or at least if there was an issue with it, that it would throw a usual php error rather than a http response saying the file doesn't exist any more.

Answer 1

This was resolved by contacting my shared domain host.

Although technically there was nothing wrong with the file and it worked as intended, it was being marked as malicious by the domain host.

I am still waiting to see if they can give more information about why this was seen as malicious.