There is a problem I am having, and I'm pulling my hair out on how to solve it:
in root folder I have a htaccess file with the following rules:
RewriteCond %{REQUEST_FILENAME} !-s
RewriteCond %{REQUEST_FILENAME} !-l
RewriteCond %{REQUEST_FILENAME}/index.php !-s
RewriteCond %{REQUEST_FILENAME}/index.html !-s
RewriteCond %{REQUEST_FILENAME}/index.htm !-s
RewriteRule ^(.*)$ redirect.php [QSA]
So my goal is to rewrite to redirect.php if the file/directory/index file is not found.
This works perfectly well for my entire site, so no problems... until I have a folder that is protected by password with the following htaccess file:
AuthUserFile /path/to/htpasswd
AuthName EnterPassword
AuthType Basic
require user adminUserName
It seems that apache regards going to this folder as invalid and performs the rewrite to redirect.php.
BUT, if I am already authenticated (by disabling the rewrite above, logging in, then re-enabling the rewrite again), it works...
I have tried adding the following to my root htaccess file before the rule I have above:
RewriteRule ^secureFolder(.*)$ - [L]
And it doesn't work; the following works, but it defeats the purpose of my redirect.php:
RewriteRule ^(.*)$ - [L]
Any ideas welcome!
UPDATE: 2013-10-31 14:00 ET
Well, I have given on dealing with it using HTTP auth. So I implemented a simple password system just for that folder using PHP...
It goes like this:
In .htaccess:
<IfModule mod_php5.c>
php_value auto_prepend_file /path/to/a/file/in/secureFolder
</IfModule>
in .user.ini (for PHP-FPM, if you use it):
auto_prepend_file = /path/to/a/file/in/secureFolder
In /path/to/a/file/in/secureFolder:
session_start();
/**
* Check if logged in
*/
if (!isset($_SESSION['adminLogin'])) {
include('/path/to/loginTemplate');
exit;
}
In /path/to/loginTemplate:
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = isset($_POST['username']) ? $_POST['username'] : null;
$password = isset($_POST['password']) ? $_POST['password'] : null;
if (
$username == 'username'
&& sha1($password) == 'somehashedvalueofyourpassword'
) {
$_SESSION['adminLogin'] = true;
header('refresh: 0');
} else {
$message = 'Incorrect login';
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
</head>
<body>
<?php if (isset($message)) echo $message ?>
<form action="" method="post">
<p>
<label>Username:</label>
<input type="text" name="username" />
</p>
<p>
<label>Password:</label>
<input type="password" name="password" />
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
</body>
</html>
And a logout.php:
<?php
session_start();
unset($_SESSION['adminLogin']);
$location = empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/admin.contests/';
header('Location: ' . $location);
You can try:
DOCUEMENT/.htaccess:
DOCUEMENT/folder/.htaccess: With an extra
RewriteEngine Online:RewriteEngine On
AuthUserFile /path/to/htpasswd AuthName EnterPassword AuthType Basic require user adminUserName