Menu
A company that I am working for asked me take one of their websites and make it a subdomain of another website. Then, they asked me to extend the "logged in/logged out" session control from their primary domain to their subdomain.
Having done this, I see that there are control/administration issues. Because of their vast number of individual pages, and because of their extensive directory structure, it is too involved for them to add a PHP snippet to each of their pages to redirect based on logged-in-status.
Here is my solution..please let me know of any problems or anything else that would help me along.
I am going to make a "Site allow/forbid rules" section on their website. This section will contain one textbox with rules like this:
+/weather/ ---> will allow anyone access to any url that contains "/weather/" somewhere within it, irregardless of logged-in status.
-/weather/premium/ ---> will only allow access to a url that contains /weather/premium to logged-in users.
This will output to an array stored in a file rules.php which will look like this:
$ruleList = array();
$ruleList[] = '+/weather/';
$ruleList[] = '-/weather/premium/';
In handler.php, If the user is logged in I will forward them to the requested.url. If the user is not logged in, then I will begin by assuming that every page is restricted to non-logged in users. handler.php will parse the requested_url and check it against rules.php, to see if there are any explicit permissions set. Then if the rule allows non-logged-in access, it will forward the user to the requested_url, otherwise it will send them to the login page.
One problem I can see immediately, is that given that the Mod_rewrite rule will send every request to handler.php, how do I avoid an infinite loop?
Should the redirection be done by some method other than header("Location: ")?
Inside the .htaccess file of the top domain (example.com) I added:
#Prevent catching requests for the sub1 subdomain
RewriteCond %{REQUEST_URI} ^sub1\.example\.com
RewriteRule .* – [L]
Then, inside the .htaccess for the sub1.example.com subdomain, I added the following:
IndexIgnore *
RewriteEngine On
RewriteBase /path/to/base
#Avoid infinite loop on outgoing requests
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_URI} !^$
RewriteCond %{HTTP_REFERER} !^/?handler.php?$
RewriteCond %{REQUEST_URI} !^/?handler.php?$
#Check for cookie. Redirect to handler if not found. (not yet implemented)
#RewriteCond %{HTTP_COOKIE} !session_id
RewriteRule (.*)$ handler.php?requested_url=$1 [NC,L,QSA]
Here is handler.php
<?php
$url = $_REQUEST['requested_url'];
//Check list of permissions. For now just assume permitted.
$permitted = true;
if ($url == "") $url = "http://sub1.example.com";
if ($permitted)
header("Location: ".$url);
header("Location: http://sub1.example.com");
?>
I am so close I can taste it. Unfortunately for the time being I am getting a "redirect loop" almost everywhere. If someone could give me a nudge in the right direction, I'd appreciate it!
507
Just an idea but perhaps you don't need to struggle with mod_rewrite. If you want to handle everything from PHP anyway why not to add a prepend file into your VHOST?
php_value auto_prepend_file handler.php
It will be included before any PHP script and you can redirect if required.
188
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
