Disguising a PHP script and parameters as a html page

Re: Disguising a PHP script and parameters as a html page

Geoff Soper wrote:[color=blue]
> If I have a php script running on Apache which outputs a JPEG image
> such as http://domain/get_image.php?id=15&size=thumb can I somehow
> disguise it as http://domain/image15_thumb.jpg to allow browser
> caching? I'm assuming the majority of people's browsers don't cache
> images generated from scripts such as PHP? For this reason I would
> imagine the solution would have to completely hide the 'real' URL?[/color]

mod_rewrite works quite nicely for something like this (not tested):

RewriteEngine On
RewriteBase /
RewriteRule ^image([0-9]+)_([^\.]+)\.jpg$ get_image.php?i d=$1&size=$2 [L]
[color=blue]
> On a related note how would I 'disguise'
> http://domain/index.php?page=contact as http://domain/contact.htm to
> allow indexing of each dynamic page in search engines?[/color]

Same type of thing:

RewriteRule ^([^\.]+)\.htm index.php?page= $1 [L]

These statements would go inside your .htaccess file at your document
root. However, you need to be sure that mod_rewrite is enabled, or you
will get HTTP 500 errors.

I don't know about browsers and caching of dynamicly created images, but
one thing to remember is that if you are creating the image every time a
request is made, it will have a different creation or modification date.
Therefore, some browsers may load it no matter what.

As far as search engines indexing pages, I don't think this is going to
be a problem. However, it is better practive to hide the tech behind the
site. That way if you change to say jsp, you don't have to re-submit
your site and start over because you will be able to keep the same URI -
always a major plus.

--
Justin Koivisto - spam@koivi.com
PHP POSTERS: Please use comp.lang.php for PHP related questions,
alt.php* groups are not recommended.

Re: Disguising a PHP script and parameters as a html page

Geoff Soper wrote:
[color=blue]
> If I have a php script running on Apache which outputs a JPEG image
> such as http://domain/get_image.php?id=15&size=thumb can I somehow
> disguise it as http://domain/image15_thumb.jpg to allow browser
> caching?[/color]

No. The form of the URL does not dictate how a browser should cache the
file, although in some instances, a proxy cache may choose to throw away
cached copies of certain URLs, for instance, anything containing /cgi-bin/
is usually thrown away.

Caching is provided for by ensuring you are sending the correct HTTP headers
along with each response. By default, PHP sends headers that do not allow
caching. This is a decent caching tutorial:

<URL:http://www.mnot.net/cache_docs/>


--
Jim Dabell

Re: Disguising a PHP script and parameters as a html page

geoff.google.19 0803@alphaworks .co.uk (Geoff Soper) wrote in
news:a2aa2343.0 308190702.44447 538@posting.goo gle.com:
[color=blue]
> If I have a php script running on Apache which outputs a JPEG image
> such as http://domain/get_image.php?id=15&size=thumb can I somehow
> disguise it as http://domain/image15_thumb.jpg to allow browser
> caching?[/color]

First of all, the "extension" of the URL does not have anything to do
with caching - have a look at the "header" function of PHP to find out
which headers to set to enable caching.

Anyway, if you have PATH_INFO enabled in your Apache configuration you
can simply add something at the end of your URL, like:



Your script then will find "/image15_thumb.j pg" in
$_SERVER['PATH_INFO'].

If you need it one step further, rename your script to index.php, place
it in it's own subdirectory and you can use such a URL:



which will be the same as



Good luck,
Udo

--
To reply by e-mail, use following address:
udonews AT nova-sys.net

Re: Disguising a PHP script and parameters as a html page

Geoff Soper wrote:
[color=blue]
>
> On a related note how would I 'disguise'
> http://domain/index.php?page=contact as http://domain/contact.htm to
> allow indexing of each dynamic page in search engines?
>[/color]

<shameless_plug >

You can do it in apache with URL rewriting. Just done a site using this
technique, at http://cdnopenhouse.com/

All of the php "called" resides in the root folder. Most of the requests
actually go to the same file, despite appearing as folders, subfolders,
whatever.

If you really want to see some of the rewriting code, I can show you, but there's
a lot of it (it's a big site)
</shameless_plug>

Benefits -
Friendly URLs - people do actually find it easier to know where they
are on a site if the URL contains actual words that reflect it

You can hide the platform to some extent, so that you can rewrite the
site in Perl, ASP, JSP, whatever, without having to give any indication
to the user

Once set up, it's easy to redesign the implementation of the site, since
the "virtual" folder names don't have to relate to an actual folder on the
webserver

You can use it to handle old urls (from an existing site) with a php file,
or even directly call your new php page(s) with the right query parameters
(if the old site had a relatively fixed url/folder/page naming scheme)

You can use it to make files appear to be in folders that they are not.


Disadvantages
If it's a big or complex site, the rewrite rules can become quite complex,
and if you're new to this kind of thing, or to regular expressions, it can be
a bit tricky

With a lot of rewrite rules, the server does have to work a bit harder, especially
if the regexps are complex (the site i mentioned has 200+ rewrite rules, but a lot
of these are to handle mapping 2500 old pages to new ones)

If you're having trouble getting the hang of it, it can be an absolute bitch!

There's a good guide to get you started at



HTH!

Matt

Re: Disguising a PHP script and parameters as a html page

Wes Bailey wrote:

[color=blue]
>
> Nice site you made there matty. One comment though is that url
> rewritting in apache is not for the faint at heart. I have years of
> regexp experience and still goof once in a while. Unless you
> absolutely have to hide that the application is written in php, I'd
> suggest letting the world know you use PHP and be damn proud of it!
>
> wes[/color]

Thanks Wes!

To be honest, I don't really like Apache's regexp support, and it doesn't
seem to have symbolic character classes (\d or [[:alpha:]], etc) - also,
it would be good if it could have some extended mechanism to handle the
query string (if only to kill SQL injection attempts outright before even
invoking a script file).

Oh, and the fact that you often have to turn Options +FollowSymlinks on
to get the Rewrite engine working, which is a bit of a twisted situation...

..htaccess rewrite maps would be fantastic - the project I mentioned would
have become a lot easier if I could have used rewrite maps, or used a perl
script to pass off the rewriting, none of which you can do from a .htaccess
file in Apache (and therefore on most clients' servers). I know you could
pass all requests to a script that did a redirect, but that would destroy most
of the benefits of hiding the URLs!

That said, I do genuinely believe that URL rewrites on *everything* is the
best way to go! They do seem to work best with frameworks that handle requests
through one or two central pages; but for me that tends to be the most modular,
structured way to organise a site.

What are everyone else's thoughts on this? I do think it's better not to have
a 124-character query string (JSP session IDs anyone?)... Who else out there
prefers the rewrite route?

Matt

--
Matt Mitchell - AskMeNoQuestion s
Dynamic Website Development and Marketing