I have a web site which uses PHP code to check for a cookie set by our corporate authentication server, and look up the account in an ACL in my database. Among other things, I need to make sure a customer cannot see other customer’s data. Now, I have been given customer specific reports, in HTML and possibly binary formats, which of course do not have my PHP code to check the authentication and authorization. I would like to write a single PHP file, and have all requests under a certain directory to be processed by that PHP file, which could then try to figure out the relative file path from the original URL and serve the file only if authorization passes. So, if the URI is /report/customer-C/report-R/index.html, then instead of having this report in a sub-directory of the web-folder, the URL would be processed by get-report.php, which would check authorization, and get the file from a directory not accessible from the web-folder (i.e. not in a sub-directory). I am using: Windows Server 2003 Apache HTTP Server 2.2.3 PHP 5.1.4 (cgi-fcgi)
I tried using Alias or ScriptAlias, without success. Alias serves the file directly. ScriptAlias executes the file. I need to map the URL to the get-report.php file, but send that file to PHP. I tried using ScriptAlias to a .CMD or .BAT file, which would call PHP. In httpd.conf I have the following: ScriptAliasMatch ^/report/.* "c:/get-report.bat" The contents of get-rpeort.bat are: echo before \php\php-cgi -f \get-report.php echo after The contents of get-report.php are: <? print "I will have to find the file later.\n"; ?> Running get-report.bat from the command line I get the following output: C:\>echo before before C:\>\php\php-cgi -f \get-report.php I will have to find the file later. C:\>echo after after When I make a request to my web server for http://srv/report/foo, I get the following page returned: C:\>echo before before C:\>\php\php-cgi -f \get-report.php C:\>echo after after
I tried redirect, which works, but the browser then has the redirected URL, and I am afraid that relative links in the HTML files will be broken. In httpd.conf I have the following: RedirectMatch ^(/report/.*) "http://srv/get-report.php?fileaddr=$1" In the root of my web-folder I have the file get-report.php with the following contents: <html> <head><title>Test</title></head> <body><? print $_REQUEST['fileaddr']; ?></body> </html> When I make a request to my web server for http://w2kvnes-dev.opnet.com/report/foo.html, I get a page displaying the URI, /report/foo.html However, the browser address bar shows: http://srv/get-report.php?fileaddr=/report/foo.html If I actually return the contents of an HTML page, I expect that the browser would treat relative links as relative to get-report.php.
I tried using Rewrite without success. I uncommented the line in httpd.conf: LoadModule rewrite_module modules/mod_rewrite.so I added lines: RewriteEngine On RewriteRule ^(/report/.*)$ /get-report.php?fileaddr=$1 In the root of my web-folder I have the file get-report.php with the following contents: <html> <head><title>Test</title></head> <body><? print $_REQUEST['fileaddr']; ?></body> </html> When I request /report/foo.html I get the following returned in my browser: No input file specified.