The files .htaccess and index.php
The file .htaccess at the root of the website configures a single entry point in the code for all requests: index.php. It also redirects all requests to the full www. domain name of the website, if necessary. It can be edited to force a dialogue in HTTPS. NOTE: The file .htaccess is generated when the site is created.
.htaccess
- SetEnv PHP_VER 7
- SetEnv REGISTER_GLOBALS 0
- Options -Indexes
- Options +FollowSymLinks
- ErrorDocument 403 /index.php
- ErrorDocument 404 /index.php
Line 1 tells Apache which version of PHP must be used to run the code of the website.
iZend is developed with PHP 7.0 but it works with PHP 5.3.
Line 2 tries to set the variable register_globals
to false
.
NOTE: This parameter is not used anymore in PHP 7 but an internet provider can have a default configuration with PHP 5 and register_globals
set to true
.
Line 4 forbids the generation by Apache of the listing of a directory content. Line 5 allows following symbolic links.
Lines 7 and 8 redirect access and addressing errors to index.php.
- RewriteEngine On
- RewriteCond %{HTTPS} off
- RewriteCond %{HTTP_HOST} ^sitename\.net [NC]
- RewriteRule ^(.*)$ http://www.sitename.net/$1 [R=301,L]
- RewriteCond %{HTTPS} on
- RewriteCond %{HTTP_HOST} ^sitename\.net [NC]
- RewriteRule ^(.*)$ https://www.sitename.net/$1 [R=301,L]
- RewriteRule ^(favicon\.ico|robots\.txt|sitemap\.xml|google.*\.html) - [NC,L]
- RewriteCond %{REQUEST_FILENAME} -f
- RewriteRule /*\.(css|js|gif|png|jpe?g|ico|swf|flv|mp3|mp4|m4v|m4a|ogg|webm|zip|jar)$ - [NC,L]
- RewriteRule ^(.*)$ index.php [QSA,L]
Line 10 turns on the rewrite engine.
IMPORTANT: If the Apache module rewrite
isn't activated, this directive fails. The entire working of the site depends on it. Check the Apache error log.
The rules defined lines 12 to 14 and 16 to 18 send back all requests in HTTP and in HTTPS to the domain sitename.net
to the full domain www.sitename.net
.
Line 20 returns unchanged the access to the files favicon.ico, robots.txt and sitemap.xml as well as to the validation file of Google.
The lines 21 to 23 redirect all access paths to the file index.php except for a series of files whose names designate CSS or JavaScript files, files containing images, audios or videos, archives.
IMPORTANT: If the site has direct links to other types of files, remember to add their extensions to the list in rule line 22. Be careful with export files of a database or other sensitive files which could become accessible and be downloaded!
To force requests in HTTPS, add the 2 following rules right after the activation of the rewrite engine:
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
index.php
- define('ROOT_DIR', dirname(__FILE__));
Defines the constant ROOT_DIR
to the value of the directory containing the website on the host system.
- set_include_path(ROOT_DIR . PATH_SEPARATOR . get_include_path());
- set_include_path(ROOT_DIR . DIRECTORY_SEPARATOR . 'includes' . PATH_SEPARATOR . get_include_path());
- set_include_path(ROOT_DIR . DIRECTORY_SEPARATOR . 'library' . PATH_SEPARATOR . get_include_path());
Adds ROOT_DIR
and the directories library and includes to the PHP path.
- require_once 'bootstrap.php';
- bootstrap();
Initializes the environment of the program with bootstrap
.
- require_once 'engine.php';
- dispatch($supported_languages); // see config.inc
Loads the functions of the engine and starts the execution of the request by passing the list of the supported languages to dispatch
.
Comments