我最近做了一些研究,想知道如何修改.htaccess文件以在URL中隐藏.php扩展名。我用以下代码让它按我想要的方式工作:
RewriteEngine On
# Unless directory, remove trailing slash
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^/]+)/$ http://www.guitrum.com/$1 [R=301,L]
# Redirect external .php requests to extensionless url
RewriteCond %{THE_REQUEST} ^(.+)'.php([#?][^' ]*)?' HTTP/
RewriteRule ^(.+)'.php$ http://www.guitrum.com/$1 [R=301,L]
# Resolve .php file for extensionless php urls
RewriteRule ^([^/.]+)$ $1.php [L]
ErrorDocument 404 /404.php
DirectoryIndex index.php
不幸的是,我的php脚本的一部分现在已经损坏。请记住,在修改.htaccess文件之前,一切都正常。在登录页面上,我有一些脚本来通过POST方法传递一些用户输入,如下所示:
<form method='POST' action='loginconfirm.php'>
Password: <input type='password' name='password'></input>
<input type='submit' name='submit' value='Go'></input>
</form>
在loginconfirm.php页面上,我有一个加密类作为页面中包含的文件,代码如下:
<?php
//source: http://stackoverflow.com/questions/2448256/php-mcrypt-encrypting-decrypting-file
class Encryption {
const CYPHER = MCRYPT_RIJNDAEL_256;
const MODE = MCRYPT_MODE_CBC;
const KEY = 'SecretKey';
public function encrypt($plaintext) {
$td = mcrypt_module_open(self::CYPHER, '', self::MODE, '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, self::KEY, $iv);
$crypttext = mcrypt_generic($td, $plaintext);
mcrypt_generic_deinit($td);
return rawurlencode(base64_encode($iv . $crypttext));
}
public function decrypt($crypttext) {
$crypttext = rawurldecode($crypttext);
$crypttext = base64_decode($crypttext);
$plaintext = '';
$td = mcrypt_module_open(self::CYPHER, '', self::MODE, '');
$ivsize = mcrypt_enc_get_iv_size($td);
$iv = substr($crypttext, 0, $ivsize);
$crypttext = substr($crypttext, $ivsize);
if ($iv) {
mcrypt_generic_init($td, self::KEY, $iv);
$plaintext = mdecrypt_generic($td, $crypttext);
}
return trim($plaintext);
}
}
//source: http://stackoverflow.com/questions/2448256/php-mcrypt-encrypting-decrypting-file
?>
我在页面上做的第一件事是设置一个新的变量,该变量的密码加密如下:
<?php
include ("includefiles/EncryptionUtilities.php");
$passworde = Encryption::encrypt($_POST['password']);
setcookie('password', $passworde, time() + (60 * 5));
?>
正常情况下它会正常工作,现在它会抛出错误,说:
一个空字符串被传递到EncryptionUtilities.php中,并且无法修改标头信息-标头已发送。
我认为.htaccess文件有问题,不允许POST方法在页面之间进行对话。
使用外部重定向,POST数据不会被重定向并丢失。将您的.php
规则替换为:
# Redirect external .php requests to extensionless url
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{THE_REQUEST} /.+?'.php [NC]
RewriteRule ^(.+?)'.php$ /$1 [R=301,L,NE]