website maintenance toggle?

[Xdega]

I am looking in to potential methods to turn a website off during maintenance. The catch is  that there is no login, user with and it is not database driven. I simply want to be able to turn the website off with a friendly redirect, giving access to people that have a "dev auth code" it something. A few ideas I have involve editing .htaccess etc via php. I would prefer not to use database for something so small. Any ideas? Thx

[KevinM1]

I think I'm missing something here.  Why would you need to turn off a static website for maintenance?  Simply develop on your local machine and push the update to the live server when its ready.

[Xdega]

Well although it doesn't use databases, it still has server side code for the use of aggregating rss feeds etc. I guess you could still argue the need for such a thing but it is something I just wanted to look at and play around with if possible, just for the fun of it if anything.

[spiderwell]

play around on a local dev environment?

[Xdega]

nvm then. I guess you guys really don't understand what I am asking. I short the concept is to dynamically set a default "landing page" for any user that is not authenticated. This done via some sort of admin backend. But like I said nvm, I guess I'm on my own with this one.

[KevinM1]

If you want to search for/play with something like that for shits and giggles, that's cool.  But professional websites are hardly ever 'turned off' for maintenance.  Maintenance and updating is done on a local development machine, then uploaded when ready.  That's the standard/norm.

 

To that end, I'm not sure of what you want, exactly, outside of simple HTTP authentication.  That, I believe, can be done in a .htaccess file.  A simple Google search for ".htaccess authentication" or something similar should yield results.

[Philip]

Previously when I had to do a "maintenance period" on a site, I'd set my IP to be allowed, the rest would be forwarded to the maintenance page - all within the .htaccess. I didn't do it via PHP, but just editing the .htaccess on the fly do to the emergency.

[Xdega]

Previously when I had to do a "maintenance period" on a site, I'd set my IP to be allowed, the rest would be forwarded to the maintenance page - all within the .htaccess. I didn't do it via PHP, but just editing the .htaccess on the fly do to the emergency.

 

I know a little about .htaccess, I have used it a bit in the past. So would it be possible to access the file and edit it via php? eg I create an admin web form that has presets to the .htaccess, then have PHP edit the .htaccess instead of having to edit the file on the server.

Reason for this would be if you don't have access to your local dev machine and want to achieve this via remote means.

 

One great use for such a system would be if the website was compromised/hacked and the main index page "defaced". You simply go to your "/maintenance_cp.php" and with a couple of clicks (even on a mobile device) you are able to redirect all users to a pre-made "maintenance" page until you are able to access your development environment to properly take care of the issue.

 

Then to polish it of you could hard code a "whitelist" in the .htaccess file that the PHP file would not be able to edit.

 

I am assuming IF this is possible, that I would have to use the fopen() function? Not to sure where I would go from there though.

thx

[spiderwell]

you read the file and put into a form textarea, and edit it, then post form to a page that will get the new htaccess data and write to the said file.

to have parts of it non editable might be a bit trickier but of course anything can be done in code 

[Xdega]

cool, well some good direction there.

But then thinking about the editable and non-editable parts, maybe a slightly different (and easier) solution would work?...

 

My solution would be more along the lines of creating the entire .htaccess from scratch via a web form? Instead of editing an existing file, also assuming this would be a huge performance boost without having to read a file prior.

 

so basically you enter the admincp, you are presented with a web form with drop down menus, you choose the config you want and then let the $vars do the rest of the work of turning it in to a new .htaccess for the given directory. Of course there could be extra"mandatory" code for the .htaccess file thrown in to hidden form fields, or maybe stored as extra static $vars via a config.php that would be called at the time of constructing the file.

 

I know how to make a web form, how to post vars and how to use them. One thing I have never done yet is create a "non-markup"  file from php code. Just to clarify, would my solution be viable?

 

I understand it could very potentially present major security risks if coded poorly, since .htaccess is essentially the config for my apache web hosting, could be a fun challenge.

[spiderwell]

I would say your solution is viable.

Also reading this has made me think of an alternative that might be easier, have a number of txt files, that are essentially .htaccess files but called htaccess.maintenance.txt or htaccess.txt and then you could create a page that lists these files, with a option to choose which one to 'put as the live .htaccess file'

radio buttons, checkbox, however you want to do it, but the form would pass the name of the file to the processing page, which would read that txt file and rewrite it into the .htaccess file

 

this would prevent people editing any one file, but it also means you need an example of any htacess file that might relevant stored on the server as a text file.