Hiding the urls of your php files

[SirChick]

Is there a way to hide all urls like masking them so that instead of:

 

www.name.com/code.php

 

it'll be www.name.com

 

similar to when you are on a flash website and the url remains the same but your going to many pages .. ?

 

Reason i ask is i have like thousands of pages and i have a feature whereby if the user is locked they cannot access the pages until they are unlocked.. but to put a script on all of these pages would be the last case scenario, if i could remove the url showing the entire name, they can't know what to type into the url to avoid this locking feature...

 

so is it possible?

[hackerkts]

I have seen some pages like what you said before, I think they got around with javascript (if I'm not wrong), I'm not sure how but you can try to use mod rewrite to create a "fake" url. XD

[SirChick]

well I dont need a fake url just need to only show main part of the url not the bits after it thatll avoid them trying to get out of the locking idea.. ill wait to see if any one else may be able to expand on your javascript idea

[rondog]

I know exactly what you are talking about and I too would like to know how this is done!

[freakstyle]

Hi there,

 

you should look into mod rewriting, you'll need to capture the /code.php in order to serve up the correct page, and this is the way to go.

here's a helpful tutorial to get you started: http://www.yourhtmlsource.com/sitemanagement/urlrewriting.html

 

* its a good idea to verify your server has the mod rewrite module installed.

 

good luck to ya

 

[SirChick]

php info showed:

 

 

url_rewriter.tags

a=href,area=href,frame=src,input=src,form=,fieldset= a=href,area=href,frame=src,input=src,form=,fieldset=

 

 

which i assume means its on ?

[Jessica]

You must be checking to see if they are logged in on each page. Why not just add the check if they are locked into that function?

[SirChick]

jesi.. i dont think i follow too well :S

 

basically say a user gets locked a field in the table named "lockedid" is set to 1 and not 0.... then i have an if statement to make sure they go to that page. But users kept changing the url to any one of my pages and so were free to roam and im trying to find a way to stop this "without" putting if statements on 1000 odd php scripts

[Jessica]

How do you check if they are logged in or not? If they can view those pages when not logged in, you have a bigger problem.

 

Instead of using if statements, write functions. Then when you edit that one function, it will affect all pages.

[SirChick]

well i do a query like:

 

 

find user with userid as session

if row not found exit and error.

 

i then tried doing the same for :

 

check if locked == 1 ...{ header. locked.php}else{ codeee}

 

and it causes a catastrophic server failure and my Xampp stops responding.. i can show u the code ?

[SirChick]

This is what i got which does the you must be logged in script and the locked feature but its not working..

 

<?
session_start();
//this block of code is called up with an include command on the html page that the user displays
$connect = mysql_connect("localhost", "root", "private");

//error handle
if (!$connect) {
echo "Unable to connect to DataBase: " . mysql_error();
exit;
}

//error handle
if (!mysql_select_db("civilian")) {
echo "Unable to select Civilain: " . mysql_error();
exit;
}
// Start up the session

if (!isset($_SESSION['Current_User']) || !$_SESSION['Current_User']) {
die('You must be logged in to view this page');
}

// Get the user's info from the database by putting
// the user id stored in the session into the WHERE clause
$GetUserID = mysql_query("SELECT * FROM userregistration
                    WHERE UserID='{$_SESSION['Current_User']}'");

                  
// Fetch the row from the database
if (!($row = mysql_fetch_assoc($GetUserID))) {
    echo "User not found!";
    exit;
echo mysql_error();
}

$Jail = $row["JailID"];

If ($Jail == 1) {
Header    ("Location: Londonjail.php");
}




?>

[Jessica]

What about it is not working?

[blueman378]

well there is one cheap way

on your main page have a frame which is 100*100 and remove the frame border so and load your page in there and only www.url.com will show in the browser

 

cheap but it works

[d22552000]

ya ive done that

 

<framset 100%*100%> :D It is so awesome.

 

Although if they right click the page and hit properties they will get the exact link of the page, unless you disable right clicking :D .

 

I just have my site in a frame, then the frame opens up a window wiht no status bar and no file menus that has the site no way for them to get the url, then I disable right clicking in the new window.

 

Now there is no way for them to pass through it lol.

[blueman378]

hehe yeah lol i found that out when i had a forum lol the link bla.com/cgi-bin/yabb/yabbfiles/yabb.pl really wasnt good lol

[d22552000]

I hate YA bb lol.

[blueman378]

haha lol y

[GingerRobot]

ya ive done that

 

<framset 100%*100%> :D It is so awesome.

 

Although if they right click the page and hit properties they will get the exact link of the page, unless you disable right clicking :D .

 

I just have my site in a frame, then the frame opens up a window wiht no status bar and no file menus that has the site no way for them to get the url, then I disable right clicking in the new window.

 

Now there is no way for them to pass through it lol.

 

What if someone disables javasript? They could then view the source quite happily.

[GingerRobot]

As far as the question is concered, i have to wonder why you have 1000 files. I assume this is some sort of game. Surely most of these files are very similar? Surely you could cut down no the number of files vastly with some variables?

[d22552000]

I have a backup to that, the site both uses a VB script and a JS script files.  If they disable both it shows a warning.

[SirChick]

the site is VERY large cos of the amount of stuff im coding... its a 2 year project of like 10 hours a day coding via a team. And yes it is a game.. and the site is cut down it was hitting 5000 odd but that was back in the days when we weren't so good at coding but we have learnt alot better methods since.