[surferboy]

I am using a php-driven security system to protect my website. There are several ways to secure the site: one is to apply a line or two of php code to the top of each page; another is protect entire directories. To do this, you place an .htaccess file in the directory along with a php file that has php require commands, etc.

I would like to use the directory protection method. When I try to protect a directory with a simple php file (hello world), the system works, but when I try to protect more complex pages in that directory, I have all kinds of problems. I think the issue is that the more complex pages have php includes and javascript in them. For example, file within the file directory called fileA.php has a php include at the top. That included file (nav.php) is the php file that helps drive my javascript navigation bar. I made the navigation bar with dreamweaver.

When I try to utilize this protection scheme by protecting the directory, Safari doesn't show anything, and firefox shows a bunch of javascript code from the included file.

So, to cut to the chase, here's my question: when you create a php file that you will then include in a different file (in this case, nav.php is the included file), is there a recommended way to enclose the html within the nav.php file to avoid problems? I think you are only supposed to have the actual html?

Let me show what the first several lines of the nav.php file are. Should I changed things?

<script language="JavaScript">
<!--
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}
function MM_swapImage() { //v3.0
var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}

within the file, there is still a </head> tag that I just noticed; but ther is no <head> in the beginning (I took it out).

There are no closing tags at the end, except the tags that close the table.

Any words of wisdom are appreciated.

[surferboy]

OK, let me make it easier for you to give me advice:

Is it better to call the included file .inc, .php or .inc.php?

It seems to be some conflict with my php includes and some other php scripting used to protect the directory.

[Simon Mundy]

Originally Posted by surferboy

OK, let me make it easier for you to give me advice:

Is it better to call the included file .inc, .php or .inc.php?

It seems to be some conflict with my php includes and some other php scripting used to protect the directory.

Well, I call a spade a spade. If it's a PHP file, then call it yourinclude.php - for the sake of naming conventions in your site, however, put it inside a folder called 'includes' so it's obvious what its purpose is.

As an aside, I wouldn't call this thread PHP Craziness, as it has less to do with PHP problems (by the sound of it) and more to do with how your final HTML is structured. Perhaps you could post a quick snippet of a final rendered HTML page, with comments around the includes, to help the diagnosis.

[surferboy]

OK,
I have pinpointed the problem (sort of). My menu is a fireworks created menu that relies on a separate .js file. The problem seems to be trying to include a php file that relies on an outside .js file.

Can anyone give any advice on this scenario: trying to do a php include on a file that relies on an outside .js file.

By the way, this all works in a simple way- but when I am trying to apply a protection scheme using .htaccess, etc., it falls apart.

[Simon Mundy]

Perhaps you could post a quick snippet of a final rendered HTML page, with comments around the includes, to help the diagnosis.

It's hard to help if we don't yet know exactly the symptoms!

[skalie]

Originally Posted by surferboy

OK,
I have pinpointed the problem (sort of). My menu is a fireworks created menu that relies on a separate .js file. The problem seems to be trying to include a php file that relies on an outside .js file.

Can anyone give any advice on this scenario: trying to do a php include on a file that relies on an outside .js file.

By the way, this all works in a simple way- but when I am trying to apply a protection scheme using .htaccess, etc., it falls apart.

er.......... JavaScript being client side and Php server side, maybe a Php include isn't the best way to go as the Php will be including the file before the JavaScript (.js file) has had a chance to execute itself (to coin a phrase).

[Disclaimer]Could be totally wrong bout that however[/Disclaimer]

[Simon Mundy]

Assuming your page is called 'index.php' and you have your call to the htaccess script up the top of the page, try adding in:-

ob_start();

before any other line of code. I could be wrong, but it sounds like somewhere PHP is returning information before the headers, thereby destroying your authentication. Output Buffering will stop all output until the headers have been sent (and all the way until script execution if you let it).

Lemme know you go.

[surferboy]

Simon, sorry to sound like the rookie that I am, but into what file would you put that ob_start? in the .htacces?

Thanks,
I think we're gettin' somewhere

[mondayisgreat]

Originally Posted by surferboy

into what file would you put that ob_start

If I may answer your question, put "ob_start()" at the top of hte php file. THis will cause the PHP engine to perform output buffering (thus the "ob")

I'm not sure if this question arose during the previous emails, but I thought I'd answer this additional idea. Most PHP configurations include all PHP, interpret, and then give the output. So, if you have some HTML headers (<header>,<body>, etc.) defined in one included php file, then another php file also has the same html headers, then a page that includes both pages would result with two sets of html headers. It's best to keep the html headers in the primary php page (mypage.php), and then within includes files, such as navmenu.php, simply include the html for only the navigation menu.

Hope this info helps.

[surferboy]

I think I've cleaned out the headers, but I'll double check! Thanks again.

[ctlq]

you need to include your "security" php file in the .htaccess like this:
php_value auto_prepend_file "/path/to/security.php"

That's all you have to do. Don't use ob_start().

[surferboy]

This is all good advice: I have employed several of these bits of advice in varyiing degress. Would anyone be willing to take a swing at this if I zipped some files and emailed them? I am just interested in what you think about the basic code- and why it might break down in a PHP environment. My php includes work just fine until I employ my user authentication which employs .htaccss and a number of php scripts.

If you are really interested, I can send you a zip of the authentication scripts. I bought them, but I don't think the author would mind - since this is troubleshooting. You'd get a free authentication system out of it if you wanna take a crack. I just have a hard time trying to adequately explain the symptoms and the associated conditions.

Any takers?