This will thread track my progress, but I've hit the first successful part of doing this task. First the url to my php backend is plamdi.com/page.php - but you cannot access it directly. I've hit the first major success in creating the backend.

Basically this is as far as I've gotten:

1. added some lines of code to my .htaccess file:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} ^(.+)/(.+).htm$
RewriteRule ^(.+)/(.+)\.htm http://plamdi.com/page.php?p=$2&l=$1 [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} ^(.+).htm$
RewriteRule ^(.+)\.htm http://plamdi.com/page.php?p=$1&l= [NC]This basically means, if and only if someone tries to access a .htm address at my site that does not exisit (for example plamdi.com/wotc/somepage.htm) it will be redirected to page.php. However, if the htm file does exisit there's no redirection.

2. The next part is page.php itself. It's programmed to ignore requests for files called *page.htm (this way it cannot read itself - or any other script ending in page.php - for instance... http://plamdi.com/files/hpage.php). Also it ignores requests that do not come from a genuine htm redirect - thus if you try to access the page directly by putting page.php?p=whatever&l=whatever in the browser the request will be ignored. The request is also ignored if a required .php file to read cannot be found (so if you type in plamdi.com/badurl.htm then the request will be ignored).

All ignored requests return a genuine 404.

These have been the first major steps in creating the PHP backend. It works 100%, and so now I can get started with making the "dynamic" content. I will continue to report on my progress here, as it's made.

I've never programmed in PHP before (well aside from hpage.php linked to above, but I wrote that like a week ago), but here's the current source code for page.php:
<?
$dir=strtolower(stripslashes($_GET["l"]));
$page=strtolower(stripslashes($_GET["p"]));
if($dir==""){$file=$page.".php";}
else{$file=$dir."/".$page.".php";}
if(strlen($page)>=4){$x=(strcmp(substr($page,-4),'page'));}
else{$x=1;}
if(strlen($_SERVER["REQUEST_URI"])>=4){if(strcmp(substr($_SERVER["REQUEST_URI"],-4),'.htm')){$x=0;}}
else{$x=0;}
if($x&&file_exists($file)){
// header("Last-Modified: ".date("D, d M Y H:i:s",filemtime(${file}))." GMT");
// include($file);
echo("${dir}<br>${page}<br>${file}<br>".$_SERVER["REQUEST_URI"]);
}else{
header("HTTP/1.0 404 Not Found");
header("Last-Modified: ".date("D, d M Y H:i:s",filemtime("404.htm"))." GMT");
readfile("404.htm");
}
?>Can you spot the current possible vulnerability? I can and trust me it'll be fixed before "include($file);" is un commented.

My goals by the way are:

1. for the php generated pages to co-exist with static htm pages.
2. to be transparent to the end user - ie as far as visitors are concerned my urls all end in .htm.

ooh, this is easy:P
Heres what you need to do.
In .htacess you can create some code so page.php can act as a folder.
:D follow?
Then some code in page.php allows it to grab some info, usually random numbers, so site.com/page(pretending to be a folder)/0334829570
now just put whatever you like at the end, dosn't matter, including a .htm.
site.com/page/92874389745/hello.htm
youll need your number to be in a mysql db connected to the info you want on that page.
so on page.php youd have some code to grab the number (i forget, ask if you want i can dig it up) then a mysql query, select from db WHERE number="page number".

easy yes, tedious as it is... but as I explained all non existent .htm url's will be accessed through PHP. This is done, it already handles the URLS - now I just have to write the dynamic content (ie the "pieces" of the webpage).

Okay, some minor changes have been made to the backend. I will now call the script Page.php (with a capitol "P"). The script converts the request to lowercase anyway, so it's impossible to load scripts I don't want it read. Also the .htaccess entries have been replaed with:
RewriteCond %{HTTP_HOST} ^plamdi\.com$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} ^(.+)/(.+).htm$
RewriteRule ^(.+)/(.+)\.htm http://plamdi.com/Page.php?p=$2&l=$1 [NC]
RewriteCond %{HTTP_HOST} ^plamdi\.com$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} ^(.+).htm$
RewriteRule ^(.+)\.htm http://plamdi.com/Page.php?p=$1&l= [NC]This is to prevent the rewrite being run before this:
RewriteCond %{HTTP_HOST} ^www\.plamdi\.com [NC]
RewriteRule ^(.*)$ http://plamdi.com/$1 [R=301,NC]Another advantage now is that all URLS with incorrect cases will resolve when run through the php script. Unix/Linux filenames are case-sensitive, so for instance the url http://plamdi.com/about.htm cannot be accessed through HTTP://PLAMDI.COM/ABOUT.HTM ... but if the about.htm was replaced with dynamic html from Page.php... then calling PLAMDI.COM/ABOUT.HTM, plamdi.com/About.htm and plamdi.com/about.HTM will all resolve. There is a disadvantage to this - if search engines find them, they'll think you're serving duplicate pages and PR you lower - but you just have to deal with that.

:beer:

Well, as promised... here's the next update. The coding is now complete. And here is my first PHP dynamic page:

http://plamdi.com/portal.htm

The others will be converted later. This makes my source MUCH more managable. I still write everything the traditional way (in notepad) - and so here's what the source to portal.php (located at http://plamdi.com/portal.php) now looks like:
<?
$print="";
$title="Plamdi.com Web Portal";
$css="portal";
$pg="Web Portal";
$ck="0";
$un="";
include("top_Page.php");
?>
<center><b>Plamdi.com Web Portal</b></center>
...more HTML...
...go wild!<br><br>
<? include("bot_Page.php"); ?>Here is the complete list of MOD_REWRITE's found in my .htaccess file:
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.plamdi\.com [NC]
RewriteRule ^(.*)$ http://plamdi.com/$1 [R=301,NC,L]
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} ^(.*)\.php$ [NC]
RewriteCond %{REQUEST_FILENAME} !^(.*)Page\.php$
RewriteRule ^(.*)\.php$ http://plamdi.com/$1.htm [R=301,NC,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} ^(.+)/(.+).htm$ [NC]
RewriteRule ^(.+)/(.+)\.htm http://plamdi.com/Page.php?p=$2&l=$1 [NC,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} ^(.+).htm$ [NC]
RewriteRule ^(.+)\.htm http://plamdi.com/Page.php?p=$1&l= [NC,L]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://plamdi.com/.*$ [NC]
RewriteCond %{REQUEST_FILENAME} !set9(3)?(5)?(b)?.jpg$
RewriteCond %{REQUEST_FILENAME} !saga.jpg$
RewriteCond %{REQUEST_FILENAME} !wotc-banner.gif$
RewriteRule \.(gif|jpe?g|jpg|png|vbs|zip)$ - [NC,F,L]And, finally, here is the complete final source to Page.php:
<?
$dir=strtolower(stripslashes($_GET["l"]));
$page=strtolower(stripslashes($_GET["p"]));
if($dir==""){$file=$page.".php";}
else{$file=$dir."/".$page.".php";}
$x=1;
if(strlen($_SERVER["REQUEST_URI"])>=8)
{if(strcmp(substr($_SERVER["REQUEST_URI"],0,7),"/Page.p")==0){$x=0;}}
if($x&&file_exists($file)){
include($file);
}else{
header("HTTP/1.0 404 Not Found");
header("Last-Modified: ".date("D, d M Y H:i:s",filemtime("404.htm"))." GMT");
readfile("404.htm");
}
?>The only thing yet to do is replace the 404 page with a PHP file.

Any comments for improvement?

:beer:

Oh by the way, gzip compression reduces portal.htm from 27.33kb to 6.26kb when sent... I'm thinking of letting PHP also serve up css and javascript files for gzip compression - this will make my site appear to load really fast to visitors... is there any reason I shouldn't do this?

gzip compression smashes servers memory usage, I always ask ppl to turn it off...