Htaccess misconfiguration

Server Config
1

Hello,

I’ve already talked to my webhost, but they don’t seem to know the least about htaccess files and I am fairly inexperienced. Anyway, my host says there’s a misconfiguration in my htaccess file, so it doesn’t work. Could anyone have a look at my code and point out what I’m doing wrong?

<Files .htaccess>
	order allow,deny
	deny from all
</Files>

AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off
php_value docref_root 0
php_value docref_ext 0

Options -Indexes

RewriteEngine On
RewriteBase /

RewriteCond %{HTTP_HOST} ^www\\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

ErrorDocument 400 /system/error.php
ErrorDocument 401 /system/error.php
ErrorDocument 403 /system/error.php
ErrorDocument 404 /system/error.php
ErrorDocument 405 /system/error.php
ErrorDocument 500 /system/error.php
ErrorDocument 501 /system/error.php
ErrorDocument 502 /system/error.php
ErrorDocument 503 /system/error.php

RewriteRule ^/?$ index.php?s=info&p=1

RewriteRule ^info/?$ index.php?s=info&p=1
RewriteRule ^more/?$ index.php?s=more&p=1

I’ve always used htaccess to send [noparse]http://www.domainname.com/[/noparse] to [noparse]http://domainname.com[/noparse] and on every host this works perfectly, but on this host it doesn’t work at all. My hosts reply was to set this up via the Plesk control panel, their solution was to add a domain alias. So my site works fine now but I dislike their solution, so I hope I’m doing something wrong…

Also one more question, could be related to this problem. I have a [noparse]www.host.com/index.php[/noparse] page and on that page is the following mysql code: mysql_query(“UPDATE sys SET y = y + 1 WHERE x = ‘total’”); , to check my visitor rate. When someone visits the page I get not oldvalue + 1 but oldvalue + 2. It would seem like the page gets loaded twice?

Thank you very much in advance :slight_smile:

2

xt,

You are:

<Files .htaccess>
	order allow,deny
	deny from all
</Files>
# Not a problem

AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
# Dunno - I don't serve compressed files

php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off
php_value docref_root 0
php_value docref_ext 0
# Dunno - I don't set php flags or values in the .htaccess

Options -Indexes
# Fine

RewriteEngine On
RewriteBase /
# What for? That's only to UNDO a mod_alias redirection (but not harmful)

RewriteCond %{HTTP_HOST} ^www\\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
# I'd not worry about the domain name in the condition but hardwire it in the redirection (to make the case constant)

ErrorDocument 400 /system/error.php
ErrorDocument 401 /system/error.php
ErrorDocument 403 /system/error.php
ErrorDocument 404 /system/error.php
ErrorDocument 405 /system/error.php
ErrorDocument 500 /system/error.php
ErrorDocument 501 /system/error.php
ErrorDocument 502 /system/error.php
ErrorDocument 503 /system/error.php
# Fine

RewriteRule ^/?$ index.php?s=info&p=1
# Fine but this will be ANDed with the info one below which will disable it (and the more one below that)
# Look-up what a Last flag does

RewriteRule ^info/?$ index.php?s=info&p=1
RewriteRule ^more/?$ index.php?s=more&p=1

The MySQL problem has nothing to do with your .htaccess problem.

To investigate the mysql_query statement, we’d need to know where you get the value of y (assuming that x and y are fields in the sys table).

Regards,

DK

3

Hey, thanks for your reply! :slight_smile:

I’m going to walk through it step by step, if you don’t mind :wink:

So I could delete the line “Rewritebase /”?

With hardwire you mean display the real domain instead of dynamically fetching it, like:

RewriteCond %{HTTP_HOST} ^www\\.(.+)$ [NC]
RewriteRule ^(.*)$ http://mydomain.com/$1 [R=301,L]

Like that?

And I should add a last flag sign like;
RewriteRule ^/?$ index.php?s=info&p=1 [L]
Like this?

About the mysql statement (I’ll just post it here)…
x and y are indeed table column names. x is the identifier and y the value.
Whenever a person visits my site I want to add one to the existing value in the row.

Originally I did this;

  1. Retrieve old value
  2. Do oldvalue + 1
  3. Update the value with the new one

But then I read it could be done faster like,
update value = value + 1, like;

mysql_query("UPDATE sys SET y = y + 1 WHERE x = 'total'");

But when I visit the page, I get added 2 instead of 1.

Also,
I have domain/index.php and domain/admin/index.php
When I visit domain/admin/index.php the code in domain/index.php runs (Don’t know why, but it has to, otherwise I wouldn’t get + 1 with the value in de table)
So here the code actually does what it has to do, but it shouldn’t run at all…

Sorry for being so confusing, never had this problem before…

Thank you very much in advance :slight_smile:

4

xt,

Regards,

DK

5

Ok, I’ve updated my .htaccess file :slight_smile:

For the mysql code, it’s only executed once in domainname.com/index.php (not as a included page) . No other page has the code. So, how is this possible?
It seems like the domain.com/index.php file is executed before we get to see the domain.com/admin/index.php file…

I tested it once more and as I refresh the domain.com/admin/index.php file, the counter adds up 1, if I visit the main site the counter adds up 2.

Is it possible that somehow the index.php page gets loaded before the admin/index.php?

6

[MODERATORS: This thread probably belongs in the PHP section (rather than databases).]

xt,

If admin/index.php increments the counter then index.php is NOT the only page with the code. Think this through! If any other page increments (which I believe is the case because you use x and y fields), then you have an included file (included in your header?) which does this incrementing across the board. Thus, when it’s included more than once, it increments more than once.

I believe that you have a problem within your PHP scripts which is double counting for you. Check that out first as it’s almost too obvious!

Regards,

DK

7

I had already checked the documents, but just to be sure I just opened all my php pages present on the webserver.
With the search function of my editor I searched for some keywords and the results were that there was no duplicate code.


[B]Search "'tc'" (2 hits in 2 files)[/B]
  [COLOR="#A52A2A"]C:\\Users\\Manon\\Documents\	est\\index.php (1 hits)
	Line 10: 		mysql_query("UPDATE sys SET y = y + 1 WHERE x = 'tc'");[/COLOR]
  C:\\Users\\Manon\\Documents\	est\\step1.php (1 hits)
	Line 33: 	$result = mysql_query("SELECT y FROM sys WHERE x = 'tc'");

[B]Search "index.php" (5 hits in 5 files)[/B]
  C:\\Users\\Manon\\Documents\	est\\step3.php (1 hits)
	Line 19: <form action="index.php" method="get">
  C:\\Users\\Manon\\Documents\	est\\step1.php (1 hits)
	Line 2: <form action="index.php?step=step2" method="post" enctype="multipart/form-data">
  C:\\Users\\Manon\\Documents\	est\\step2.php (1 hits)
	Line 15: <form class="floatForm" action="index.php" method="get">
  C:\\Users\\Manon\\Documents\	est\\step4.php (1 hits)
	Line 12: 		header("Location: index.php");
  C:\\Users\\Manon\\Documents\	est\\login.php (1 hits)
	Line 8: 				header("Location: index.php");

[B]Search "+ 1" (5 hits in 3 files)[/B]
  C:\\Users\\Manon\\Documents\	est\\index.php (2 hits)
	Line 7: 		mysql_query("UPDATE sys SET y = y + 1 WHERE x = 'vc'");
	[COLOR="#A52A2A"]Line 10: 		mysql_query("UPDATE sys SET y = y + 1 WHERE x = 'tc'");[/COLOR]
  C:\\Users\\Manon\\Documents\	est\\x.php (2 hits)
	Line 9: 		$i = (int)$i + 1;
	Line 17: 		mysql_query("UPDATE cnt SET vc = vc + 1 WHERE id = '".$_GET['id']."'");
  C:\\Users\\Manon\\Documents\	est\\index2.php (1 hits)
	Line 108: 					height = parseInt(height) + 11;

[B]Search "WHERE x = 'tc'" (2 hits in 2 files)[/B]
  [COLOR="#A52A2A"]C:\\Users\\Manon\\Documents\	est\\index.php (1 hits)
	Line 10: 		mysql_query("UPDATE sys SET y = y + 1 WHERE x = 'tc'");[/COLOR]
  C:\\Users\\Manon\\Documents\	est\\step1.php (1 hits)
	Line 33: 	$result = mysql_query("SELECT y FROM sys WHERE x = 'tc'");

I really can’t find it, or I overlook it every time. I checked all my php files.
My host doesn’t look into it, he only replies ‘let a mysql expert have a look’.

8

xt,

It was a simple repeat of the ! before the second UPDATE statement, IMHO. Moreover, what you’d sent for admin/index.php had NO UPDATE statements so it should not have incremented.

Regards,

DK

9

xt,

I believe I was wrong above in commenting about the series of RewriteRules without the Last flag:

• Unless there is a flag directing otherwise, mod_rewrite will continue processing RewriteRules until complete before performing the URL redirection.
• If the RewriteRule has a Last flag, the per-directory processing will stop and the URL will be redirected. After restarting the process with the server and virtual host processing on the redirected URL, the per-directory processing will be restarted.

That implies that a Last flag is not required to separate the RewriteRules (ergo, the implicit ANDing is only for the RewriteRule and it’s associated RewriteCond statements). However, using the Last flag as I’d suggested would only cause the one RewriteRule which could be matched to be matched and start redirecting immediately.

I believe that this is a case of “no harm, no foul” but, as my information was incorrect, please accept my apologies.

Regards,

DK