| classRequest.php |
|---|
• Overview:
The purpose of this class is to prevent knowledge of the structure and operation of your website from being published to the world through URLs that load web pages and media into visitors' browsers. It achieves that purpose by deliberately causing "page not found" exceptions, cathing those exceptions and then taking appropriate action while disclosing nothing to website visitors.
Upon being instantiated, this class automatically retrieves the complete URL, including subdomain, domain name, domain and up to six alias names disguised as a directory path. It works only if (1) the Apache server has enabled .htaccess file over-rides; (2) if an .htaccess file in the domain's root directory contains a redirection for Apache exception class 404 (file not found); and (3) if at least the first alias (here called "site") is not also a real directory in the domain's root directory. The .htaccess file entry is:
ErrorDocument 404 /index.php
where /index.php is located in the domain's root directory and instantiates classRequest.php. Note that, on MS Windows® platforms, text editors like MS Notepad® will not allow saving a file with only a file type (the dot and following characters). So, save the file as "x.htaccess", then rename it to remove the x.
In the following example URL:
http://www.MyDomain.com/site/page/action/arg1/arg2/arg3
"www" is the subdomain (which might also be any other desired value, such as "info"); "MyDomain" is the domain name; "com" is the domain; and all rightward entries are aliases in the form of a directories path. In classRequest.php, the names of the six aliases, from left-to-right, are as illustrated in this example. However, no matter what the aliases are called, what they actually represent is entirely up to you, such as:
classRequest.php was developed as a security device where all website owners are underage high school students. In that context, "site" is the name of a teacher; "Page" is the name of a student in that teacher's class; "action" is the name of a web page in that student's website; and "arg1", "ar2" and "arg3" mean anything that a student wants them to mean. This method makes it effectively impossible for pedophiles to use the domain as a "happy hunting ground" for victims because the don't know the actual values for any of the six aliases. Another layer of security might require all website visitors to log in (by teacher, student and student's family and friends) before even getting started.
This class cannot be used in tandem with <form> ... </form> elements that invoke GET method, because aliases are assumed to be part of the last data field in the GET sequence.
However, this class can be used in tandem with <form> ... </form> elements that invoke POST method, because classRequest.php checks to see if the element in the position of the first alias is actually a script page (ending in .html or .php). If so, search for alias entries is shifted rightward by one position so that all aliases align correctly.
If a an anchor target is included in the URL, then an alias list cannot be used. For example, in the URL
mySite.com/index.html#start/site/page/action/1/2/3
everything after start/ will be assumed to be part of the anchor name, not a series of alias names. Note that an anchor target is actually an instruction to the browser, not to the server.
When setting up a domain like this, use the following test program to assure correct functioning of classRequest.php before continuing with website programming:
• Invocation:
• Retrieve and display URL parts:
• Complete source listing of classRequest.php:
<?
/*
filename: classRequest.php
author: Al Olmstead, AlOlmstead.com, Al@AlOlmstead.com
dependencies: none
*/
class Request {
var $subDomain; function getSubDomain() {
return($this->subDomain);}
var $domainName; function getDomainName() {
return($this->domainName);}
var $domain; function getDomain() {
return($this->domain);}
var $site; function getSite() {return($this->site);}
var $page; function getPage() {return($this->page);}
var $action; function getAction()
{return($this->action);}
var $arg1; function getArg1() {return($this->arg1);}
var $arg2; function getArg2() {return($this->arg2);}
var $arg3; function getArg3() {return($this->arg3);}
function __construct() {
function checkFirstValue($caseNumber,$value) {
$returnValue=$caseNumber;
$htmlPosition=strpos($value,".html");
$phpPosition=strpos($value,".php");
if($htmlPosition>0 || $phpPosition>0) --$returnValue;
return($returnValue);
} // checkFirstValue()
$serverNameArray=explode(".",$_SERVER['SERVER_NAME']);
$serverNameArrayCount=count($serverNameArray);
switch($serverNameArrayCount) {
case 2:
$this->subDomain="";
$this->domainName=trim($serverNameArray[0]);
$this->domain=trim($serverNameArray[1]);
break;
case 3:
$this->subDomain=trim($serverNameArray[0]);
$this->domainName=trim($serverNameArray[1]);
$this->domain=trim($serverNameArray[2]);
break;
default:
} // switch()
$requestUriArray=array();
$requestUriArray=
explode("/",$_SERVER['REQUEST_URI']);
/* Because REQUEST_URI always begins with /,
requestUriArray[0] will always be empty. */
$requestUriArrayCount=count($requestUriArray);
$workValue="";
$caseNumber=0;
for($x=1; $x<$requestUriArrayCount; $x++) {
if(isset($requestUriArray[$x])) {
++$caseNumber;
$workValue=trim($requestUriArray[$x]);
if($x==1) {
$workNumber=
checkFirstValue($caseNumber,$workValue);
if($workNumber<$caseNumber) --$caseNumber;
} // if()
} // if()
switch($caseNumber) {
case 1: $this->site=$workValue; break;
case 2: $this->page=$workValue; break;
case 3: $this->action=$workValue; break;
case 4: $this->arg1=$workValue; break;
case 5: $this->arg2=$workValue; break;
case 6: $this->arg3=$workValue; break;
default:
} // switch()
$workValue="";
} //for()
} // __construct()
} // class Request{}
?>