ZeptoBlog

November 2006
S	M	T	W	T	F	S
« Oct		Dec »
	1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

I’m not even sure where to start with this topic. I’m thinking that a good place to start is how the users get to the framework. .htaccess

htaccess is somewhat of a new thing to me. I have extensive experience in writing a Java Framework using Tomcat and JBoss. The way that I choose to write a framework is to have every page request filter through a single controlling entry point. This can really limit the chance of security holes. In Servlet containers this is done using servlet and servlet mapping definitions. You can easily send all requests through a single servlet that takes care of authentication and authorization before a page ever gets displayed. It turns out that the servlet mapping is just a watered down version of Apache’s mod_rewrite and, of course, .htaccess is processed by mod_rewrite. What I discovered is that you can achieve the same effect by using .htaccess and a well written php script.

This is what my .htaccess looks like:

RewriteEngine On

RewriteRule .*style/(.*) style/$1 [L]

RewriteRule .*images/(.*) images/$1 [L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !(framework/Tower.php)
RewriteRule . framework/Tower.php [L]

First of all, I used the .htacess that comes with Wordpress as a starting point - give credit where credit is due. I think there is only one line left from the borrowed file though. If this code looks totally foreign to you then do a Google Search for mod_rewrite. I looked at this Apache Doc and this nice reference sheet when getting familiar with mod_rewrite.

The gist of that code is this. Every request that come to my url will be redirected to a script called Tower.php - tower is meant to be like an airport tower that directs traffic - unless the request points to an actual file on the server. This caveat is there because I am building this framework in the middle of a working site and I don’t want to convert the entire site before using the new features. Also, I added the style/… and image/… so that my scripts don’t have to worry about how many ../../../ are needed to find the css and image files. Of course if your system is always running at the root - not in a subdirectory - you don’t need this little bit.

Now, I’m not saying that this is the best way to write a .htaccess file to do what I am doing, but it works. If you experts out there have suggestions, please let me know.

My tech playground

Writing a PHP Framework