.php or .htm for web pages

[kurt.santo]

I plan to extend my new website as I go along and just start off with a few pages... On some pages I probably will be ok to use simple HTML page, where on some other pages I will use PHP to interact with a database. What is the best advice for me: Do I save all files with .php to make sure I can use the extended functionalilty PHP offers (if needed) or is there an other way to stay more flexible?

Kurt

[hostBrain]

I prefer to have all extensions with php, regardless of whether the pages have php or just plain html, that way, if you ever need to include php in a page, you're all set

[kurt.santo]

Thanks for you feedback... Sounds like a good solutions

Kurt

[wige]

As an evil hacker, I have all my pages show as html whenever possible. I also override the X-Generated-By header to further hide that the pages are PHP. I then set the server to process all .html pages as php. This way, if a PHP exploit is ever found, my site is much less likely to be targeted. It also looks better in the serps, because pages ending in .html seem to be more trusted by the user than sites ending in .php (This is the case, at least, after limited testing with users who are somewhat technically adept). It doesn't affect ranking, but it can improve the click through rate.

[niggles]

If you're going to re-do the whole thing in PHP, then it might be worth including a few lines of code ready for if you need them.

I tend to bring in a lot of files through PHP includes and always put in "blank" includes from the start so I don't need to backtrack later if I need to.

Most particularly I include in the <head>

* configuration settings
* ie css-hacks
* pointer to my js scripts

In the <html> I always include

* copyright-footer

These are elements you'll find you want on every page and it's far better having them available from the start in case you want to add stuff later!

Cheers,
Niggles

[RegDCP]

Kurt, sounds like you are going to be developing the php.

If so, why not use a content management system?

Reg

[G[dot]com]

I am interested in wige´s solution, even though I agree and muchly do as hostbrain. Further details wige? Do you handle that through the htaccess alone, or something else?

Thanks.

[Veikoh]

Why not to develop XML with XSLT and CSS formatting? I did that for my mobile content publishing sytem http://veikoh.freehostia.com/weeblog/frameset.html for IE, Welcome to mobile content publishing system for Opera.
Was interesting to develop, spent two weeks but google loves it. The project is currently in hold until I found extra £500 to finish it as proper mobile content publishing system. There is still also some bugs there.

[hostBrain]

Quote:

Originally Posted by G[dot]com

Do you handle that through the htaccess alone, or something else?

Yes, just htaccess

IN the root directory, put your htaccess file and put the following code

Quote:

AddType application/x-httpd-php .php .html

This will essentially allow html extension pages to act as php pages.

[tamecrow]

We use .php as we're on a Linux server and make good use of PHP includes. I realise this can be done with SHTML, but there's no real advantage to us changing our regular practice for that, so it's .php for us

[Webnauts]

hostBrain above provided the best solution.

[kurt.santo]

Just for newbies as me:
Having installed Apache web server on my laptop (just for testing) I have a configuration file called "httpd". Is this what you mean by "htaccess"? If yes, why the different name?

Then if I include the following line "AddType application/x-httpd-php .php .html " in this file: I save my files at .html (or .htm when inserting "AddType application/x-httpd-php .php .htm") and they will show as such, but still process php? Did I get this right?

If I understood this correctly: Is it normal practice that you can access this file to make changes with your hosting company? With my old hosting company I am almost sure there was no way for me to alter things like this (I am just in the process of evaluating a new hosting provider)...

Kurt

[wige]

.htaccess is a configuration file that you create and enter in the folder you want the directives applied to. The httpd configuration file is the central configuration file for Apache. If you own the server, you can make the changes in the httpd file. However if you have shared hosting you need to make the changes in an .htaccess file located in your root directory. The directives will carry to all subdirectories as well.

As far as the directives, other than the one already mentioned, I use
Header unset X-Powered-By
which removes the identifier telling the user that the page uses PHP.

[G[dot]com]

Great, thank you (both hostbrain and wige) for the further reply!

[kurt.santo]

So, when I go live I will create a .htaccess file (just including the mentioned entry or do I need to include other information?), which I put in root directory (where all web pages of site will be placed)? Does it cascade down (be applied to all subfolders)?

Kurt

[hostBrain]

I wouldn't wait until you go live, test it now.

and yes, putting it in the root, will cover all sub-directories

[G[dot]com]

btw, don´t panic when you upload the file via ftp in root, if it "vanishes" from the file list when you refresh (the htaccess is a hidden file, at least in all servers I´ve known).

[kurt.santo]

Still have problems to understand:
I create a file (in my text editor) and place the following only as content "AddType application/x-httpd-php .php .html ". Then I save the file as .htaccess (is this actually the file extension or is the name htaccess with a dot and sth else behind)???
Got the upload bit (at least sth)...

Kurt - the one with the small brain

[kgun]

The name of the file is

.htaccess (with a dot in front of the h)

and may in addition to the directives mentioned above include configuration paths like

php_value include_path ".:/usr/local/lib/php: etc : etc.

Block bad bots like this: (# indicates comments in the file).

RewriteEngine on #Only include this line once to enable the rewriting engine

#These lines block agents commonly used to harvest URLs and email addresses.
#One of the uses of such agents is to gather URLs for subseqent referral spamming
#by a large number of hosts. Thus, preventing their access may, by itself, decrease
#the amount of referral spam you receive.
RewriteCond %{HTTP_USER_AGENT} ^Microsoft\ URL\ Control.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla/4\.0\ .*Win\ 9x\ 4\.90.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Indy\ Library.*$ [NC,OR]

#These lines block bots that use your bandwidth for their own commercial reasons.
RewriteCond %{HTTP_USER_AGENT} ^abot.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^aipbot.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Linkwalker$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*nameprotect.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*TurnitinBot.*$ [NC,OR]

Deny unique IP's

deny from ***.***.***.***

Deny IP regions

deny from 192.168.112.0/24

Explained at the DNSStuff site in the lower left corner in the field named CDIR/Netmask

Apache Tutorial: .htaccess files

Related link: Apache HTTP server project. (Note: the "Get involved menu" with sub menus, "Mailing list", "Bug Report" and "Developer Info").


P.S. deny from 0.0.0.0/1

Will deny the IP range 0.0.0.0 through 127.255.255.255 [2147483648 IPs] from accessing your site.

#For serious offenders or spammers who send referral spam directed to several different
#domains, I block access by IP address. Listed here are the worst offenders. This method
#may be more conservative than some people want to be; if so, just leave this part out of
#your .htaccess file.
<Files 403.shtml>
order allow,deny
allow from all
</Files>
#examples
deny from ........ (Long list excluded)

You may use this technique to set up an informal extranet. (An extranet is a network where only your current customers have access.)

Join the DNSStuff forum if you want to be an expert on this.

[kurt.santo]

But to start off with, it would be ok to just have one line as 'AddType application/x-httpd-php .php .html ' in the .htaccess file? Do not feel to confident and would like to extend slowly (when I get ok through documentation)...

Kurt

[wige]

Yes, that one line is fine, although the .php portion is probably not needed (already set elsewhere). Make sure you upload this file to your document root, this is the top level folder, where your home page is.

[G[dot]com]

I wanted to mention that I am already using this for a new site, and works wonderfully!!! Thank you guys!!! :-*

[kgun]

Quote:

Originally Posted by wige

Yes, that one line is fine, although the .php portion is probably not needed (already set elsewhere). Make sure you upload this file to your document root, this is the top level folder, where your home page is.

You think of php.ini?

But if you are on a shared hoster you do not always have access to that file. In addition, .htaccess is on a lower level than php.ini and as such probably more secure.

[kurt.santo]

Thank you all for your feedback!

Kurt

[wige]

Quote:

Originally Posted by kgun

You think of php.ini?

Actually I meant more that instead of using

AddType application/x-httpd-php .php .html

he should use

AddType application/x-httpd-php .html

in case .php is already set, possibly with a different type for a different php preprocessor. He is looking for simple after all, so keep the terms and settings as minimal as possible. Also, if the line doesn't work, you can rename the file to .php to test the original configuration without an override for troubleshooting.

[kgun]

You are clever.