I developed a website with the possibility to register and log in, using the following structure:
|-- includes
|-- public_www
|---|-- src
|---|-- private
- includes: Contains sensitive files (configuration, etc.).
- public_www: Contains my web pages (index.php, signin.php, signup.php, etc.).
- src: Contains resources for my pages.
- private: Contains processing files (process_signin.php, process_signup.php, etc.).
In the private folder, there is a .htaccess file to enhance security by blocking direct access to the .php files, except from the server itself.
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.*)$ $1.php [L]
<FilesMatch ".php$">
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
-> Problem encountered:
The form in signin.php (form) uses process_signin.php (logic), which is located in the private folder. After submitting the form, I return to the signin.php page without any processing being done. Here is an excerpt of the code:
<?php
include __DIR__ . '/../../includes/db_connection.php';
include_once __DIR__ . '/../../includes/logger.php';
session_start();
if ($_SERVER["REQUEST_METHOD"] === "POST") {
// More code .....
} else { // I encountered this situation
$_SESSION['error_message'] = "";
header("Location: /sign-in.php");
exit();
}
?>
The following elements are well-defined: folder security and accessibility, page and directory names.
I have already tested these files on my local environment (localhost), and everything works perfectly. However, when I upload the site online, this problem occurs. I even tried moving process_signin.php to public_www (while respecting the directory changes), but the problem persists. Has anyone encountered the same issue, or do you have any suggestions for resolving this?