I was just about to post the new stuff, it seems to be working perfectly! After changing the logging options, I was easily able to walk through this. I did something very similar to what you posted:
- Code: Select all
Options +FollowSymLinks -MultiViews -Indexes
RewriteEngine On
# Only run this once
RewriteCond %{ENV:REDIRECT_STATUS} 200
RewriteRule .* - [L]
# admin resources
RewriteCond %{DOCUMENT_ROOT}/rewrite/admin/webroot/$1 -f
RewriteRule ^admin/(.*)$ admin/webroot/$1 [QSA,L,NC]
# publicly accessible webroot folder
RewriteCond %{DOCUMENT_ROOT}/rewrite/webroot/$1 -f
RewriteRule ^(.*)$ webroot/$1 [QSA,L,NC]
# publicly accessible resources folder
RewriteCond %{DOCUMENT_ROOT}/rewrite/resources/$1 -f
RewriteRule ^(.*)$ resources/$1 [QSA,L,NC]
# everything else goes here
RewriteRule ^(.*)$ dispatcher.php [QSA,L,NC]
Now am I am left with only two things to do in here.
1) I need to lock off the admin resources for users not logged in, but I'm not sure how exactly to tie in php authentication to apache authentication... I guess I could use a cookie, but that seems awfully insecure.. perhaps session variables can be made available?
2) In a perfect world, the subdirectory of the webroot (if any), in which the resides, shouldn't have to be hard-coded in here. Short of creating a generator for .htaccess, is there any way to pull that in?
Thanks!
By the way Richard, I spent some time reading on here last night, you sure do get around, it seems you've been working with this for a while - mod_rewrite has the unique ability to make me feel deficient as a programmer...