Here's what I've done to accomplish search friendly urls AND prevent people from accessing folders/pages that don't exist or are forbidden/restricted
Conditions for these code snippets to work out of the box:
osCommerce 2.2 rc2a & php 5.whatever (4 might work too, don't know, don't use it)
You'll need to create an .htaccess file for this to work.
All your links MUST call the tep_href_link function
You will have to add your add-ons (payments) and such in the .htaccess file
All of your page names contain only letters and underscores (modifiable)
You have not changed the variable names 'cPath', 'pid' and 'products_id' (modifiable)
You have created an error.php page that catches all exceptions (still works if you don't, but for security reasons you should always have one)
Step 1) in the HTML_output.php file, rewrite the tep_href_link function (Changes are in Green) :
// The HTML href link wrapper function
function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) {
global $request_type, $session_started, $SID;
if (!tep_not_null($page)) {
die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine the page link!<br><br>');
}
if ($connection == 'NONSSL') {
$link = HTTPS_SERVER . DIR_WS_HTTP_CATALOG;//changed to HTTPS to force SSL connection on ALL links
} elseif ($connection == 'SSL') {
if (ENABLE_SSL == true) {
$link = HTTPS_SERVER . DIR_WS_HTTPS_CATALOG;
} else {
$link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
}
} else {
die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine connection method on a link!<br><br>Known methods: NONSSL SSL</b><br><br>');
}
[color="#008000"] //Added by Squivo , loses the .php part of the name
if ( (SEARCH_ENGINE_FRIENDLY_URLS == 'true') && ($search_engine_safe == true) ) {
$page_arr = explode(".",$page);
$page =$page_arr[0];
$link .= $page;
}
//
else{
if (tep_not_null($parameters)) {
$link .= $page . '?' . tep_output_string($parameters);
$separator = '&';
} else {
$link .= $page;
$separator = '?';
}
}[/color]
//
while ( (substr($link, -1) == '&') || (substr($link, -1) == '?') ) $link = substr($link, 0, -1);
// Add the session ID when moving from different HTTP and HTTPS servers, or when SID is defined
if ( ($add_session_id == true) && ($session_started == true) && (SESSION_FORCE_COOKIE_USE == 'False') ) {
if (tep_not_null($SID)) {
$_sid = $SID;
} elseif ( ( ($request_type == 'NONSSL') && ($connection == 'SSL') && (ENABLE_SSL == true) ) || ( ($request_type == 'SSL') && ($connection == 'NONSSL') ) ) {
if (HTTP_COOKIE_DOMAIN != HTTPS_COOKIE_DOMAIN) {
$_sid = tep_session_name() . '=' . tep_session_id();
}
}
}
[color="#008000"] //Modified by Squivo
if ( (SEARCH_ENGINE_FRIENDLY_URLS == 'true') && ($search_engine_safe == true) ) {
$parameters2=str_replace('?', '', $parameters);
$params_arr=explode("&",$parameters2);
$otherParams='';
for($i=0;$i<sizeof($params_arr);$i++){
if(substr($params_arr[$i],0,5)=='cPath'||substr($params_arr[$i],0,3)=='pid'||substr($params_arr[$i],0,11)=='products_id'){
$params_arr[$i]=strstr($params_arr[$i],"=");
$params_arr[$i]=substr($params_arr[$i],1);
$link.="/".$params_arr[$i];
}
else if($params_arr[$i]!=''){
$otherParams.=$params_arr[$i]."&";
}
}
if($otherParams!=''|| $otherParams!="&"){
$link.="?".$otherParams;
$separator='';
}
else{
$separator="?";
}
}[/color]
if (isset($_sid)) {
$link .= $separator . tep_output_string($_sid);
}
return $link;
}
Step 2) Then Comment out the section in Application_top.php:
if (SEARCH_ENGINE_FRIENDLY_URLS == 'true') {
/*if (strlen(getenv('PATH_INFO')) > 1) {
$GET_array = array();
$PHP_SELF = str_replace(getenv('PATH_INFO'), '', $PHP_SELF);
$vars = explode('/', substr(getenv('PATH_INFO'), 1));
for ($i=0, $n=sizeof($vars); $i<$n; $i++) {
if (strpos($vars[$i], '[]')) {
$GET_array[substr($vars[$i], 0, -2)][] = $vars[$i+1];
} else {
$HTTP_GET_VARS[$vars[$i]] = $vars[$i+1];
}
$i++;
}
if (sizeof($GET_array) > 0) {
while (list($key, $value) = each($GET_array)) {
$HTTP_GET_VARS[$key] = $value;
}
}
}*/
}
Step 3) Set up your .htaccess rewrite rules
RewriteEngine On
#Rewritebase may need to be /catalog/, or whatever the root of the store is
RewriteBase /
#PRODUCTS and CATEGORIES (includes reviews, anything product related)
RewriteRule ^([a-zA-Z_]+)/([0-9_]+)/([0-9]+)(/)?$ $1.php?cPath=$2&products_id=$3&%{QUERY_STRING} [NC,L]
RewriteRule ^index/([0-9_]+)(/)?$ index.php?cPath=$1&%{QUERY_STRING} [NC,L]
RewriteRule ^([a-zA-Z_]+)/([0-9\{\}]+)(/)?$ $1.php?products_id=$2&%{QUERY_STRING} [NC,L]
# ALL OTHER CASES , THIS RULE IS LAST
Rewriterule ^([a-zA-Z_]+)(/)?$ $1.php?%{QUERY_STRING} [NC,L]
Once these steps are done, turn on Search friendlies in yer admin panel and see if it works - surf your site - I have only tested this on my own sites, all successfully
BOOSH!