Hello
Before I say: Yes i've googled it, AND been in tutorials section; i can get it to work, but not the way I wanted it to and/or it errors.
Right, what I want is to have index.php?page=blablahere BUT I want something like ?page=operations/staff or ?page=community/members and I'd want that to load *.net/pages/operations/staff.htm or php
If you get me?
Else it would display index.php?page=404 (pages/404.htm)
Anyone shed some light?
Cheers
Luke
Results 1 to 10 of 27
Thread: phpInclude Help
-
phpInclude Help
-
index.php?section=community&page=members
index.php?section=operations&page=staff
Then when including do the path like,
All crap after the URL is bad anyway. Look into mod_rewrite.PHP Code:include "/pages/".$_GET['section']."/".$_GET['page'].".php";
we're smiling but we're close to tears, even after all these years
-
Managed to get it all working - cheers
-
Make sure you verify the section/page against an array if you use this.
Originally Posted by MattFr
-
^^ Explain?
This is my code:
PHP Code:<?php
if(!$_GET['page'] || $_GET['page'] == "home") {
include("pages/home.php");
}
elseif($_GET['page']) {
if($_GET['subpage']) {
if(!@file_exists("pages/{$_GET['page']}/{$_GET['subpage']}.php"))
{
echo "Not found.<br/><br/>The file could not be found - timmy must've ate it..";
}
elseif(@file_exists("pages/{$_GET['page']}/{$_GET['subpage']}.php")) {
include("pages/{$_GET['page']}/{$_GET['subpage']}.php");
}
} elseif(!$_GET['subpage']) {
/////
if(!@file_exists("pages/{$_GET['page']}.php") || $_GET['page']==404)
{
echo "Not found.<br/><br/>The file could not be found, please use the navigation next time";
} elseif(@file_exists("pages/{$_GET['page']}.php")) {
include("pages/{$_GET['page']}.php");
}
}
}
?>Last edited by Luke; 03-05-2010 at 07:37 PM.
-
I know the verify bit is important but if this is for a personal site then u obvs know the pages will exist... Originally Posted by LukeBateson
Lew.Im not here to be loved, I love to be hated :-}
-
It isn't a personal site
-
Basically that code would be pretty easy to exploit. This is pseudo because I can't be bothered to code, but do something like this:
switch section
case section 1:
switch page
case page 1, include page 1.
case page 2, include page 2.
default, show 404.
break
case section 2
switch page etc
break
default show 404.
Using this way, people can only get to pages you define. A better way to do this would be using a comparative array, but I cba to type that.we're smiling but we're close to tears, even after all these years
-
One way to verify:
Haven't tested, but that should work + be secure.PHP Code:<?php
// Usage: ?p=section/page
// Doesn't check if page name matches section name, but this doesn't really matter.
// Separate section from page, and put into two variables.
list($section,$page)=explode("/",$_GET['p'],2);
// Set the allowed page/section names in the arrays below.
$allowedSectionNames=array("sectionname1","section2");
$allowedPageNames=array("home","about");
$file="pages/".$section."/".$page.".php";
$matchedSection=false;
$matchedPage=false;
// Cycle through the possibilities - check if section / page name is allowed.
foreach($allowedSectionNames as $name){
if($section==$name) $matchedSection=true;
}
foreach($allowedPageNames as $name){
if($page==$name) $matchedPage=true;
}
// If either the section or page name is not allowed / doesn't exist, show four oh four.
if(!$matchedPage || !$matchedSection || !file_exists($file)) $file="page/404.php";
include($file);
?>
But mod_rewrite is really more suited to this job.Last edited by Apolva; 04-05-2010 at 12:19 AM.
-
The code was secure enough as it was. It doesn't need changing.
visit my internet web site on the internet
http://dong.engineer/
it is just videos by bill wurtz videos you have been warned
Reply With Quote
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts