Jump to content


Photo

Calling pages from another directory


  • Please log in to reply
12 replies to this topic

#1 ToasterKing

ToasterKing
  • New Members
  • Pip
  • Newbie
  • 7 posts

Posted 11 August 2006 - 07:18 PM

I honestly would have searched but I don't even know what I'm looking for. It's simple, but explaining it (for me) is complicated so I'll try to just explain it visually. I have an index page with this.

---img text, etc html--

      <?php
if(!$ad || $ad == ""){$ad = "visitors";} ?>
      <?php include("$ad.htm"); ?>

--img text, etc html--

So my links look like: http://www.mysite.com/?ad=visitors
But I want to put some files in a protected folder like: http://www.mysite.co...cted/secret.htm
What url would I use to load that up properly so the page comes between my img text, etc html? Or should I just copy and paste my index.php into the protected zone and use the same php code but this way I can just do a http://www.mysite.co...cted/?ad=secret

Very sorry if that doesn't make any sense, tried to explain it the best way I could. If I posted this incorrectly I'll gladly rewrite it according to any rules I missed (and I did read the rules). Thank you to anyone who can answer whenever you get around to it.

#2 ToasterKing

ToasterKing
  • New Members
  • Pip
  • Newbie
  • 7 posts

Posted 11 August 2006 - 09:22 PM

Just a little bump as it's almost on page 2

#3 KittyKate

KittyKate
  • Members
  • PipPipPip
  • Advanced Member
  • 32 posts

Posted 11 August 2006 - 10:13 PM

Alright... let's see if I can figure out what you are trying to do...

You have index.php. In the middle of the page somewhere, you are checking if $ad is set... I'm assuming you actually mean $_GET['ad'] with your illustration of it in the location. If it isn't set, you want to give it the value of 'visitor'. Right now, no matter what, you want to print ad.htm.

If ad is set to something else (protected) you want to print something else...

Is the following at all like what you'd like to do, to give other, more knowledgable people a better idea?

<?php
switch ($_GET['ad') {
     case 'visitor':
          print $visitor_code;
          break;
     case 'protected':
          print $protected_code;
          break;
     default:
          header("location: index.php?ad='visitor'");
}
?>

or

<?php
switch ($_GET['ad') {
     case 'protected':
          print $protected_code;
          break;
     case 'visitor':
          print "<!-- Ad=visitor is set -->";
     default:
          print $visitor_code;
          break;
}
?>

PHP Version 4.3.2
MySQL version unknown (greater or equal to 3.23)

#4 ToasterKing

ToasterKing
  • New Members
  • Pip
  • Newbie
  • 7 posts

Posted 11 August 2006 - 10:58 PM

I should have posted this link as well: http://www.apex-deus.org/v2/
Each menu button you click on just loads the page between the header and footer graphics really. This way the entire page doesn't need to be reloaded.. obviously.. but you guys already know that heh. Anyway. All the .htm files are in the same directory so no problem. But, I want to make some pages password protected. In order to do this I need to move them into another directory and change the .htaccess but I don't know what the url would be to call the page in the protected directory. Better example being..

http://www.apex-deus.../v2/?ad=warfare (warfare.htm is not in the protected directory)
vs
http://www.apex-deus.../v2/?ad=??????? (warfare.htm is in the protected directory)

Just not sure what url I would use to get the page since it's in a different directory. I know you guys get the "I don't know php but I'm trying" thing. I really appreciate everyones patience.

#5 mainewoods

mainewoods
  • Members
  • PipPipPip
  • Advanced Member
  • 685 posts
  • LocationMaine

Posted 12 August 2006 - 01:12 AM

What you're doing is a potential security risk:
http://www.php.net/m....filesystem.php

#6 raza.shahzad

raza.shahzad
  • Members
  • PipPip
  • Member
  • 23 posts

Posted 12 August 2006 - 01:50 AM

want to make some pages password protected. In order to do this I need to move them into another directory and change the .htaccess

dear friend,
in my opinion you can use this on top of you pages

if ($password != "abcxyz") {
echo "error, unauthenticated user";
exit();
} else {
the body of your webpage
}

and to access the page properly you need to use the following
http://www.abcdomain...password=abcxyz
don't tell the password to anyone.

#7 ToasterKing

ToasterKing
  • New Members
  • Pip
  • Newbie
  • 7 posts

Posted 12 August 2006 - 05:21 AM

What you're doing is a potential security risk:
http://www.php.net/m....filesystem.php


I understand. Thank you.

#8 ToasterKing

ToasterKing
  • New Members
  • Pip
  • Newbie
  • 7 posts

Posted 12 August 2006 - 05:23 AM

want to make some pages password protected. In order to do this I need to move them into another directory and change the .htaccess

dear friend,
in my opinion you can use this on top of you pages

if ($password != "abcxyz") {
echo "error, unauthenticated user";
exit();
} else {
the body of your webpage
}

and to access the page properly you need to use the following
http://www.abcdomain...password=abcxyz
don't tell the password to anyone.


Problem with this is anyone can download the page with GetRight or FlashGet and the password will be in the html. Or, so I gather.

#9 corbin

corbin
  • Staff Alumni
  • Advanced Member
  • 8,129 posts

Posted 12 August 2006 - 06:00 AM

Uhhh no it shouldnt be.  On the ad = X thing you should add the line
$ad = str_replace("../", "", $ad);
$ad = str_replace("/", "", $ad);
some where once $ad is defined...
Why doesn't anyone ever say hi, hey, or whad up world?

#10 ToasterKing

ToasterKing
  • New Members
  • Pip
  • Newbie
  • 7 posts

Posted 12 August 2006 - 06:44 AM

Uhhh no it shouldnt be.  On the ad = X thing you should add the line
$ad = str_replace("../", "", $ad);
$ad = str_replace("/", "", $ad);
some where once $ad is defined...


Hate to seem ignorant but I don't understand.

By the way thank you raza.shahzad and everyone else for responding.

#11 corbin

corbin
  • Staff Alumni
  • Advanced Member
  • 8,129 posts

Posted 12 August 2006 - 06:47 AM

It shouldnt matter since you automatically append the .htm, but in the future if you ever wanted to change that to a different extension or something it could create issues since someone could edit their url in their browser and make it something like ?ad=../../yousecretfile.php
Why doesn't anyone ever say hi, hey, or whad up world?

#12 ToasterKing

ToasterKing
  • New Members
  • Pip
  • Newbie
  • 7 posts

Posted 12 August 2006 - 06:50 AM

So what you're saying is I can use the suggestion from raza.shahzad post and still keep my password secret? Speaking of which.. and again, really hate to seem ignorant but where would the actual 'password' go in that script? Because it seems like:

if ($password != "abc123") {
echo "error, unauthenticated user";
exit();
} else {

Where abc123 is my password but then I would use
http://www.apex-deus...password=abc123 (ehh.. the password should be in the url?)

Somehow I'm not picking it up. Once again appreciate the patience of everyone.

#13 corbin

corbin
  • Staff Alumni
  • Advanced Member
  • 8,129 posts

Posted 12 August 2006 - 07:19 AM

Ummmm no actually thats not what i meant... And on the sense of password protecting files... I would just use a very very simple login script...
Why doesn't anyone ever say hi, hey, or whad up world?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users