Jump to content

Archived

This topic is now archived and is closed to further replies.

ToasterKing

Calling pages from another directory

Recommended Posts

I honestly would have searched but I don't even know what I'm looking for. It's simple, but explaining it (for me) is complicated so I'll try to just explain it visually. I have an index page with this.

---img text, etc html--

      <?php
if(!$ad || $ad == ""){$ad = "visitors";} ?>
      <?php include("$ad.htm"); ?>

--img text, etc html--

So my links look like: http://www.mysite.com/?ad=visitors
But I want to put some files in a protected folder like: http://www.mysite.com/protected/secret.htm
What url would I use to load that up properly so the page comes between my img text, etc html? Or should I just copy and paste my index.php into the protected zone and use the same php code but this way I can just do a http://www.mysite.com/protected/?ad=secret

Very sorry if that doesn't make any sense, tried to explain it the best way I could. If I posted this incorrectly I'll gladly rewrite it according to any rules I missed (and I did read the rules). Thank you to anyone who can answer whenever you get around to it.

Share this post


Link to post
Share on other sites
Alright... let's see if I can figure out what you are trying to do...

You have index.php. In the middle of the page somewhere, you are checking if $ad is set... I'm assuming you actually mean $_GET['ad'] with your illustration of it in the location. If it isn't set, you want to give it the value of 'visitor'. Right now, no matter what, you want to print ad.htm.

If ad is set to something else (protected) you want to print something else...

Is the following at all like what you'd like to do, to give other, more knowledgable people a better idea?

[code]<?php
switch ($_GET['ad') {
    case 'visitor':
          print $visitor_code;
          break;
    case 'protected':
          print $protected_code;
          break;
    default:
          header("location: index.php?ad='visitor'");
}
?>[/code]

or

[code]<?php
switch ($_GET['ad') {
    case 'protected':
          print $protected_code;
          break;
    case 'visitor':
          print "<!-- Ad=visitor is set -->";
    default:
          print $visitor_code;
          break;
}
?>[/code]

Share this post


Link to post
Share on other sites
I should have posted this link as well: http://www.apex-deus.org/v2/
Each menu button you click on just loads the page between the header and footer graphics really. This way the entire page doesn't need to be reloaded.. obviously.. but you guys already know that heh. Anyway. All the .htm files are in the same directory so no problem. But, I want to make some pages password protected. In order to do this I need to move them into another directory and change the .htaccess but I don't know what the url would be to call the page in the protected directory. Better example being..

http://www.apex-deus.org/v2/?ad=warfare (warfare.htm is not in the protected directory)
vs
http://www.apex-deus.org/v2/?ad=??????? (warfare.htm [b]is[/b] in the protected directory)

Just not sure what url I would use to get the page since it's in a different directory. I know you guys get the "I don't know php but I'm trying" thing. I really appreciate everyones patience.

Share this post


Link to post
Share on other sites
What you're doing is a potential security risk:
http://www.php.net/manual/en/security.filesystem.php

Share this post


Link to post
Share on other sites
[quote]want to make some pages password protected. In order to do this I need to move them into another directory and change the .htaccess[/quote]
dear friend,
in my opinion you can use this on top of you pages
[quote]if ($password != "abcxyz") {
echo "error, unauthenticated user";
exit();
} else {
the body of your webpage
}
[/quote]
and to access the page properly you need to use the following
http://www.abcdomain.com/anyfile.php?password=abcxyz
don't tell the password to anyone.

Share this post


Link to post
Share on other sites
[quote author=mainewoods link=topic=103908.msg414321#msg414321 date=1155345138]
What you're doing is a potential security risk:
http://www.php.net/manual/en/security.filesystem.php
[/quote]

I understand. Thank you.

Share this post


Link to post
Share on other sites
[quote author=raza.shahzad link=topic=103908.msg414341#msg414341 date=1155347427]
[quote]want to make some pages password protected. In order to do this I need to move them into another directory and change the .htaccess[/quote]
dear friend,
in my opinion you can use this on top of you pages
[quote]if ($password != "abcxyz") {
echo "error, unauthenticated user";
exit();
} else {
the body of your webpage
}
[/quote]
and to access the page properly you need to use the following
http://www.abcdomain.com/anyfile.php?password=abcxyz
don't tell the password to anyone.
[/quote]

Problem with this is anyone can download the page with GetRight or FlashGet and the password will be in the html. Or, so I gather.

Share this post


Link to post
Share on other sites
Uhhh no it shouldnt be.  On the ad = X thing you should add the line
$ad = str_replace("../", "", $ad);
$ad = str_replace("/", "", $ad);
some where once $ad is defined...

Share this post


Link to post
Share on other sites
[quote author=corbin link=topic=103908.msg414428#msg414428 date=1155362409]
Uhhh no it shouldnt be.  On the ad = X thing you should add the line
$ad = str_replace("../", "", $ad);
$ad = str_replace("/", "", $ad);
some where once $ad is defined...
[/quote]

Hate to seem ignorant but I don't understand.

By the way thank you raza.shahzad and everyone else for responding.

Share this post


Link to post
Share on other sites
It shouldnt matter since you automatically append the .htm, but in the future if you ever wanted to change that to a different extension or something it could create issues since someone could edit their url in their browser and make it something like ?ad=../../yousecretfile.php

Share this post


Link to post
Share on other sites
So what you're saying is I can use the suggestion from raza.shahzad post and still keep my password secret? Speaking of which.. and again, really hate to seem ignorant but where would the actual 'password' go in that script? Because it seems like:

if ($password != "abc123") {
echo "error, unauthenticated user";
exit();
} else {

Where [b]abc123[/b] is my password but then I would use
http://www.apex-deus.org/index.php?password=abc123 (ehh.. the password should be in the url?)

Somehow I'm not picking it up. Once again appreciate the patience of everyone.

Share this post


Link to post
Share on other sites
Ummmm no actually thats not what i meant... And on the sense of password protecting files... I would just use a very very simple login script...

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.