ToasterKing Posted August 11, 2006 Share Posted August 11, 2006 I honestly would have searched but I don't even know what I'm looking for. It's simple, but explaining it (for me) is complicated so I'll try to just explain it visually. I have an index page with this.---img text, etc html-- <?phpif(!$ad || $ad == ""){$ad = "visitors";} ?> <?php include("$ad.htm"); ?>--img text, etc html--So my links look like: http://www.mysite.com/?ad=visitorsBut I want to put some files in a protected folder like: http://www.mysite.com/protected/secret.htmWhat url would I use to load that up properly so the page comes between my img text, etc html? Or should I just copy and paste my index.php into the protected zone and use the same php code but this way I can just do a http://www.mysite.com/protected/?ad=secretVery sorry if that doesn't make any sense, tried to explain it the best way I could. If I posted this incorrectly I'll gladly rewrite it according to any rules I missed (and I did read the rules). Thank you to anyone who can answer whenever you get around to it. Quote Link to comment Share on other sites More sharing options...
ToasterKing Posted August 11, 2006 Author Share Posted August 11, 2006 Just a little bump as it's almost on page 2 Quote Link to comment Share on other sites More sharing options...
KittyKate Posted August 11, 2006 Share Posted August 11, 2006 Alright... let's see if I can figure out what you are trying to do...You have index.php. In the middle of the page somewhere, you are checking if $ad is set... I'm assuming you actually mean $_GET['ad'] with your illustration of it in the location. If it isn't set, you want to give it the value of 'visitor'. Right now, no matter what, you want to print ad.htm. If ad is set to something else (protected) you want to print something else...Is the following at all like what you'd like to do, to give other, more knowledgable people a better idea?[code]<?phpswitch ($_GET['ad') { case 'visitor': print $visitor_code; break; case 'protected': print $protected_code; break; default: header("location: index.php?ad='visitor'");}?>[/code]or[code]<?phpswitch ($_GET['ad') { case 'protected': print $protected_code; break; case 'visitor': print "<!-- Ad=visitor is set -->"; default: print $visitor_code; break;}?>[/code] Quote Link to comment Share on other sites More sharing options...
ToasterKing Posted August 11, 2006 Author Share Posted August 11, 2006 I should have posted this link as well: http://www.apex-deus.org/v2/Each menu button you click on just loads the page between the header and footer graphics really. This way the entire page doesn't need to be reloaded.. obviously.. but you guys already know that heh. Anyway. All the .htm files are in the same directory so no problem. But, I want to make some pages password protected. In order to do this I need to move them into another directory and change the .htaccess but I don't know what the url would be to call the page in the protected directory. Better example being..http://www.apex-deus.org/v2/?ad=warfare (warfare.htm is not in the protected directory)vshttp://www.apex-deus.org/v2/?ad=??????? (warfare.htm [b]is[/b] in the protected directory)Just not sure what url I would use to get the page since it's in a different directory. I know you guys get the "I don't know php but I'm trying" thing. I really appreciate everyones patience. Quote Link to comment Share on other sites More sharing options...
mainewoods Posted August 12, 2006 Share Posted August 12, 2006 What you're doing is a potential security risk:http://www.php.net/manual/en/security.filesystem.php Quote Link to comment Share on other sites More sharing options...
raza.shahzad Posted August 12, 2006 Share Posted August 12, 2006 [quote]want to make some pages password protected. In order to do this I need to move them into another directory and change the .htaccess[/quote]dear friend,in my opinion you can use this on top of you pages[quote]if ($password != "abcxyz") {echo "error, unauthenticated user";exit();} else {the body of your webpage}[/quote]and to access the page properly you need to use the followinghttp://www.abcdomain.com/anyfile.php?password=abcxyzdon't tell the password to anyone. Quote Link to comment Share on other sites More sharing options...
ToasterKing Posted August 12, 2006 Author Share Posted August 12, 2006 [quote author=mainewoods link=topic=103908.msg414321#msg414321 date=1155345138]What you're doing is a potential security risk:http://www.php.net/manual/en/security.filesystem.php[/quote]I understand. Thank you. Quote Link to comment Share on other sites More sharing options...
ToasterKing Posted August 12, 2006 Author Share Posted August 12, 2006 [quote author=raza.shahzad link=topic=103908.msg414341#msg414341 date=1155347427][quote]want to make some pages password protected. In order to do this I need to move them into another directory and change the .htaccess[/quote]dear friend,in my opinion you can use this on top of you pages[quote]if ($password != "abcxyz") {echo "error, unauthenticated user";exit();} else {the body of your webpage}[/quote]and to access the page properly you need to use the followinghttp://www.abcdomain.com/anyfile.php?password=abcxyzdon't tell the password to anyone.[/quote]Problem with this is anyone can download the page with GetRight or FlashGet and the password will be in the html. Or, so I gather. Quote Link to comment Share on other sites More sharing options...
corbin Posted August 12, 2006 Share Posted August 12, 2006 Uhhh no it shouldnt be. On the ad = X thing you should add the line$ad = str_replace("../", "", $ad);$ad = str_replace("/", "", $ad);some where once $ad is defined... Quote Link to comment Share on other sites More sharing options...
ToasterKing Posted August 12, 2006 Author Share Posted August 12, 2006 [quote author=corbin link=topic=103908.msg414428#msg414428 date=1155362409]Uhhh no it shouldnt be. On the ad = X thing you should add the line$ad = str_replace("../", "", $ad);$ad = str_replace("/", "", $ad);some where once $ad is defined...[/quote]Hate to seem ignorant but I don't understand.By the way thank you raza.shahzad and everyone else for responding. Quote Link to comment Share on other sites More sharing options...
corbin Posted August 12, 2006 Share Posted August 12, 2006 It shouldnt matter since you automatically append the .htm, but in the future if you ever wanted to change that to a different extension or something it could create issues since someone could edit their url in their browser and make it something like ?ad=../../yousecretfile.php Quote Link to comment Share on other sites More sharing options...
ToasterKing Posted August 12, 2006 Author Share Posted August 12, 2006 So what you're saying is I can use the suggestion from raza.shahzad post and still keep my password secret? Speaking of which.. and again, really hate to seem ignorant but where would the actual 'password' go in that script? Because it seems like:if ($password != "abc123") {echo "error, unauthenticated user";exit();} else {Where [b]abc123[/b] is my password but then I would usehttp://www.apex-deus.org/index.php?password=abc123 (ehh.. the password should be in the url?)Somehow I'm not picking it up. Once again appreciate the patience of everyone. Quote Link to comment Share on other sites More sharing options...
corbin Posted August 12, 2006 Share Posted August 12, 2006 Ummmm no actually thats not what i meant... And on the sense of password protecting files... I would just use a very very simple login script... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.