cloudll Posted May 16, 2012 Share Posted May 16, 2012 Hi guys, for a long time now I have been using the same block of code to include my content pages into my layout, I understand what it does as a whole, but I have never understood what the individual parts do, could someone explain the main parts please. Thanks. here's the code: <?php if (isset($_GET['page'])) { if (strpos($_GET['page'], "/")) { $direc = substr(str_replace('..', '', $_GET['page']), 0, strpos($_GET['page'], "/")) . "/"; $file = substr(strrchr($_GET['page'], "/"), 1); if (file_exists($direc.$file.".php")) { require($direc.$file.".php"); } else { require("error.php"); } } else { if (file_exists(basename($_GET['page']).".php")) { require(basename($_GET['page']).".php"); } else { require("error.php"); } } } else { require("default.php"); } ?> Link to comment https://forums.phpfreaks.com/topic/262633-could-someone-explain-what-this-code-does/ Share on other sites More sharing options...
smoseley Posted May 16, 2012 Share Posted May 16, 2012 It's router code. It does this: Gets the ?page= param from your querystring, Checks to see if the page has a forward-slash in it If so, gets the first part of the requested page as $direc (e.g. 'foo/bar' would give a $direc of 'foo/') Then gets the $file as everything after the "/" Then checks to see if the file exists as "foo/bar.php" If so, includes it Else, includes an error If nothign was provided, includes a default php script PS - it's kind of crappy router code... you could improve on it a lot. There are some major security holes in this script. Link to comment https://forums.phpfreaks.com/topic/262633-could-someone-explain-what-this-code-does/#findComment-1346080 Share on other sites More sharing options...
cloudll Posted May 16, 2012 Author Share Posted May 16, 2012 Thanks for explaining that oh, I never knew that, I originally chose it because the tutorial said it was a safe way to include my pages. Could you tell me the parts that are not safe please? Link to comment https://forums.phpfreaks.com/topic/262633-could-someone-explain-what-this-code-does/#findComment-1346091 Share on other sites More sharing options...
smoseley Posted May 16, 2012 Share Posted May 16, 2012 well, require($direc.$file.".php"); allows people to include any php relative to your include path, or relative to root. if you made it relative to a given dir, it would be better, so if you had a dir structure like this: /var/www/myapp/www/index.php - your router /var/www/myapp/pages/ - your include path /var/www/myapp/pages/section/action.php - an example of a php file to include So assume I request ?page=section/action Then in index.php, do this: <?php // Get the absolute path to the "pages" dir (in this case it's "/var/www/myapp/pages/") $dirname = dirname(dirname(__FILE__)) . "/pages/"; if (isset($_GET['page'])) { // Remove any invalid character $page = strtolower(preg_replace("/[^a-z0-9\-\_\/]+/g", "", $_GET['page'])); // Get the filepath $filepath = ""; if (strpos($page, "/")) { $filepath = substr($page, 0, strpos($page, "/")) . "/" . substr(strrchr($page, "/"), 1); } else { $filepath = basename($page); } // If the file exists in the "pages" dir, use it, else use "pages/error.php" if (file_exists("{$dirname}{$filepath}.php")) { require("{$dirname}{$filepath}.php"); } else { require("{$dirname}error.php"); } } else { // If no file was requested, use "pages/default.php" require("{$dirname}default.php"); } ?> Link to comment https://forums.phpfreaks.com/topic/262633-could-someone-explain-what-this-code-does/#findComment-1346118 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.