Jump to content

Recommended Posts

Hello everyone,

 

My question is how can i change up the content of a page without changing the page layout / style...

 

Example, i have a layout for a site and the only thing that i want to be change is the content that is in a div element.. so its...

<div id='header'>My logo </div> 
<div id='content'>content of page</div>
<div id='footer'>Stuff that goes in a footer</div>

 

and instead of re-adding the code for the header and footer, how can i just change the content area? Im not sure but i think you can do it with the get method.. so its something like www.mysite.com/index.php?app=members&module=login or something like that, which ONLY change the what is in the content div...

Link to comment
https://forums.phpfreaks.com/topic/266797-get-method-question/
Share on other sites

There's two things to think about here: dynamically loading a page, and dynamically adding content to a page. Dynamically loading a page is pretty easy. At a basic level, this is all you need:

<?php

// if there is no module, use "news" as default
$module = isset($_GET['module']) ? $_GET['module'] : 'news';

// define an array of acceptable modules
$valid_modules = array(
'news'    => 'news.php',
'members' => 'members.php',
'forums'  => 'forums.php',
'contact' => 'contact.php',
'about'   => 'about.php'
);

// make sure the module is in the list
// and that the file exists
if (!in_array($module, $valid_modules)
|| !file_exists($valid_modules[$module]))
{
// send 404 header
header('HTTP/1.1 404 Not Found');
die('<h1>404 - Page Not Found</h1>');
}

// get the page content
ob_start();
include $valid_modules[$module];
$content = ob_get_clean();

// output the page
echo '<!DOCTYPE html>
<html>
<head></head>
<body>
<div id="header">My logo</div>
<div id="content">' . $content . '</div>
<div id="footer">Stuff that goes in a footer</div>
</body>
</html>';

 

So basically, your website would funnel through index.php. If no module is defined from GET, then "news" is used as a default. If a module is defined, the script will make sure that the module exists in the "valid" list (to prevent a local/remote file inclusion attack). If the module does not exist in the valid list, or the module file does not exist, a "404 Not Found" header is sent and the script is terminated. If this check is passed then the module file is included, loaded into a buffer and then into the $content variable, which is later added to the page markup.

 

Then, all you have to do is create the module files (like "news.php", "members.php" and so forth) and add some content.

Link to comment
https://forums.phpfreaks.com/topic/266797-get-method-question/#findComment-1367720
Share on other sites

While I'm in agreement with scootstah on just about everything he posted, there are some minor details I'd do differently.

 

First of all I wouldn't have relied upon output buffering to trap content, but I'd make sure to write the included code properly the first time around. Which means either using file_get_contents () if the included content is purely client-side, or using variables to retain output for later printing. (No echo or any other functions that send content to the browser, in other words).

Secondly, I'd leave the HTML code as pure HTML instead of wrapping it inside a echo statement and PHP string. Not only is it unnecessary to do so, but it'll also make things more difficult as it obscures the HTML code from the editor. Not to mention that you'd have to escape all single-quotes, or you'd get PHP syntax errors.

 

Which means, that I'd use the following code, which allows for both pure HTML and PHP content to be included:

<?php

/**
* Checks if the chosen module is valid for inclusion, and returns the
* folder in which the file resides.
* 
* $module will be checked agains the keys of $validModules to ensure validity.
* Should there be two files with the same name, the function will place a
* precedence on PHP files over HTML files.
* 
* Returns false if module is invalid, and the name of the folder if not.
* 
* @param string $module
* @param array $validModules
* @return mixed
*/
function check_include ($module, $validModules) {
// Ensure that the chosen module is a valid module to be included.
if (!isset ($validModules[$module])) {
	return false;
}

// Get the name of the file.
$file = $validModules[$module];

// Check for PHP files first, as they can include the HTML files on their own.
if (file_exists ("php/$file")) {
	return 'php/';
}

// If no PHP file exists, then check for a pure HTML file.
if (file_exists ("html/$file")) {
	return 'html/';
}

// No file found.
return false;
}

// if there is no module, use "news" as default
$module = isset($_GET['module']) ? $_GET['module'] : 'news';

// define an array of acceptable modules
$validModules = array(
'news'    => 'news.php',
'members' => 'members.php',
'forums'  => 'forums.php',
'contact' => 'contact.php',
'about'   => 'about.php'
);

// Validate filename, and get correct path to the file.
if (!$folder = check_include ($module, $validModules)) {
// send 404 header
header('HTTP/1.1 404 Not Found');
die('<h1>404 - Page Not Found</h1>');
}

// First include any PHP content
if ($folder == 'php/') {
include ($folder.$validModules[$module]);
}

// Then read and add any HTML content to the output.
if ($folder == 'html/') {
$content .= file_get_contents ($folder.$file);
}

// output the page
?>
<!DOCTYPE html>
<html>
<head></head>
<body>
<div id="header">My logo</div>
<div id="content"><?php  echo $content; ?></div>
<div id="footer">Stuff that goes in a footer</div>
</body>
</html>

 

Do note that this code isn't quite optimal, but it's a good starting point. Normally I'd use a template engine to deal with the HTML content, but I suggest learning a bit more about basic PHP before taking that step. ;)

I've also left a bug in there for you to hunt down, as a little exercise on how the code works.

 

Also note how, while we're not using any explicit input validation on $module, it is none the less validated via the $validModules array. Not to mention the fact that we never use it directly, but consistently use it as a key value in the $validModules array to get the proper filename.

This is to prevent an attacker from being able to include any arbitrary file on your server, including files outside of your web root.

Link to comment
https://forums.phpfreaks.com/topic/266797-get-method-question/#findComment-1367760
Share on other sites

Ok thanks, I figured it out!.

 

However i ran to some trouble :/.

 

1. How would i be able run scripts inside of a folder. Example....

 

In my directory i have the following folders apps=>members=>modules=>login.inc.php... and i want it to work like this...

- www.mysite.com/index.php?app=members&modules=login , which would go the login page.

-From their once the user click login, it goes to mysite.com/index.php?app=members&modules=processing ... if it works then go back to the login page, if it goes there then go to the users account page.

 

But i think their is a easier way in doing this, because most webpages have it where if the user want to go to their page then they can just go to mysite.com/account or mysite.com/members/account...

 

my thing with that is how can i do that by using dynamic pages because those webpages just change the content but not the layout. For right now i understand ....

        $app_dir = 'app';
$apps = scandir($app_dir,0);
unset($apps[0],$apps[1]);

$app = $_GET['app'];

if(in_array($app ,$apps))
{
//This is the part that im having trouble with! I can echo out if the file exist, but i do not know how to go inside a folder then check the module. 
}

 

2. In each of my folders (that's isnt an application and which the user should not go in, like a config folder) and i include a index.php in it which should redirect the user to the home page. However this doesn't happen, it just get rid of my layout and keep the content that is suppose to be on my home page.

 

3. Do i have to do configuration for my wamp server in order to get .htaccess files to work? Its giving me an internal error 500 when i try to do a 404 redirect.

 

Link to comment
https://forums.phpfreaks.com/topic/266797-get-method-question/#findComment-1367852
Share on other sites

It is important to understand that the URL does not have to directly map to a directory structure. You don't need an entire directory for every URI segment.

 

1. How would i be able run scripts inside of a folder. Example....

 

I think your terminology is a little weird (the way you are using "app" and "modules"), but I think I know what you mean. I assume that "app" refers to a page, and "module" refers to sections within that page. If that is the case, here is a basic example. For simplicity's sake, the routing part of this example is going to be much less code, and does not take any security into consideration, as it is not the focus of my example. However, feel free to tie it into the examples that ChristianF and I wrote above.

 

directory structure:

/
  apps/
      member.php


  index.php

 

index.php

<?php

// get the app from the query string
$app = $_GET['app'];

// include the app file
// NEVER DO THIS IN PRODUCTION
// IT IS AN EXAMPLE ONLY
// AND IS OPEN TO SECURITY VULNERABILITIES
if (file_exists($file = 'apps/' . $app . '.php')) {
include $file;
}

 

apps/member.php

<?php

$module = $_GET['module'];

switch($module)
{
case "login":
	// login form here
break;

case "process":
	// process the login
break;

case "profile";
	// member profile here
break;

default:
	// if no module was given
break;
}

 

URLs:

http://example.com/index.php?app=member

http://example.com/index.php?app=member&module=login

http://example.com/index.php?app=member&module=process

http://example.com/index.php?app=member&module=profile

 

 

This is a very basic way to do what I think you are trying to do. There are more complicated ways to do it, which will better organize things and make things less redundant. But, this illustrates the basic principle. Again, this code is by no means secure.

 

 

2. In each of my folders (that's isnt an application and which the user should not go in, like a config folder) and i include a index.php in it which should redirect the user to the home page. However this doesn't happen, it just get rid of my layout and keep the content that is suppose to be on my home page

 

You can use .htaccess to disable access to a directory.

Order Deny,Allow
Deny from all

 

 

3. Do i have to do configuration for my wamp server in order to get .htaccess files to work? Its giving me an internal error 500 when i try to do a 404 redirect.

 

What are the contents of your .htaccess, and what is the error message? Check Apache's error.log file to find the error.

Link to comment
https://forums.phpfreaks.com/topic/266797-get-method-question/#findComment-1367855
Share on other sites

Well thank you! I was making it too complicated by have a members folder inside a folder called app, then inside the members folder i would have another folder called module. I knew that their was a simple way in doing this. But you mention that using a switch statement isn't a very safe method to practice. Can you provide a link on a more secure way to do this? PS i tried google and all it do is bring me to either the same material that doesn't help or some complicated stuff.

 

Link to comment
https://forums.phpfreaks.com/topic/266797-get-method-question/#findComment-1367892
Share on other sites

But you mention that using a switch statement isn't a very safe method to practice.

 

The switch statement isn't the issue. What you should be doing to stay secure is validating the input. In the example I just gave you, I didn't validate input, and so this is a huge security risk:

if (file_exists($file = 'apps/' . $app . '.php')) {
include $file;
}

 

The reason it is a security risk is because an attacker can traverse the file system in any way that he wants and include any file. So, files that are outside of the docroot that should be inaccessible, are, in fact accessible.

 

So, to combat this, take advantage of the code I posted in my first reply. In this code, I am checking that the input matches an array of valid modules. So, only the array of valid modules will ever get loaded, and no LFI attacks will work. If the input is not one of the valid modules, it will terminate the script and output "Page Not Found".

// if there is no module, use "news" as default
$module = isset($_GET['module']) ? $_GET['module'] : 'news';

// define an array of acceptable modules
$valid_modules = array(
'news'    => 'news.php',
'members' => 'members.php',
'forums'  => 'forums.php',
'contact' => 'contact.php',
'about'   => 'about.php'
);

// make sure the module is in the list
// and that the file exists
if (!in_array($module, $valid_modules)
|| !file_exists($valid_modules[$module]))
{
// send 404 header
header('HTTP/1.1 404 Not Found');
die('<h1>404 - Page Not Found</h1>');
}

Link to comment
https://forums.phpfreaks.com/topic/266797-get-method-question/#findComment-1367915
Share on other sites

Ok thanks.

 

So i decided to do the switch statement under my members.php page... but of course something isn't working. The issue im getting is that when the 'module' = anything, then its using the case "login"... Example. If i type mysite.com/index.php?app=members&module=logout then its shows the form for mysite.com/index.php?app=members&module=login...

 

I do however have a default case, and that ONLY works when no module is selected.. So only when its mysite.com/index.php?app=members..

 

<?php

$module = isset($_GET['module']);

switch($module)
{

case "login":
echo "
<table>
<form action='includes/process_members.php?action=login' method='post'>
<tr>
<td>Username: </td>
<td><input type='text' name='username'></td>
</tr>

<tr>
<td>Password: </td>
<td><input type='password' name='password'></td>
</tr>

<tr>
<td><input type='submit' name='submit' value='login'></td>
</tr>
</form>
</table>
";
break;

case "logout":
header("location: includes/process_members?action=logout");
break;

default:
echo "<h1>Default Page!</h1>";
break;
}

?>

Link to comment
https://forums.phpfreaks.com/topic/266797-get-method-question/#findComment-1367973
Share on other sites

Oops, I overlooked that before. It looks like you tried to copy the ternary statement that I used, but didn't copy the whole thing.

So change to: $module = isset($_GET['module']) ? $_GET['module'] : '';

 

You can put a default module instead of an empty string if you want, but if you use an empty string you can just run the default: block in the switch statement.

Link to comment
https://forums.phpfreaks.com/topic/266797-get-method-question/#findComment-1367986
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.