stefanoperfili Posted April 20, 2007 Share Posted April 20, 2007 Hey, I'm pretty much a beginner and I've never used PHP before. I've got a thing going, ?page=index or ?page=whatever, and it checks to see if the file is there before including it. This worked when I was on my funpic server but now I'm on this new server and it just doesn't! Current PHP version: 5.0.3, on Windows. What other information do I need to provide? Things I've already tried: - Setting file permissions to read - In php.ini ... safe_mode = Off - ini_set('safe_mode', 'Off'); Here's what I've been doing (forgive me if I've pasted anything irrelevant) ... <?php session_start(); error_reporting(E_ALL); require_once("menu.php"); $sidemenu = ""; $bottommenu = ""; $pagedir = "pages"; $datadir = "register"; foreach($links as $page => $text) { $serv1 = $_GET["page"]; if (empty($serv1) || !file_exists($pagedir . "\\" . $serv1 . ".htm")) { $serv1 = "home"; } $sidemenu .= "\n<a href=\"index.php?page={$page}\""; if ($serv1 == $page) { $sidemenu .= " id=\"current\""; } $sidemenu .= ">{$text}</a> "; $bottommenu .= "· <a href=\"index.php?page={$page}\""; if ($serv1 == $page) { $bottommenu .= " id=\"current2\""; } $bottommenu .= ">{$text}</a> "; } $bottommenu .= "·"; $pageindex = $page = isset($_GET["page"]) ? $_GET["page"] : null; if (!$page || $page == "home") { $page = "home.htm"; } else { $page = "{$page}.htm"; } $serv2 = $page; if (!file_exists($pagedir . "\\" . $serv2)) { $page = "home.htm"; } ?> In the body ... <?php include_once($pagedir . "\\" . $page); ?> Menu.php ... <?php $links = array(); //Format: $links["page-name"] = "Link Text"; //Will generate html that looks like <a href="index.php?page=page-name">Link Text</a> //the content will come from page-name.htm $links["home"] = "Home"; $links["upcoming"] = "Upcoming Symposiums"; $links["introd"] = "Introductions"; $links["moreinfo"] = "More Information"; $links["resrc"] = "Resources"; $links["media"] = "In the Media"; $links["contact"] = "Contact Information"; ?> Quote Link to comment Share on other sites More sharing options...
genericnumber1 Posted April 20, 2007 Share Posted April 20, 2007 file_exists() isn't incorrectly returning false... $pagedir . "\\" . $serv2 would translate to be "pages\\home.htm" ... I really don't think that exists. PS this script is grossly insecure Quote Link to comment Share on other sites More sharing options...
dwees Posted April 20, 2007 Share Posted April 20, 2007 Probably a good idea to tell him why its insecure, he did mention he's a newbie. Anyway, you use a $_GET variable which is available for the user to alter in their address bar (but $_POST variables are only slightly harder to spook) and so they can enter whatever they want for the variable. So as a result, you need to consider that variable to be user entered, and strip it of any bad content. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.