Is There A Tutorial For...

[AbydosGater]

Hi,
I have seen on many sites,
where you have your index, and then that one file can act as many pages?
IE: index.php?page=index or index.php?page=news

for example www.sourcegate.org , see most of the pages are all in the index file,

Does anyone know any tutorials for doing this?
This would be a great help!

Thank you

[Raider2044]

Although I don't have a tutorial for you...
It pretty much is just inputting a global variable to use in your site.

<?php
echo ("My Website");
...blah blah blah...
include ($page.".php");
?>

Probably no help at all :p buts it's not that hard to learn all by yourself.
And there is obviously alot you not only can do, but should do, in terms of security.

[AbydosGater]

Well i had though of that,
and wrote my script,

[code]
<html>
<head>
<title>testing vars</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

    <?php
    //Checking page vars ) if none, making 'INDEX'
    if (empty($page))
    {
    $page = "index";
    } else {
    require("$page.php");
    print "this should work";
    };
    //End Checking page vars ) if none, making 'INDEX'    
    ?>
</body>
</html>
[/code]


right, and in the url i would have ".../index.php?page=pagename"
and if there was no ?page=... The variable page was assigned the value of "index"

but that does not work?
Do you know why?

[trq]

Because there is no variable $page.
[code]
<?php
    
  if (!isset($_GET['page'])) {
    $page = "index";
  } else {
    require($_GET['page'].".php");
    print "this should work";
  };
  
?>
[/code]
And for securities sake, you best do some checking on this line....

require($_GET['page'].".php");

This opens a whole can of worms in relation t security.

[trq]

Because there is no variable $page.
[code]
<?php
    
  if (!isset($_GET['page'])) {
    $page = "index";
  } else {
    require($_GET['page'].".php");
    print "this should work";
  };
  
?>
[/code]
And for securities sake, you best do some checking on this line....

require($_GET['page'].".php");

This opens a whole can of worms in relation t security.

[AbydosGater]

Ok,
Thanks,
and what do you mean security?
what could happen?
what are the risks?

I am going to limit it to the number of values,

[code]
if ($myvar != 'value1' || $myvar != 'value2' || $myvar != 'value3' || $myvar != 'value4'
    {
    $myvar = "index"
     }
[/code]

Like so, will that help?

[trq]

You need to validate that the file your going to [i]require[/i] exists, and that you know what it is. The way you have it at the moment, I could run ANY script I like on YOUR server. Delete your database / website, lock yoiu out.... whatever.

[AbydosGater]

Yeah
I know,
BUT your cant run any script if i use...


[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
if ($myvar != 'value1' || $myvar != 'value2' || $myvar != 'value3' || $myvar != 'value4'
{
$myvar = "index"
}
[/quote]

Because, if the $page is not one of the values i allow, then it is just given the value "index"

Would this work to help security?

[trq]

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Would this work to help security?[/quote]
Yes it would. I was just making sure you knew what was happening.

[AbydosGater]

Yea,
I dont want people just changing $page to be a link to any script!:P

And i understand how you could delete my databases with a script,
But Woulnt you need my username and password?
and how could you delete my whole site?
you need passwords!?????

[trq]

I could easily write a script that retrieved all your source code from your site, somewhere in there your database pass / user would (most likely) exist, then login and delete your data. Removing the site is just a matter of writting a script to delete all your files. Locking you out from a shared server might be a little more work, but dont push fate.

[AbydosGater]

Ok, well as long as...

[code]
if ($myvar != 'value1' || $myvar != 'value2' || $myvar != 'value3' || $myvar != 'value4'
{
$myvar = "index"
}
[/code]

..This Works, i should be fine?

[AbydosGater]

Ok, i made a quick page for testing this!
www.stargate.hostyw.com/testing.php
Within the table on this page is the following...
[code]
<?PHP

    //Checking page vars ) if none, making 'INDEX'
  if (!isset($_GET['page'])) {
    $page = "index";
  } else {
    require($_GET['page'].".php");
    print "this should work";
  };
  

    //End Checking page vars ) if none, making 'INDEX'    
    ?>
[/code]

ok and this seams to work, kinda, if you go to www.stargate.hostyw.com/testing.php?page=index it works

but the lines of the IF statement are not working, when you go to the www.stargate.hostyw.com/testing.php file no vars in the url, you just get a page, not require, it does not make $page = "index"

[code]
  if (!isset($_GET['page'])) {
    $page = "index";
  }
[/code]


ok and there is something wrong with my last bit of security...

[code]
if ($page != 'index' || $myvar != 'password' || $myvar != 'value3' || $myvar != 'value4')
    {
    $page = "index";
     };
[/code]

Because if you type in something stupid in the domain like, www.stargate.hostyw.com/testing.php?page=PIZZA

it just shows the html of the page, it does not reset to index!

Can anyone see why these problems are occuring?
Thank You So Much
Andrew Butler

[AbydosGater]

Ok,
I think this topic is getting a bit big, and has gone onto a different subject then a tutorial
so you can reply at

[a href=\"http://www.phpfreaks.com/forums/index.php?showtopic=89115\" target=\"_blank\"]HERE[/a]

[redbullmarky]

you need to use AND (&&) not OR:

[code]
if ($page != 'index' && $myvar != 'password' && $myvar != 'value3' && $myvar != 'value4')
{
   $page = "index";
};
[/code]

the way you had it before would pretty much result ANYTHING to index, even the values you're checking