Jump to content

Archived

This topic is now archived and is closed to further replies.

AbydosGater

Is There A Tutorial For...

Recommended Posts

Hi,
I have seen on many sites,
where you have your index, and then that one file can act as many pages?
IE: index.php?page=index or index.php?page=news

for example www.sourcegate.org , see most of the pages are all in the index file,

Does anyone know any tutorials for doing this?
This would be a great help!

Thank you

Share this post


Link to post
Share on other sites
Although I don't have a tutorial for you...
It pretty much is just inputting a global variable to use in your site.

<?php
echo ("My Website");
...blah blah blah...
include ($page.".php");
?>

Probably no help at all :p buts it's not that hard to learn all by yourself.
And there is obviously alot you not only can do, but should do, in terms of security.

Share this post


Link to post
Share on other sites
Well i had though of that,
and wrote my script,

[code]
<html>
<head>
<title>testing vars</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

    <?php
    //Checking page vars ) if none, making 'INDEX'
    if (empty($page))
    {
    $page = "index";
    } else {
    require("$page.php");
    print "this should work";
    };
    //End Checking page vars ) if none, making 'INDEX'    
    ?>
</body>
</html>
[/code]


right, and in the url i would have ".../index.php?page=pagename"
and if there was no ?page=... The variable page was assigned the value of "index"

but that does not work?
Do you know why?

Share this post


Link to post
Share on other sites
Because there is no variable $page.
[code]
<?php
    
  if (!isset($_GET['page'])) {
    $page = "index";
  } else {
    require($_GET['page'].".php");
    print "this should work";
  };
  
?>
[/code]
And for securities sake, you best do some checking on this line....

require($_GET['page'].".php");

This opens a whole can of worms in relation t security.

Share this post


Link to post
Share on other sites
Because there is no variable $page.
[code]
<?php
    
  if (!isset($_GET['page'])) {
    $page = "index";
  } else {
    require($_GET['page'].".php");
    print "this should work";
  };
  
?>
[/code]
And for securities sake, you best do some checking on this line....

require($_GET['page'].".php");

This opens a whole can of worms in relation t security.

Share this post


Link to post
Share on other sites
Ok,
Thanks,
and what do you mean security?
what could happen?
what are the risks?

I am going to limit it to the number of values,

[code]
if ($myvar != 'value1' || $myvar != 'value2' || $myvar != 'value3' || $myvar != 'value4'
    {
    $myvar = "index"
     }
[/code]

Like so, will that help?

Share this post


Link to post
Share on other sites
You need to validate that the file your going to [i]require[/i] exists, and that you know what it is. The way you have it at the moment, I could run ANY script I like on YOUR server. Delete your database / website, lock yoiu out.... whatever.

Share this post


Link to post
Share on other sites
Yeah
I know,
BUT your cant run any script if i use...


[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
if ($myvar != 'value1' || $myvar != 'value2' || $myvar != 'value3' || $myvar != 'value4'
{
$myvar = "index"
}
[/quote]

Because, if the $page is not one of the values i allow, then it is just given the value "index"

Would this work to help security?

Share this post


Link to post
Share on other sites
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Would this work to help security?[/quote]
Yes it would. I was just making sure you knew what was happening.

Share this post


Link to post
Share on other sites
Yea,
I dont want people just changing $page to be a link to any script!:P

And i understand how you could delete my databases with a script,
But Woulnt you need my username and password?
and how could you delete my whole site?
you need passwords!?????

Share this post


Link to post
Share on other sites
I could easily write a script that retrieved all your source code from your site, somewhere in there your database pass / user would (most likely) exist, then login and delete your data. Removing the site is just a matter of writting a script to delete all your files. Locking you out from a shared server might be a little more work, but dont push fate.

Share this post


Link to post
Share on other sites
Ok, well as long as...

[code]
if ($myvar != 'value1' || $myvar != 'value2' || $myvar != 'value3' || $myvar != 'value4'
{
$myvar = "index"
}
[/code]

..This Works, i should be fine?

Share this post


Link to post
Share on other sites
Ok, i made a quick page for testing this!
www.stargate.hostyw.com/testing.php
Within the table on this page is the following...
[code]
<?PHP

    //Checking page vars ) if none, making 'INDEX'
  if (!isset($_GET['page'])) {
    $page = "index";
  } else {
    require($_GET['page'].".php");
    print "this should work";
  };
  

    //End Checking page vars ) if none, making 'INDEX'    
    ?>
[/code]

ok and this seams to work, kinda, if you go to www.stargate.hostyw.com/testing.php?page=index it works

but the lines of the IF statement are not working, when you go to the www.stargate.hostyw.com/testing.php file no vars in the url, you just get a page, not require, it does not make $page = "index"

[code]
  if (!isset($_GET['page'])) {
    $page = "index";
  }
[/code]


ok and there is something wrong with my last bit of security...

[code]
if ($page != 'index' || $myvar != 'password' || $myvar != 'value3' || $myvar != 'value4')
    {
    $page = "index";
     };
[/code]

Because if you type in something stupid in the domain like, www.stargate.hostyw.com/testing.php?page=PIZZA

it just shows the html of the page, it does not reset to index!

Can anyone see why these problems are occuring?
Thank You So Much
Andrew Butler

Share this post


Link to post
Share on other sites
Ok,
I think this topic is getting a bit big, and has gone onto a different subject then a tutorial
so you can reply at

[a href=\"http://www.phpfreaks.com/forums/index.php?showtopic=89115\" target=\"_blank\"]HERE[/a]

Share this post


Link to post
Share on other sites
you need to use AND (&&) not OR:

[code]
if ($page != 'index' && $myvar != 'password' && $myvar != 'value3' && $myvar != 'value4')
{
   $page = "index";
};
[/code]

the way you had it before would pretty much result ANYTHING to index, even the values you're checking

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.