Jump to content


Photo

Is There A Tutorial For...


  • Please log in to reply
14 replies to this topic

#1 AbydosGater

AbydosGater
  • Members
  • PipPipPip
  • Advanced Member
  • 435 posts
  • LocationAlways at computer!

Posted 15 March 2006 - 11:38 AM

Hi,
I have seen on many sites,
where you have your index, and then that one file can act as many pages?
IE: index.php?page=index or index.php?page=news

for example www.sourcegate.org , see most of the pages are all in the index file,

Does anyone know any tutorials for doing this?
This would be a great help!

Thank you
www.abydosgaters.com

Current Project: Blog Application.. Undecided name.. Status: Coming along great.

#2 Raider2044

Raider2044
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 15 March 2006 - 12:30 PM

Although I don't have a tutorial for you...
It pretty much is just inputting a global variable to use in your site.

<?php
echo ("My Website");
...blah blah blah...
include ($page.".php");
?>

Probably no help at all :P buts it's not that hard to learn all by yourself.
And there is obviously alot you not only can do, but should do, in terms of security.

#3 AbydosGater

AbydosGater
  • Members
  • PipPipPip
  • Advanced Member
  • 435 posts
  • LocationAlways at computer!

Posted 15 March 2006 - 12:56 PM

Well i had though of that,
and wrote my script,

<html>
<head>
<title>testing vars</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

    <?php 
    //Checking page vars ) if none, making 'INDEX'
    if (empty($page))
    {
    $page = "index";
    } else {
    require("$page.php");
    print "this should work";
    };
    //End Checking page vars ) if none, making 'INDEX'    
    ?>
</body>
</html>


right, and in the url i would have ".../index.php?page=pagename"
and if there was no ?page=... The variable page was assigned the value of "index"

but that does not work?
Do you know why?

www.abydosgaters.com

Current Project: Blog Application.. Undecided name.. Status: Coming along great.

#4 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 15 March 2006 - 01:02 PM

Because there is no variable $page.
<?php 
    
  if (!isset($_GET['page'])) {
    $page = "index";
  } else {
    require($_GET['page'].".php");
    print "this should work";
  };
  
?>
And for securities sake, you best do some checking on this line....

require($_GET['page'].".php");

This opens a whole can of worms in relation t security.

#5 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 15 March 2006 - 01:03 PM

Because there is no variable $page.
<?php 
    
  if (!isset($_GET['page'])) {
    $page = "index";
  } else {
    require($_GET['page'].".php");
    print "this should work";
  };
  
?>
And for securities sake, you best do some checking on this line....

require($_GET['page'].".php");

This opens a whole can of worms in relation t security.

#6 AbydosGater

AbydosGater
  • Members
  • PipPipPip
  • Advanced Member
  • 435 posts
  • LocationAlways at computer!

Posted 15 March 2006 - 01:20 PM

Ok,
Thanks,
and what do you mean security?
what could happen?
what are the risks?

I am going to limit it to the number of values,

if ($myvar != 'value1' || $myvar != 'value2' || $myvar != 'value3' || $myvar != 'value4'
    {
    $myvar = "index"
     }

Like so, will that help?
www.abydosgaters.com

Current Project: Blog Application.. Undecided name.. Status: Coming along great.

#7 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 15 March 2006 - 01:25 PM

You need to validate that the file your going to require exists, and that you know what it is. The way you have it at the moment, I could run ANY script I like on YOUR server. Delete your database / website, lock yoiu out.... whatever.

#8 AbydosGater

AbydosGater
  • Members
  • PipPipPip
  • Advanced Member
  • 435 posts
  • LocationAlways at computer!

Posted 15 March 2006 - 01:59 PM

Yeah
I know,
BUT your cant run any script if i use...


[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
if ($myvar != 'value1' || $myvar != 'value2' || $myvar != 'value3' || $myvar != 'value4'
{
$myvar = "index"
}
[/quote]

Because, if the $page is not one of the values i allow, then it is just given the value "index"

Would this work to help security?
www.abydosgaters.com

Current Project: Blog Application.. Undecided name.. Status: Coming along great.

#9 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 15 March 2006 - 02:25 PM

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Would this work to help security?[/quote]
Yes it would. I was just making sure you knew what was happening.

#10 AbydosGater

AbydosGater
  • Members
  • PipPipPip
  • Advanced Member
  • 435 posts
  • LocationAlways at computer!

Posted 15 March 2006 - 05:20 PM

Yea,
I dont want people just changing $page to be a link to any script!:P

And i understand how you could delete my databases with a script,
But Woulnt you need my username and password?
and how could you delete my whole site?
you need passwords!?????
www.abydosgaters.com

Current Project: Blog Application.. Undecided name.. Status: Coming along great.

#11 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 15 March 2006 - 05:34 PM

I could easily write a script that retrieved all your source code from your site, somewhere in there your database pass / user would (most likely) exist, then login and delete your data. Removing the site is just a matter of writting a script to delete all your files. Locking you out from a shared server might be a little more work, but dont push fate.

#12 AbydosGater

AbydosGater
  • Members
  • PipPipPip
  • Advanced Member
  • 435 posts
  • LocationAlways at computer!

Posted 15 March 2006 - 10:24 PM

Ok, well as long as...

if ($myvar != 'value1' || $myvar != 'value2' || $myvar != 'value3' || $myvar != 'value4'
{
$myvar = "index"
}

..This Works, i should be fine?
www.abydosgaters.com

Current Project: Blog Application.. Undecided name.. Status: Coming along great.

#13 AbydosGater

AbydosGater
  • Members
  • PipPipPip
  • Advanced Member
  • 435 posts
  • LocationAlways at computer!

Posted 23 March 2006 - 06:31 PM

Ok, i made a quick page for testing this!
www.stargate.hostyw.com/testing.php
Within the table on this page is the following...
<?PHP

    //Checking page vars ) if none, making 'INDEX'
  if (!isset($_GET['page'])) {
    $page = "index";
  } else {
    require($_GET['page'].".php");
    print "this should work";
  };
  

    //End Checking page vars ) if none, making 'INDEX'    
    ?>

ok and this seams to work, kinda, if you go to www.stargate.hostyw.com/testing.php?page=index it works

but the lines of the IF statement are not working, when you go to the www.stargate.hostyw.com/testing.php file no vars in the url, you just get a page, not require, it does not make $page = "index"

  if (!isset($_GET['page'])) {
    $page = "index";
  } 


ok and there is something wrong with my last bit of security...

 if ($page != 'index' || $myvar != 'password' || $myvar != 'value3' || $myvar != 'value4')
    {
    $page = "index";
     };

Because if you type in something stupid in the domain like, www.stargate.hostyw.com/testing.php?page=PIZZA

it just shows the html of the page, it does not reset to index!

Can anyone see why these problems are occuring?
Thank You So Much
Andrew Butler
www.abydosgaters.com

Current Project: Blog Application.. Undecided name.. Status: Coming along great.

#14 AbydosGater

AbydosGater
  • Members
  • PipPipPip
  • Advanced Member
  • 435 posts
  • LocationAlways at computer!

Posted 23 March 2006 - 07:14 PM

Ok,
I think this topic is getting a bit big, and has gone onto a different subject then a tutorial
so you can reply at

[a href=\"http://www.phpfreaks.com/forums/index.php?showtopic=89115\" target=\"_blank\"]HERE[/a]
www.abydosgaters.com

Current Project: Blog Application.. Undecided name.. Status: Coming along great.

#15 redbullmarky

redbullmarky
  • Staff Alumni
  • Advanced Member
  • 2,863 posts
  • LocationBedfordshire, England

Posted 23 March 2006 - 07:16 PM

you need to use AND (&&) not OR:

 if ($page != 'index' && $myvar != 'password' && $myvar != 'value3' && $myvar != 'value4')
{
   $page = "index";
};

the way you had it before would pretty much result ANYTHING to index, even the values you're checking
"you have to keep pissing in the wind to learn how to keep your shoes dry..."

I say old chap, that is rather amusing!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users