AbydosGater Posted March 15, 2006 Share Posted March 15, 2006 Hi,I have seen on many sites, where you have your index, and then that one file can act as many pages?IE: index.php?page=index or index.php?page=newsfor example www.sourcegate.org , see most of the pages are all in the index file,Does anyone know any tutorials for doing this?This would be a great help!Thank you Quote Link to comment https://forums.phpfreaks.com/topic/5026-is-there-a-tutorial-for/ Share on other sites More sharing options...
Raider2044 Posted March 15, 2006 Share Posted March 15, 2006 Although I don't have a tutorial for you...It pretty much is just inputting a global variable to use in your site.<?phpecho ("My Website");...blah blah blah...include ($page.".php");?>Probably no help at all :p buts it's not that hard to learn all by yourself.And there is obviously alot you not only can do, but should do, in terms of security. Quote Link to comment https://forums.phpfreaks.com/topic/5026-is-there-a-tutorial-for/#findComment-17788 Share on other sites More sharing options...
AbydosGater Posted March 15, 2006 Author Share Posted March 15, 2006 Well i had though of that, and wrote my script,[code]<html><head><title>testing vars</title><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></head><body> <?php //Checking page vars ) if none, making 'INDEX' if (empty($page)) { $page = "index"; } else { require("$page.php"); print "this should work"; }; //End Checking page vars ) if none, making 'INDEX' ?></body></html>[/code]right, and in the url i would have ".../index.php?page=pagename"and if there was no ?page=... The variable page was assigned the value of "index"but that does not work?Do you know why? Quote Link to comment https://forums.phpfreaks.com/topic/5026-is-there-a-tutorial-for/#findComment-17792 Share on other sites More sharing options...
trq Posted March 15, 2006 Share Posted March 15, 2006 Because there is no variable $page.[code]<?php if (!isset($_GET['page'])) { $page = "index"; } else { require($_GET['page'].".php"); print "this should work"; }; ?>[/code]And for securities sake, you best do some checking on this line....require($_GET['page'].".php");This opens a whole can of worms in relation t security. Quote Link to comment https://forums.phpfreaks.com/topic/5026-is-there-a-tutorial-for/#findComment-17794 Share on other sites More sharing options...
trq Posted March 15, 2006 Share Posted March 15, 2006 Because there is no variable $page.[code]<?php if (!isset($_GET['page'])) { $page = "index"; } else { require($_GET['page'].".php"); print "this should work"; }; ?>[/code]And for securities sake, you best do some checking on this line....require($_GET['page'].".php");This opens a whole can of worms in relation t security. Quote Link to comment https://forums.phpfreaks.com/topic/5026-is-there-a-tutorial-for/#findComment-17795 Share on other sites More sharing options...
AbydosGater Posted March 15, 2006 Author Share Posted March 15, 2006 Ok,Thanks,and what do you mean security?what could happen?what are the risks?I am going to limit it to the number of values,[code]if ($myvar != 'value1' || $myvar != 'value2' || $myvar != 'value3' || $myvar != 'value4' { $myvar = "index" }[/code]Like so, will that help? Quote Link to comment https://forums.phpfreaks.com/topic/5026-is-there-a-tutorial-for/#findComment-17803 Share on other sites More sharing options...
trq Posted March 15, 2006 Share Posted March 15, 2006 You need to validate that the file your going to [i]require[/i] exists, and that you know what it is. The way you have it at the moment, I could run ANY script I like on YOUR server. Delete your database / website, lock yoiu out.... whatever. Quote Link to comment https://forums.phpfreaks.com/topic/5026-is-there-a-tutorial-for/#findComment-17804 Share on other sites More sharing options...
AbydosGater Posted March 15, 2006 Author Share Posted March 15, 2006 YeahI know,BUT your cant run any script if i use...[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]if ($myvar != 'value1' || $myvar != 'value2' || $myvar != 'value3' || $myvar != 'value4' { $myvar = "index" }[/quote]Because, if the $page is not one of the values i allow, then it is just given the value "index"Would this work to help security? Quote Link to comment https://forums.phpfreaks.com/topic/5026-is-there-a-tutorial-for/#findComment-17812 Share on other sites More sharing options...
trq Posted March 15, 2006 Share Posted March 15, 2006 [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Would this work to help security?[/quote]Yes it would. I was just making sure you knew what was happening. Quote Link to comment https://forums.phpfreaks.com/topic/5026-is-there-a-tutorial-for/#findComment-17821 Share on other sites More sharing options...
AbydosGater Posted March 15, 2006 Author Share Posted March 15, 2006 Yea, I dont want people just changing $page to be a link to any script!:PAnd i understand how you could delete my databases with a script,But Woulnt you need my username and password?and how could you delete my whole site?you need passwords!????? Quote Link to comment https://forums.phpfreaks.com/topic/5026-is-there-a-tutorial-for/#findComment-17864 Share on other sites More sharing options...
trq Posted March 15, 2006 Share Posted March 15, 2006 I could easily write a script that retrieved all your source code from your site, somewhere in there your database pass / user would (most likely) exist, then login and delete your data. Removing the site is just a matter of writting a script to delete all your files. Locking you out from a shared server might be a little more work, but dont push fate. Quote Link to comment https://forums.phpfreaks.com/topic/5026-is-there-a-tutorial-for/#findComment-17871 Share on other sites More sharing options...
AbydosGater Posted March 15, 2006 Author Share Posted March 15, 2006 Ok, well as long as...[code]if ($myvar != 'value1' || $myvar != 'value2' || $myvar != 'value3' || $myvar != 'value4'{$myvar = "index"}[/code]..This Works, i should be fine? Quote Link to comment https://forums.phpfreaks.com/topic/5026-is-there-a-tutorial-for/#findComment-17955 Share on other sites More sharing options...
AbydosGater Posted March 23, 2006 Author Share Posted March 23, 2006 Ok, i made a quick page for testing this!www.stargate.hostyw.com/testing.phpWithin the table on this page is the following...[code]<?PHP //Checking page vars ) if none, making 'INDEX' if (!isset($_GET['page'])) { $page = "index"; } else { require($_GET['page'].".php"); print "this should work"; }; //End Checking page vars ) if none, making 'INDEX' ?>[/code]ok and this seams to work, kinda, if you go to www.stargate.hostyw.com/testing.php?page=index it worksbut the lines of the IF statement are not working, when you go to the www.stargate.hostyw.com/testing.php file no vars in the url, you just get a page, not require, it does not make $page = "index"[code] if (!isset($_GET['page'])) { $page = "index"; } [/code]ok and there is something wrong with my last bit of security...[code] if ($page != 'index' || $myvar != 'password' || $myvar != 'value3' || $myvar != 'value4') { $page = "index"; };[/code]Because if you type in something stupid in the domain like, www.stargate.hostyw.com/testing.php?page=PIZZAit just shows the html of the page, it does not reset to index!Can anyone see why these problems are occuring?Thank You So Much Andrew Butler Quote Link to comment https://forums.phpfreaks.com/topic/5026-is-there-a-tutorial-for/#findComment-20066 Share on other sites More sharing options...
AbydosGater Posted March 23, 2006 Author Share Posted March 23, 2006 Ok,I think this topic is getting a bit big, and has gone onto a different subject then a tutorialso you can reply at[a href=\"http://www.phpfreaks.com/forums/index.php?showtopic=89115\" target=\"_blank\"]HERE[/a] Quote Link to comment https://forums.phpfreaks.com/topic/5026-is-there-a-tutorial-for/#findComment-20085 Share on other sites More sharing options...
redbullmarky Posted March 23, 2006 Share Posted March 23, 2006 you need to use AND (&&) not OR:[code] if ($page != 'index' && $myvar != 'password' && $myvar != 'value3' && $myvar != 'value4'){ $page = "index";};[/code]the way you had it before would pretty much result ANYTHING to index, even the values you're checking Quote Link to comment https://forums.phpfreaks.com/topic/5026-is-there-a-tutorial-for/#findComment-20087 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.