Jump to content

Is There A Tutorial For...


AbydosGater

Recommended Posts

Hi,
I have seen on many sites,
where you have your index, and then that one file can act as many pages?
IE: index.php?page=index or index.php?page=news

for example www.sourcegate.org , see most of the pages are all in the index file,

Does anyone know any tutorials for doing this?
This would be a great help!

Thank you
Link to comment
Share on other sites

Although I don't have a tutorial for you...
It pretty much is just inputting a global variable to use in your site.

<?php
echo ("My Website");
...blah blah blah...
include ($page.".php");
?>

Probably no help at all :p buts it's not that hard to learn all by yourself.
And there is obviously alot you not only can do, but should do, in terms of security.
Link to comment
Share on other sites

Well i had though of that,
and wrote my script,

[code]
<html>
<head>
<title>testing vars</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

    <?php
    //Checking page vars ) if none, making 'INDEX'
    if (empty($page))
    {
    $page = "index";
    } else {
    require("$page.php");
    print "this should work";
    };
    //End Checking page vars ) if none, making 'INDEX'    
    ?>
</body>
</html>
[/code]


right, and in the url i would have ".../index.php?page=pagename"
and if there was no ?page=... The variable page was assigned the value of "index"

but that does not work?
Do you know why?
Link to comment
Share on other sites

Because there is no variable $page.
[code]
<?php
    
  if (!isset($_GET['page'])) {
    $page = "index";
  } else {
    require($_GET['page'].".php");
    print "this should work";
  };
  
?>
[/code]
And for securities sake, you best do some checking on this line....

require($_GET['page'].".php");

This opens a whole can of worms in relation t security.
Link to comment
Share on other sites

Because there is no variable $page.
[code]
<?php
    
  if (!isset($_GET['page'])) {
    $page = "index";
  } else {
    require($_GET['page'].".php");
    print "this should work";
  };
  
?>
[/code]
And for securities sake, you best do some checking on this line....

require($_GET['page'].".php");

This opens a whole can of worms in relation t security.
Link to comment
Share on other sites

Ok,
Thanks,
and what do you mean security?
what could happen?
what are the risks?

I am going to limit it to the number of values,

[code]
if ($myvar != 'value1' || $myvar != 'value2' || $myvar != 'value3' || $myvar != 'value4'
    {
    $myvar = "index"
     }
[/code]

Like so, will that help?
Link to comment
Share on other sites

You need to validate that the file your going to [i]require[/i] exists, and that you know what it is. The way you have it at the moment, I could run ANY script I like on YOUR server. Delete your database / website, lock yoiu out.... whatever.
Link to comment
Share on other sites

Yeah
I know,
BUT your cant run any script if i use...


[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
if ($myvar != 'value1' || $myvar != 'value2' || $myvar != 'value3' || $myvar != 'value4'
{
$myvar = "index"
}
[/quote]

Because, if the $page is not one of the values i allow, then it is just given the value "index"

Would this work to help security?
Link to comment
Share on other sites

Yea,
I dont want people just changing $page to be a link to any script!:P

And i understand how you could delete my databases with a script,
But Woulnt you need my username and password?
and how could you delete my whole site?
you need passwords!?????
Link to comment
Share on other sites

I could easily write a script that retrieved all your source code from your site, somewhere in there your database pass / user would (most likely) exist, then login and delete your data. Removing the site is just a matter of writting a script to delete all your files. Locking you out from a shared server might be a little more work, but dont push fate.
Link to comment
Share on other sites

Ok, i made a quick page for testing this!
www.stargate.hostyw.com/testing.php
Within the table on this page is the following...
[code]
<?PHP

    //Checking page vars ) if none, making 'INDEX'
  if (!isset($_GET['page'])) {
    $page = "index";
  } else {
    require($_GET['page'].".php");
    print "this should work";
  };
  

    //End Checking page vars ) if none, making 'INDEX'    
    ?>
[/code]

ok and this seams to work, kinda, if you go to www.stargate.hostyw.com/testing.php?page=index it works

but the lines of the IF statement are not working, when you go to the www.stargate.hostyw.com/testing.php file no vars in the url, you just get a page, not require, it does not make $page = "index"

[code]
  if (!isset($_GET['page'])) {
    $page = "index";
  }
[/code]


ok and there is something wrong with my last bit of security...

[code]
if ($page != 'index' || $myvar != 'password' || $myvar != 'value3' || $myvar != 'value4')
    {
    $page = "index";
     };
[/code]

Because if you type in something stupid in the domain like, www.stargate.hostyw.com/testing.php?page=PIZZA

it just shows the html of the page, it does not reset to index!

Can anyone see why these problems are occuring?
Thank You So Much
Andrew Butler
Link to comment
Share on other sites

you need to use AND (&&) not OR:

[code]
if ($page != 'index' && $myvar != 'password' && $myvar != 'value3' && $myvar != 'value4')
{
   $page = "index";
};
[/code]

the way you had it before would pretty much result ANYTHING to index, even the values you're checking
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.