i'm such a noob at php include

[spacka]

my bad sorry - http://69.41.171.40/arctic/vocationalacademy/index.php - thats it.

[rajivgonsalves]

try this

 

<?php
$page = $_GET['page'];
$course = @$_GET['course'];

if ((isset($page) && !isset($course) && !file_exists("pages/{$page}.htm")) || (isset($page) && isset($course) && !file_exists("pages/{$page}/{$course}.htm"))) {
include("error.htm");
}
else if (isset($page) && isset($course) && file_exists("pages/{$page}/{$course}.htm")) {
include("pages/{$page}/{$course}.htm");
}
else if (isset($page) && file_exists("pages/{$page}.htm")) {
include("pages/{$page}.htm");
}
else {
include ("main.htm");
}
?>

[spacka]

hi.

 

sorry to delay with my reply but here's my current status.

 

the php code on index.php is:

 

<?php
	$level = $_GET['level'];
	$course = @$_GET['course'];

if (isset($level) && isset($course) && file_exists("pages/{$level}/{$course}.htm")) {
include("pages/{$level}/{$course}.htm");
}
else if (isset($level) && file_exists("pages/{$level}.htm")) {
include("pages/{$level}.htm");
}
else {
include ("main.htm");
}
?>

 

basically ive replaced "page" with "level" so its easier to understand.

 

http://69.41.171.40/arctic/vocationalacademy/index.php

 

as you can see, the links to level 1, 2 3 etc work fine:

 

http://69.41.171.40/arctic/vocationalacademy/index.php?level=AVL2&course=art

 

works!

 

however, when i enter something that does not exist (for example - http://69.41.171.40/arctic/vocationalacademy/index.php?level=AVL67755) then the error message does not display.

[laffin]

i dun see an error message to display, just the default page main.htm

 

u shud also consider checking for '..' in the page names as well as '/'

 

otherwise ppl gonna do all sorts of crazy things

	$level = isset($_GET['level'])?(preg_match("@[^/.\s]@",$_GET['level'])?$_GET['level']:''):'';
	$course = isset($_GET['course'])?(preg_match("@[^/.\s]@",$_GET['course'])?$_GET['course']:''):'';

 

[spacka]

what does the above code do and where should i place/replace it?

[laffin]

$level = variable assignment

 

isset($_GET['level']) isset returns true if variable exists, so we are checking if variable level passed on url

?  the boolean operator, based on expression above, if true returns first set, otherwise return 2nd set

 

(preg_match("@[^/.\s]@",$_GET['level'])?$_GET['level']:'') our first set, uses preg_match to check that 'level' from url dusnt contain . or / in it, if it dusn return it, otherwise return empty string (notice it uses another boolean operation in here)

: our seperator from first and second set

'' our 2nd set, is an empty string

;

 

[rajivgonsalves]

your code should be

 

<?php
$level = $_GET['level'];
$course = @$_GET['course'];

if ((isset($level) && !isset($course) && !file_exists("pages/{$level}.htm")) || (isset($level) && isset($course) && !file_exists("pages/{$level}/{$course}.htm"))) {
include("error.htm");
}
else if (isset($level) && isset($course) && file_exists("pages/{$level}/{$course}.htm")) {
include("pages/{$level}/{$course}.htm");
}
else if (isset($level) && file_exists("pages/{$level}.htm")) {
include("pages/{$level}.htm");
}
else {
include ("main.htm");
}
?>

[spacka]

thanks a lot.

 

just another thing...my index page still has that error message saying theres something wrong with line 23 but i dont know what this error is.

 

line 23:

$level = $_GET['level'];

[nethnet]

<?

$level = @$_GET['level'];

?>

[spacka]

thanks. ive also put the second line in the separate php tages. it now looks like this:

 

<?php

$level = @$_GET['level'];
$course = @$_GET['course'];

?>

 

and then the next lot of php is as follows:

 

<?php

if ((isset($level) && !isset($course) && !file_exists("pages/{$level}.htm")) || (isset($level) && isset($course) && !file_exists("pages/{$level}/{$course}.htm"))) {
include("error.htm");
}
else if (isset($level) && isset($course) && file_exists("pages/{$level}/{$course}.htm")) {
include("pages/{$level}/{$course}.htm");
}
else if (isset($level) && file_exists("pages/{$level}.htm")) {
include("pages/{$level}.htm");
}
else {
include ("main.htm");
}
?>

 

it works fine but is there any specific reason why it needs to be like this?

[rajivgonsalves]

specific reason to be like what ? please elaborate

[laffin]

Nope, no real reason to have it coded that way

<?
$level = isset($_GET['level'])?(preg_match("@[^/.\s]@",$_GET['level'])?$_GET['level']:''):'';
$course = isset($_GET['course'])?(preg_match("@[^/.\s]@",$_GET['course'])?$_GET['course']:''):'';
$page= (!empty($level)? ("$level" . (!empty($course) ? "/$course":"") . ".htm") : "main.html";
if(!file_exists($page="pages/$page"))
  include("error.htm");

echo "page=$page";

?>

 

the builk of the action as u can see is taken care of here

$page= (!empty($level)? ("$level" . (!empty($course) ? "/$course":"") . ".htm") : "main.html";

 

again using boolean operations to build the page.

if built with if statements wud look like

if(!empty($level)) $page = "$level"

if(!empty($level) && !empty($course)) $page="$page/$course";

if(!empty($page)) $page="$page.htm"

else $page= "main.html";

 

[spacka]

specific reason to be like what ? please elaborate

i just meant is there any specific reason to have the first bit of code in separate php tags to the second? its just seems like php tags are the only thigns that separate them.

[laffin]

in my post above, just realized that that code puts main.htm in pages

make following changes

$page= (!empty($level)? ("pages/$level" . (!empty($course) ? "/$course":"") . ".htm") : "main.html";
if(!file_exists($page))
  include("error.htm");

and yer done

 

[rajivgonsalves]

you could put them in one opening closing bracket it will not make a difference and laffin you code has a syntax error.. something even I cannot solve

[laffin]

<?php
$level = isset($_GET['level'])?(preg_match("@[^/.\s]@",$_GET['level'])?$_GET['level']:''):'';
$course = isset($_GET['course'])?(preg_match("@[^/.\s]@",$_GET['course'])?$_GET['course']:''):'';
$page= (!empty($level)? ("pages/$level" . (!empty($course) ? "/$course":"") . ".htm") : "main.htm");
if(!file_exists("$page"))
  include("error.htm");

echo "page=$page";

?>

 

whoops a missing paren. but whats a missing delimeter between coders.

[spacka]

im sort of getting confused. at the minute i'm using the code rajivgonsalves gave me. what does laffin's code do differently?

[laffin]

it logically puts the page together piece by piece noticing the different outputs you can have.

as well as testing the $_GET for '.' and '/' which can be used to access other files outside the confines of yer public html folder

 

consider

http://my.url/showpage.php?level=../otherpage

 

and it cuts down on the file_exists

[spacka]

ok thanks i'll bear that in mind but i dont think it wil be needed for the time being.

 

however, i do have a small thing to ask.

 

how could i replace my error message to just echo something rather than include error.htm.

[laffin]

replace include("error.htm")

with something like

{
?>
<H2>ERROR!</H2> <H1>Unknown page reference</H1>
<?
  exit();
}

 

just change everything between the php short tags (?> and <?) as standard html code