rhodesa Posted February 8, 2008 Share Posted February 8, 2008 The big thing was to restrict the 'keys' to letters/numbers/underscores so people can't put stuff like "../../etc/passwd" in hopes of getting to other files on your computer Quote Link to comment Share on other sites More sharing options...
scferg Posted February 8, 2008 Author Share Posted February 8, 2008 Ah, ok. Thanks a lot for all this! If you're curious to where your code is bring put to work, my site is http://sims2news.com Quote Link to comment Share on other sites More sharing options...
scferg Posted February 8, 2008 Author Share Posted February 8, 2008 Hmmm...just noticed something. The ?section=BLAH&page=BLAH.php function doesn't work. If you visit my site, hover over the down arrow on the nav, then click News Archives, it goes to the 404 error page. It worked before, I don't know what's wrong... Quote Link to comment Share on other sites More sharing options...
rhodesa Posted February 8, 2008 Share Posted February 8, 2008 There is two reasons for that 1) There is a period in the name of the page, which violates our letters/spaces/underscores requirement 2) The script automatically adds .html to the end of it. So even if it got past #1, it would be looking for the page: news/show_archives.php.html Does the show_archives.php file have to be a .php? or can it be .html? Quote Link to comment Share on other sites More sharing options...
scferg Posted February 8, 2008 Author Share Posted February 8, 2008 It must be PHP, it is my news archives page :-\ Quote Link to comment Share on other sites More sharing options...
rhodesa Posted February 8, 2008 Share Posted February 8, 2008 my recommendation is to do the follow: Step 1) Make all your .html files .php instead Step 2) Change the script to: <?php $error_page = "./404.php"; $page = $_GET['page']; $section = $_GET['section']; if($page == "case1") { //Handle special cases first echo "case1 goes here no page was written for this statement."; } elseif($page) { //Page requested $path = "{$page}.php"; if($section) //Add section $path = "{$section}/{$path}"; //Check keys and existance if( preg_match('/^\w+$/',$page) && (!strlen($section) || preg_match('/^\w+$/',$section)) && file_exists($path) ) include($path); //Good to go...include it else include($error_page); //Error page } else { //Default $number=10; $only_active=TRUE; include("./news/show_news.php"); } ?> Step 3) Have the URL for the News Archive be like the others: http://sims2news.com/?section=news&page=show_archives Quote Link to comment Share on other sites More sharing options...
scferg Posted February 9, 2008 Author Share Posted February 9, 2008 Oh well...the archives page wasn't very important anyway. Thanks! Quote Link to comment Share on other sites More sharing options...
scferg Posted February 9, 2008 Author Share Posted February 9, 2008 Ok, I changed my mind...I changed the code and switched the files to .php . It works great now! This is kind of off topic, but just out of curiosity...on my 404.php page, is there a way to display the page requested that has not been found? Like: The page http://sims2news.com/?page=1234 has not been found It's not necessary, but it would be cool if it could Thanks! Quote Link to comment Share on other sites More sharing options...
rhodesa Posted February 9, 2008 Share Posted February 9, 2008 Well, since you are only including the page, you can get it from $_SERVER['REQUEST_URI'] 404.php <?php echo "The page {$_SERVER['REQUEST_URI']} has not been found."; ?> Quote Link to comment Share on other sites More sharing options...
scferg Posted February 9, 2008 Author Share Posted February 9, 2008 Sweet, thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.