Url Parameterizing

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
tobimichigan
Forum Commoner
Posts: 48
Joined: Sun May 10, 2009 1:35 pm

Url Parameterizing

Post by tobimichigan »

Hi there,
Please could anyone give me a lead on how to generate pages from a single php page like

index.php?action=login

I also want to generate the secure pages in this format too.

Thanks a bunch.. 8)
User avatar
tr0gd0rr
Forum Contributor
Posts: 305
Joined: Thu May 11, 2006 8:58 pm
Location: Utah, USA

Re: Url Parameterizing

Post by tr0gd0rr »

PHP Frameworks such as Zend, Cake and Symphony have a robust system for those types of schemes. At the very simplest, you can do something like the following:

Code: Select all

<?php
// index.php
$action = $_GET['action'];
$script = "./actions/$action.php";
if (!preg_match('/^[a-z0-9_-]+$/i', $action) || !is_file($script)) {
  $script = './404.php';
}
include($script);
The preg_match() check is just a simple security measure to ensure that the action string does not contain characters such as . or /

You can also use apache's mod_rewrite in .htaccess file to change pretty urls such as "/myaction/" into "index.php?action=myaction"
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: Url Parameterizing

Post by Eran »

A different approach is to check against a white-list array of allowed scripts. This way you have better control over what gets included, and where.

Code: Select all

$pages = array('home','profile','login','about');
if( in_array( $_GET['action'] , $pages ) ) {
    include($_GET['action'] . '.php');
} else {
    include('404.php'); //page not found
}
tobimichigan
Forum Commoner
Posts: 48
Joined: Sun May 10, 2009 1:35 pm

Re: Url Parameterizing

Post by tobimichigan »

pytrin wrote:A different approach is to check against a white-list array of allowed scripts. This way you have better control over what gets included, and where.

Code: Select all

$pages = array('home','profile','login','about');
if( in_array( $_GET['action'] , $pages ) ) {
&nbsp; &nbsp; include($_GET['action'] . '.php');
} else {
&nbsp; &nbsp; include('404.php'); //page not found
}
tr0gd0rr wrote:PHP Frameworks such as Zend, Cake and Symphony have a robust system for those types of schemes. At the very simplest, you can do something like the following:

Code: Select all

<?php
// index.php
$action = $_GET['action'];
$script = "./actions/$action.php";
if (!preg_match('/^[a-z0-9_-]+$/i', $action) || !is_file($script)) {
&nbsp; $script = './404.php';
}
include($script);
The preg_match() check is just a simple security measure to ensure that the action string does not contain characters such as . or /

You can also use apache's mod_rewrite in .htaccess file to change pretty urls such as "/myaction/" into "index.php?action=myaction"

So guys where do these codes go? I suppose index.php? and the rest of the variable pages, r they supposed to be in a separate folder with a ref 'include' function?
User avatar
tr0gd0rr
Forum Contributor
Posts: 305
Joined: Thu May 11, 2006 8:58 pm
Location: Utah, USA

Re: Url Parameterizing

Post by tr0gd0rr »

@tobimichigan

I'm not sure exactly what you're asking. These scripts would be in an index.php page and all urls would be something like "index.php?action=home" which would include "home.php" from whatever directory you want. For example, line 4 of my snippet "$script = "./actions/$action.php";" would look for "home.php" in the same directory that contains "index.php".
tobimichigan
Forum Commoner
Posts: 48
Joined: Sun May 10, 2009 1:35 pm

Re: Url Parameterizing

Post by tobimichigan »

tr0gd0rr wrote:@tobimichigan

I'm not sure exactly what you're asking. These scripts would be in an index.php page and all urls would be something like "index.php?action=home" which would include "home.php" from whatever directory you want. For example, line 4 of my snippet "$script = "./actions/$action.php";" would look for "home.php" in the same directory that contains "index.php".
What if u wanted to parameterize from a login page say "login.php" and then other restricted pages?
User avatar
tr0gd0rr
Forum Contributor
Posts: 305
Joined: Thu May 11, 2006 8:58 pm
Location: Utah, USA

Re: Url Parameterizing

Post by tr0gd0rr »

Sure, you can do the same thing for a login.php that we've done for index.php. The code would be essentially no different except maybe in login.php you want to check authentication. You can restrict access from directly accessing any of the pages by having all files except index.php and login.php outside the web root.

For example put scripts in /var/www/myapp/actions/, put index.php and login.php in /var/www/myapp/public/ and setup your web root so that http://example.com/ points to /var/www/myapp/public/. Then in line 4 of my snippet go up one directory: "$script = "../actions/$action.php";"
tobimichigan
Forum Commoner
Posts: 48
Joined: Sun May 10, 2009 1:35 pm

Re: Url Parameterizing

Post by tobimichigan »

Thanks a mill tg much thanks for your invaluable contributions....
Post Reply