General PHP Structure Question

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
influx
Forum Commoner
Posts: 31
Joined: Fri Aug 05, 2005 9:28 am

General PHP Structure Question

Post by influx »

Hey all,

Since I taught myself PHP and don't have much sophisticated knowledge about coding in it, I was wondering if I could ask a few questions to get more familiar with universal methods of coding.

I run a website service with various features, including uploading files, analyzing page statistics, posting message, etc. The way I have structured the website is as follows:

members/upload
members/stats
members/posting

Is the lack of obscurity a problem to begin with? In each directory I have a home page (upload.php, stats.php, posting.php) and I have a 'test' file to actually run code when they submit the form (upload_test.php, stats_test.php, posting_test.php). In each 'test' file I have various different functions I can execute. For example, in the posting_test.php, function 1 will remove a post, function 2 will add a post, function 3 will remove all posts, etc.

So, when somebody submits a certain form on posting_test.php, here is what the form action tag looks like: <form action="posting_test.php?code=1" method="post"> (for example, this is for removing a post).

So my posting_test.php file is separated into codes (code1 remove post, code2 add post, code3 remove all posts), propagated through the URL (is this a big mistake?) and I simply post the respective code under if($code==1){<<CODE HERE>>} if($code==2){<<CODE HERE>>} etc.

Is there a problem with the way I have this set up?

Thanks!
-influx
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

if you do have it set up that way.. accepting variables through the URL, make sure that each user has the proper permission to do what they are doing.

For example, if they are going to remove all posts, check that the author of the post matches their username login credentials (assuming you have a login)

Code: Select all

$result = mysql_fetch_assoc(mysql_query("SELECT author FROM table WHERE id = '".$_GET['postid']."'"));

if($result['author'] != $_COOKIE['username'])
{
   die("you cannt remove other users posts.");
} ELSE
{
   // remove posts
}
influx
Forum Commoner
Posts: 31
Joined: Fri Aug 05, 2005 9:28 am

Post by influx »

Oh, easy enough, thanks!

Now, one last question. What if I am not using a form and have a link like: <a href="post_test.php?code=2>Remove this post</a>

Is there any way I can propagate this using $_POST instead of $_GET?



Also, I noticed that in your example you used COOKIE to store the username, is that better than SESSION? I didn't think it was..

Thanks!
-influx
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

I answered your first question in your other post :)

and using $_COOKIE or $_SESSION doesn't really matter in your example, as long as you can validate their login.

If you use $_COOKIE you would have to make sure that they didn't go to the cookie and edit their username without needing a pass.
influx
Forum Commoner
Posts: 31
Joined: Fri Aug 05, 2005 9:28 am

Post by influx »

Good thing I don't need to do that =)

Thanks a lot.
Post Reply