Page 1 of 1

General PHP Structure Question

Posted: Fri Aug 05, 2005 10:07 am
by influx
Hey all,

Since I taught myself PHP and don't have much sophisticated knowledge about coding in it, I was wondering if I could ask a few questions to get more familiar with universal methods of coding.

I run a website service with various features, including uploading files, analyzing page statistics, posting message, etc. The way I have structured the website is as follows:

members/upload
members/stats
members/posting

Is the lack of obscurity a problem to begin with? In each directory I have a home page (upload.php, stats.php, posting.php) and I have a 'test' file to actually run code when they submit the form (upload_test.php, stats_test.php, posting_test.php). In each 'test' file I have various different functions I can execute. For example, in the posting_test.php, function 1 will remove a post, function 2 will add a post, function 3 will remove all posts, etc.

So, when somebody submits a certain form on posting_test.php, here is what the form action tag looks like: <form action="posting_test.php?code=1" method="post"> (for example, this is for removing a post).

So my posting_test.php file is separated into codes (code1 remove post, code2 add post, code3 remove all posts), propagated through the URL (is this a big mistake?) and I simply post the respective code under if($code==1){<<CODE HERE>>} if($code==2){<<CODE HERE>>} etc.

Is there a problem with the way I have this set up?

Thanks!
-influx

Posted: Fri Aug 05, 2005 10:30 am
by s.dot
if you do have it set up that way.. accepting variables through the URL, make sure that each user has the proper permission to do what they are doing.

For example, if they are going to remove all posts, check that the author of the post matches their username login credentials (assuming you have a login)

Code: Select all

$result = mysql_fetch_assoc(mysql_query("SELECT author FROM table WHERE id = '".$_GET['postid']."'"));

if($result['author'] != $_COOKIE['username'])
{
   die("you cannt remove other users posts.");
} ELSE
{
   // remove posts
}

Posted: Fri Aug 05, 2005 10:57 am
by influx
Oh, easy enough, thanks!

Now, one last question. What if I am not using a form and have a link like: <a href="post_test.php?code=2>Remove this post</a>

Is there any way I can propagate this using $_POST instead of $_GET?



Also, I noticed that in your example you used COOKIE to store the username, is that better than SESSION? I didn't think it was..

Thanks!
-influx

Posted: Fri Aug 05, 2005 11:09 am
by s.dot
I answered your first question in your other post :)

and using $_COOKIE or $_SESSION doesn't really matter in your example, as long as you can validate their login.

If you use $_COOKIE you would have to make sure that they didn't go to the cookie and edit their username without needing a pass.

Posted: Fri Aug 05, 2005 12:00 pm
by influx
Good thing I don't need to do that =)

Thanks a lot.