I need to know if there is another way to do this or if there is a way to get around this.
I am kinda trying this new simple Idea of a template system using $_GET.
So what I did was made my index page and wrote
Code: Select all
<?php $empty=strlen($_GET['page']);
if ($empty==0)
{
header ("Location: 404error.php");
}
// Now that the url is clean lets make sure that the file exsists and if not send them to the 404 page........
$page = $_GET['page'];
$urlcheck = $page.".php";
if (!file_exists($urlcheck)) {
header("Location: 404error.php");
}
$pagetitle = $page;
?>localhost/administrator/index.php?page=main
When I direct link to the main.php file it will open in the browser since it does not use sessions. So I added in main.php the following
Code: Select all
<?php $empty=strlen($_GET['page']);
if ($empty==0)
{
header ("Location: 404error.php");
}
// Now that the url is clean lets make sure that the file exsists and if not send them to the 404 page........
$page = $_GET['page'];
$urlcheck = $page.".php";
if (!file_exists($urlcheck)) {
header("Location: 404error.php");
} ?> How secure could this be. I imagine it aint very at all but it is working!!!?
EDIT: Ok so it does NOT work. ANYONE have any suggestions on how to secure the included files?