Need Some Advice
Posted: Fri Oct 15, 2010 12:41 am
Ok so I am creating this project management system for myself and and everything is going good.
I need to know if there is another way to do this or if there is a way to get around this.
I am kinda trying this new simple Idea of a template system using $_GET.
So what I did was made my index page and wrote
Works awesome but for the fact that any of the files that I am including into the index file are unprotected because i can use sessions on the or it will give an error about sessions already being started. My main link is
localhost/administrator/index.php?page=main
When I direct link to the main.php file it will open in the browser since it does not use sessions. So I added in main.php the following
as far as I know it is working. When I go to the file directly it does do work but when called in the include it see's itself and then displays.
How secure could this be. I imagine it aint very at all but it is working!!!?
EDIT: Ok so it does NOT work. ANYONE have any suggestions on how to secure the included files?
I need to know if there is another way to do this or if there is a way to get around this.
I am kinda trying this new simple Idea of a template system using $_GET.
So what I did was made my index page and wrote
Code: Select all
<?php $empty=strlen($_GET['page']);
if ($empty==0)
{
header ("Location: 404error.php");
}
// Now that the url is clean lets make sure that the file exsists and if not send them to the 404 page........
$page = $_GET['page'];
$urlcheck = $page.".php";
if (!file_exists($urlcheck)) {
header("Location: 404error.php");
}
$pagetitle = $page;
?>localhost/administrator/index.php?page=main
When I direct link to the main.php file it will open in the browser since it does not use sessions. So I added in main.php the following
Code: Select all
<?php $empty=strlen($_GET['page']);
if ($empty==0)
{
header ("Location: 404error.php");
}
// Now that the url is clean lets make sure that the file exsists and if not send them to the 404 page........
$page = $_GET['page'];
$urlcheck = $page.".php";
if (!file_exists($urlcheck)) {
header("Location: 404error.php");
} ?> How secure could this be. I imagine it aint very at all but it is working!!!?
EDIT: Ok so it does NOT work. ANYONE have any suggestions on how to secure the included files?