I have a group of pages, and I want to include one of them dependent on a variable in url, but the page is always appear is dashboard
link1 : index.php?pth=&page=dashboard
link2 : index.php?pth=modules/institution&page=inst_classification
if statement :
if (isset($page) && !empty($page)) {
$page = htmlspecialchars($_GET["page"]);
$pth = htmlspecialchars($_GET["pth"]);
}else{
$page ='dashboard';
$pth = '';
}
include ('../admin/template/'.$template_fldr.'/html/'.$pth.$page.'.php');
thanks!
You access $page before you write to it. You also never check for the existance of your pth value. Try:
if (empty($_GET['page']) || empty($_GET['pth'])) {
$page ='dashboard';
$pth = '';
}else{
$page = htmlspecialchars($_GET["page"]);
$pth = htmlspecialchars($_GET["pth"]);
}
include ('../admin/template/'.$template_fldr.'/html/'.$pth.$page.'.php');
You probably also need a / here in your include, if modules/institution/inst_classification.php is the file you are looking for:
include('../admin/template/'.$template_fldr.'/html/'.$pth.'/'.$page.'.php'); - but that is not clear from your question.
if (isset($_GET["page"]) && isset($_GET["pth"])) {
$page = htmlspecialchars($_GET["page"]);
$pth = htmlspecialchars($_GET["pth"]);
} else {
$page = 'dashboard';
$pth = '';
}
include ('../admin/template/'.$template_fldr.'/html/'.$pth.'/'.$page.'.php');
Related
This is the button
<a href="index.php?p=contact">contact<a>
This is the php script:
<?php
$p = isset($_GET['p']);
if($p == "artist")
{
include 'artist.php';
}
if($p == "contact")
{
include 'contact.php';
}
if($p == "releases")
{
include 'releases.php';
}
if($p == "downloads")
{
include 'downloads.php';
}
else
{
include 'home.php';
}
?>
So my script should include contact.php when I hit the button, but instead of including only contact.php it includes all php files. (this happens also with the other buttons).
Right now your $p variable equals true (this is what isset returns).
Change $p = isset($_GET['p']); to $p = $_GET['p']; and you'll be good
Even better:
$p = isset($_GET['p']) ? $_GET['p'] : false;
in this case you're secured against p being null
EDIT:
There is also another issue with your code - last else statement. It is always true when $p is different than downloads. So either you change every if to else if like this:
if($p == 'artist')
{
include 'artist.php';
}
else if($p == 'contact')
{
include 'contact.php';
}
(...)
else
{
include 'home.php';
}
or change this to switch statement:
switch($p)
{
case 'artist':
include 'artist.php';
break;
(...)
default:
include 'home.php';
}
isset($_GET['p']) returns true or false, so the code comparing $p to some strings will always return true and run the code inside the if block.
Change $p = isset($_GET['p']) simply to $p = $_GET['p']
To make this (more) reusable, you should alter your script a bit. Create a simple whitelist, check it the parameter is allowed, and if yes, include the $_GET['p']'s value directly:
$allowed = false;
if (isset($_GET['p']))
{
switch $_GET['p'] {
case 'contact':
$allowed = true;
break;
case 'artist':
$allowed = true;
break;
// and so on for all your IFs
}
if ($allowed === true) {
include $_GET['p'].'.php'
}
else
{
die('illegal parameter found')
}
}
Is it possible to determine what to show depending on the URL?
I have an index file which is:
<?php include './includes/header.php'; ?>
<?php include './includes/menu.php'; ?>
<?php include './includes/content.php'; ?>
<?php include './includes/sidebar.php'; ?>
<?php include './includes/footer.php'; ?>
Note: I have different "content.php"'s
Is it possible to do something like:
If Url = url {
show only content for the url
}
and then have case system like
case: home.php
show some
etc
I know Wordpress can do it. Is it possible with PHP and MySQL and HTML?
EDIT: Instead of content.php i would want show the desired HTML code gotten from my db
Use this function to see your current page. Then use the "switch" case for proper include file:
## Get Current Page / Section
function cur_page()
{
$cur_page='';
if(isset($_SERVER['PHP_SELF']) && $_SERVER['PHP_SELF']!='')
{
$temp_var1 = explode('/', $_SERVER['PHP_SELF']);
$cur_page = $temp_var1[count($temp_var1)-1];
}
else if(isset($_SERVER['SCRIPT_NAME']) && $_SERVER['SCRIPT_NAME']!='')
{
$temp_var1 = explode('/', $_SERVER['SCRIPT_NAME']);
$cur_page = $temp_var1[count($temp_var1)-1];
}
else if(isset($_SERVER['REQUEST_URI']) && $_SERVER['REQUEST_URI']!='')
{
$temp_var1 = explode('/', $_SERVER['REQUEST_URI']);
$cur_page = $temp_var1[count($temp_var1)-1];
$temp_var2 = explode('?', $cur_page);
$cur_page = $temp_var2[0];
}
else if(isset($_SERVER['SCRIPT_FILENAME']) && $_SERVER['SCRIPT_FILENAME']!='')
{
$temp_var1 = explode('/', $_SERVER['SCRIPT_FILENAME']);
$cur_page = $temp_var1[count($temp_var1)-1];
}
return $cur_page;
}//end func.....
Querying from database.
I don't recommend MySql, and I hope you learn PDO instead, but just
for this example
function get_me_title($page) {
$query = "SELECT * FROM title WHERE title = $page";
$result = mysql_query($query);
foreach($result as $row) {
return $row[$page];
}
}
Now, you can use function .get_me_title('whatever') to query from database, and echo below
if(isset($_GET['page_id'])) {
$page = $_GET['page_id'];
switch($page) {
case "contact";
echo get_me_title('contact');
break;
case "about";
echo get_me_title('about');
break;
case "portofolio";
echo get_me_title('portofolio')
break;
default:
echo 'you are in home page';
}
}else {echo '404 ERROR! The Page you have requested does not exist';}
Instead of including content.php, you can include needed page.
For example, if You build Your urls, where, for example, $_GET['page'] will refer to needed page, then simply You can do this.
$availablePages = array('default' => 'home', 'about');
if (isset($_GET['page']) && in_array($_GET['page'], $availablePages) {
$page = $_GET['page'] . '.php';
} else {
$page = $availablePages['default'] . '.php';
}
include $page;
Hello I'm making a website and I have issues with htaccess clean url redirects when a user adds amps or slashes as a title for the article he is submiting.I decided thath I would like to allow only specific characters like alpanumeric, -, _, #,[,]. no quotes or double quotes etc etc...
I cant seem to make the regexp work I have not great esperience with regex and instead of using string replaces I thought I should ask.
Also any other proposals regarding this matter will be greatly appreciated
In my htaccess I have the following setup:
RewriteRule ^([^/]*)(.*)$ /index.php?page=$1&request=$2
and in my index I have:
include 'db.php';
include 'generic.php';
$pages = array('','main','events','news','rss','search','add-event');
if(isset($_GET['page']) && in_array($_GET['page'], $pages))
{
$event_category = null;
$event_title = null;
$search_string = null;
$rss_category = null;
$events_date = null;
$search_page = null;
validate_evented_page(trim(urldecode($_GET['page'])));
}
else
{
evented_error_page(404);
}
function evented_error_page($err)
{
include('errorpages/error.php');
}
function validate_evented_page($p)
{
$page = strtolower($p);
global $event_category;
global $event_title;
global $search_string;
global $rss_category;
global $events_date;
global $search_page;
if($page == 'main' || strlen($p) == 0)
{
include 'main.php';
}
else if($page == 'events')
{
$params = explode_url($_GET['request']);
if(count($params) == 0)
{
$events_date = "'';";
include 'allevents.php';
}
else if(count($params) == 1)
{
if(check_date($params[0]))
{
$date_split = explode('-',$params[0]);
$events_date = "'".date("m/d/Y" , mktime(0, 0, 0, date('m'), $date_split[1], date('Y')))."';";
}
else
{
$events_date = "'';";
}
include 'allevents.php';
}
else if(count($params) == 2)
{
$event_category = trim(urldecode($params[0]));
$event_title = trim(urldecode($params[1]));
include 'event.php';
}
else
{
evented_error_page(404);
}
}
}
the following url:
/events/Drum+%26+Bass/Innersense+presents+ETHOS_v04-0
gives $_GET['request'] = /Drum
when it should have been Drum & Bass (in the database I have stored this category as "Drum & Bass").
You need to tell mod_rewrite to encode the & that gets grouped in the backreferene using the B flag:
RewriteRule ^([^/]*)(.*)$ /index.php?page=$1&request=$2 [B,L]
The URI gets decoded when it gets sent through the rewrite engine. So the %26 gets decoded to &, the B flag ensures it gets re-encoded as the backreference.
I'm trying to build a really simple php controller page for a small site. Here is what I have so far. It seems to work well. Are there any issues I might be missing with doing it this way?
$page = $_GET['p'];
switch ($page)
{
case "":
ob_start();
include "inc/home.php";
$content = ob_get_contents();
ob_end_clean();
break;
case $page:
$page = str_replace("/", "", $page);
if (file_exists("inc/".$page.".php"))
{
ob_start();
include "inc/".$page.".php";
$content = ob_get_contents();
ob_end_clean();
}
else
include "inc/404.php";
break;
}
include("inc/header.php");
echo $content;
include("inc/footer.php");
UPDATE: Here is the final code based on comments that works well.
<?php
$page = (isset( $_GET['p']) && !empty($_GET['p'])) ? $_GET['p'] : 'home';
if( preg_match( '/[^a-z]/i', $page))
{
$page = '404';
}
if( !file_exists( "inc/".$page.".php"))
{
$page = '404';
}
ob_start();
include("inc/header.php");
include("inc/".$page.".php");
include("inc/footer.php");
?>
Your entire script can be rewritten as follows:
$page = ( isset( $_GET['p']) && !empty( $_GET['p'])) ? $_GET['p'] : 'home';
// Only allow alphabetic characters in a user supplied page
if( preg_match( '/[^a-z]/i', $page))
{
$page = '404';
}
if( !file_exists( "inc/".$page.".php"))
{
$page = '404';
}
include("inc/header.php");
include("inc/".$page.".php");
include("inc/footer.php");
However, this is also no longer susceptible to Local File Inclusion, as $page is restricted to only alphabetic characters, and the script will show the 404 page if anything else is submitted.
It's also more efficient as its not using output buffering.
<?php
// get all files from pages/ with .php extension
$pages = glob('pages/*.php');
foreach ($pages as $page) {
// remove path
$page_clean = str_replace('pages/', '', $page);
// put it in an array
$allowed_pages = array($page_clean);
// determine that the lank will be index.php?page=%
$page = $_GET['page'] . '.php';
// load page
if(in_array($page, $allowed_pages)) {
include('pages/' . $page);
} else {
echo "Page not found.";
}
}
?>
It does include the page I call for but it echoes "Page not found" also. What am I doing wrong here?
One love
The if block shouldn't be in the loop. Also, you're constructing the array incorrectly. Try:
<?php
// get all files from pages/ with .php extension
$pages = glob('pages/*.php');
$allowed_pages = array();
foreach ($pages as $page) {
// remove path
$page_clean = str_replace('pages/', '', $page);
// put it in an array
$allowed_pages[] = $page_clean;
}
// determine that the lank will be index.php?page=%
$page = $_GET['page'] . '.php';
// load page
if(in_array($page, $allowed_pages)) {
include('pages/' . $page);
} else {
echo "Page not found.";
}
You shouldn’t browse the whole directory on every request just to see if a given file exists. Just check if that specific file exists:
if (strpos($page, '..') !== false || strpos($page, '/') !== false) {
// invalid value, but you better use a whitelist than a blacklist like I did
} else {
if (is_file('pages/'.$page.'.php')) {
// file exists
} else {
// file doesn’t exist
}
}
I'd do it like this:
if(!isset($_SESSION['allowed_pages'])) {
$_SESSION['allowed_pages'] = array_map('basename', glob('pages/*.php'));
}
$page = $_GET['page'] . '.php';
if(in_array($page, $_SESSION['allowed_pages'])) {
include("pages/$page");
}else {
echo 'Page not found.';
}
That only loads the list of pages once per session and gets rid of the explicit loop for cleaning up the page names from the glob.