I am creating a booking engine . Same code will be used on two different domain BUT there should be an identifier to tell which domain will be using which code . Say in database I Identify AAA.COM should use code instance A and BBB.COM should use code instance B .
Both the domains are on same server .
Can anyone suggest how do I do that via apache or any tips to accomplish which I am looking for .
Well, php does have access to the HOST header being part of the request. Just use $_SERVER['SERVER_NAME'] or $_SERVER['HTTP_HOST']. Check the documentation for the difference: http://php.net/manual/en/reserved.variables.server.php
Using that you can create a condition inside your php scripts:
<?php
// ...
switch ($_SERVER['SERVER_NAME']) {
case 'aaa.com':
// use database A
break;
case 'bbb.com':
// use database B
break;
default:
throw new Exception('undefined host at runtime');
}
// ...
Related
I currently have this setup
<?php
$nav = filter_input(INPUT_GET, 'nav', FILTER_SANITIZE_STRING);
$Working_On = true;
//$Working_On = false;
if ($Working_On == true) {
$title = '- Under Construction';
$error_msg = "Website Under Construction.";
include('404.php');
exit;
} else {
switch ($nav) {
case "":
include('main.php');
break;
default:
$title = '- 404 Page Not Found';
include('404.php');
break;
}
}
I'd love to know if there is a better way more efficent way of orginising this type of setup so i can easily add more options ?
While accessing a page with
example.com/?nav=examplepage
is a valid approach (that I also used in past projects), today's standard is to use something like
example.com/examplepage
This creates URLs that are easier to understand by humans and more semantic than query parameters. Doing so will also prevent you from running into possible caching issues with URLs defined by query parameters.
It also brings you the benefit of including even more information in the URL without the need for query parameters, for example
example.com/posts/view/20
Such URLs are usually parsed by a "Router". There are many reference and open source implementations for PHP routing on the web, just search for "PHP Router", take a look and decide what best fits your needs.
Side note:
use type-safe checks, aka === instead of == to save you a lot of headache and follow security best practices; if you're still at the beginning of your project, you might want to take a look at https://phptherightway.com/
you exit() if the site is on maintenance. In that case you don't need to put the switch statement inside else{}, you can just put it after the if clause
I am somewhat a newby at PHP ... so what im trying to do is to get the the page using the following code
<?php include $_GET['topic']; ?>
to get the url like this http://ulixtxteditor.org/entities/helpCentre?topic=credits
that much works great for me however if no page is found i would like to use the else statement to display an error instead of a blank page. What should I do? ex: http://ulixtxteditor.org/entities/helpCentre?topic= so this part would display an error?
<?php if(isset){include $_GET['topic'];} else {echo "error"} ?>
I tried this but it wont work.
Use something like this:
<?php
// In case topic parameter wasn't provided you will have fallback.
$topic = isset($_GET['topic']) ? $_GET['topic'] : '';
// Now you can check topic and have valid file name.
switch ($topic) {
case 'credits':
$fileName = 'credits.php';
break;
default:
$fileName = 'index.php';
break;
}
// Now it is possible safely include file.
include __DIR__ . DIRECTORY_SEPARATOR . $fileName;
Using $_GET['topic'] directly in include or require construction is unsafe because you vulnerable to "Directory traversal attack". Moreover you always must validate input parameters with purpose avoid include in php script css files etc...
<?php include $_GET['topic']; ?>
Don't do that. It creates a massive and easily-exploited security vulnerability.
For example:
?topic=index.php -- creates an infinite loop
?topic=/etc/passwd -- displays sensitive data from the server
?topic=/proc/self/environ -- executes code from the process environment. This will frequently include user-controlled data like the values of HTTP headers, allowing for remote code execution.
Your site will be exploited if you implement this. There are numerous bots which scan public web sites for this vulnerability, many of which will attempt to exploit it automatically upon detection.
If you want to include a file based on the value of a GET variable, use switch($_GET['topic') to define the acceptable values of that variable. This will also allow you to implement error handling as a default: clause.
This is a fairly common way of implementing a simple junction box/router. Use a switch statement.
$topic = isset($_GET['topic']) ? $_GET['topic'] : '';
switch ($page) {
case 'credit':
case 'otherpage':
case 'otherpage2':
require_once(dirname(__FILE__) . '/' . $page . '.php');
break;
default
require_once(dirname(__FILE__) . '/' . 'default.php');
}
You whitelist your pages/topics by adding a case statement at the top for each, and anything that doesn't match or have a page is processed by loading the default page.
In this example, I assume all the topic pages are in the same directory as this script (typically named index.php).
I am doing a php portal.
i did an announcement section where user can post message and attach a file.
so in this situation, a user has uploaded one and at the page, there will be a hyperlink for the attachment. if i hover on it, i can see this "192.168.0.100/Announcement/file.pdf"
so logically if im in the internal network and click on that it would not be a problem as it can get the file from that ip.
next situation is i have forwarded the server ip so that public can access from outside. now i'm as a user accessing from outside.
so if i were to go to the announcement location and hover on it again it will show the same link "192.168.0.100/Announcement/file.pdf". I will definitely wont be able to open it as that ip is internal.
so i am thinking how can i make it when i'm internal, the ip is the internal one and when im outside,the ip link would be the public?
i got this snippet from a ex colleague but i dont really know what the code does. Can someone help me explain this? i tried searching this thing i want to do on the net,but i dont have a proper keyword for it.
below is the snippet:
<?php
//filename constant.php
define('SERVERIP',((preg_match("/^192\.168/i",$_SERVER['REMOTE_ADDR']))?'192.168.0.100':'175.136.xxx.xxx'),true);
?>
And below is part of the code in the page for the announcement and attachment:
include('_include/constant.php');
$dir = "C:/Inetpub/wwwroot/Announcement/";
$http = sprintf('http://%s/Announcement/',SERVERIP);
print '<td class="middle '.$CLASS.'" align="left" height="20">'.''.$filename .'</td>';
Can any php pros here help me to understand whats happening so that next time i know what i'am actually implementing?
You do not need to implement any of this... you need to change how you are referencing the URLs and everything else will fall into place. For example, this will show http://192.168.0.100/ when you are on the LAN in your company. When you access this website from the outside, it will show the IP address or domain name you are accessing from outside.
You should be using...
something PDF
as opposed to:
<a href="http://192.168.0.100/something.pdf>something PDF</a>
which is what it seems like you're doing.
What you have is a ternary operation, the results of which are being assigned to the constant SERVERIP. It is using a regex to match against the $_SERVER['REMOTE_ADDR'], if it begins with 192.168, then it gets the 192.168 value, otherwise it gets the 175.136 value. And for some reason it is passing true to enforce a case insensitive search.
You can read more on define within the PHP docs.
Lighter example of ternary op:
$overlyComplex = true;
$thatDudesCodeSucks = (true === $overlyComplex) ? 'yes' : 'no';
// Shorthand for
if (true === $overlyComplex) {
$thatDudesCodeSucks = 'yes';
} else {
$thatDudesCodeSucks = 'no';
}
var_dump($thatDudesCodeSucks); // echos yes
The code below ensures that when a user accesses control panel, they are ran through a quick verification process to validate what their entities are. For instance, if a user is level 1 they are only given access to video feed which means nothing else is available to them.
When I look at the code though, I can see video feed being called when case 1 and 3 are called. I would possibly enjoy an alternative to make the code more efficient.
I was told a possible array could make things a little easier but then again this is faster.
switch ($_SESSION['permission']) {
case 1: // Level 1: Video Feed
include ("include/panels/videofeed.index.php");
break;
case 2: // Level 2: Announcements / Courses / Teachers
include ("include/panels/announcements.index.php");
include ("include/panels/courses.index.php");
include ("include/panels/teachers.index.php");
break;
case 3: // Level 3: Announcements / Video Feed / Courses / Teachers / Accounts / Logs
include ("include/panels/announcements.index.php");
include ("include/panels/videofeed.index.php");
include ("include/panels/courses.index.php");
include ("include/panels/teachers.index.php");
include ("include/panels/accounts.index.php");
include ("include/panels/log.index.php");
break;
case 4: // Level 4: Teachers
include ("include/panels/teachers.index.php");
}
It's fine the way it is. I think you don't mean "efficiency" when you refer to the "repeated" includes. You mean you could compact your code by using the switch fall-through.
While this might make your code smaller, it has no significant impact of efficiency (the time the script takes to run) and it will actually make the code harder to read. Leave it be.
Frist you may run better if you use require_once if its possible.
The second point is to shorten the url it seems that its every include the same.
Maybe try to use it in a function for example:
$permission_id = $_SESSION['permission']
function requireModule($moduleName, $path = 'include/panels/') {
$moduleName .= '.index.php';
require_once($path . $moduleName);
}
// if you want you can add an arry for it:
$permissionModules = array(
array('videofeed'),
array('announcements', 'courses', 'teachers'),
array('announcements', 'courses', 'teachers', 'accounts', 'log', 'videofeed'),
array('teachers')
);
// now we can put it in a more effectiv way
if(array_key_exists($permission_id, $permissionModules)) {
foreach($permissionModules[$permission_id] as $includes) {
requireModule($includes);
}
}
Wrong ? Correct me!
I want to control the access in php website.
I have a solution right now with switch case.
<?php
$obj = $_GET['obj'];
switch ($obj)
{
case a:
include ('a.php');
break;
default:
include ('f.php');
}
?>
But when i have so many pages, it becomes difficult to manage them. Do you have better solutions?
Right now, i develop the application using php4. And i want to use php5. Do you have any suggestions when i develop it using php5?
Thanks
$obj = $_GET['obj'];
$validArray = array('a','b','c','d','e');
if (in_array($obj,$validArray)) {
include ($obj.'.php');
} else {
include ('f.php');
}
The more pages you have the harder it will be to control this.
Your best off using a framework of some sort, my personal preference is CodeIgniter.
why not just address a page itself?
first page
another page
I am not saying that this is the best solution, but years ago I used to have a website which used a database to manage the key, the page to be included, and some informations like additional css for instance.
So the code was something like:
<?php
$page = htmlspecialchars($_GET['page']);
$stuffs = $db->query('select include,css from pages where pageid = "' . $page . '" LIMIT 1');
?>
So when we needed to add a page, we just created a new field in the database. That let us close a part of the website too: we could have a "available = {0,1}" field, and if zero, display a static page saying that this page was under maintenance.