Simple PHP Controller, any issues with this code? - php

I'm trying to build a really simple php controller page for a small site. Here is what I have so far. It seems to work well. Are there any issues I might be missing with doing it this way?
$page = $_GET['p'];
switch ($page)
{
case "":
ob_start();
include "inc/home.php";
$content = ob_get_contents();
ob_end_clean();
break;
case $page:
$page = str_replace("/", "", $page);
if (file_exists("inc/".$page.".php"))
{
ob_start();
include "inc/".$page.".php";
$content = ob_get_contents();
ob_end_clean();
}
else
include "inc/404.php";
break;
}
include("inc/header.php");
echo $content;
include("inc/footer.php");
UPDATE: Here is the final code based on comments that works well.
<?php
$page = (isset( $_GET['p']) && !empty($_GET['p'])) ? $_GET['p'] : 'home';
if( preg_match( '/[^a-z]/i', $page))
{
$page = '404';
}
if( !file_exists( "inc/".$page.".php"))
{
$page = '404';
}
ob_start();
include("inc/header.php");
include("inc/".$page.".php");
include("inc/footer.php");
?>

Your entire script can be rewritten as follows:
$page = ( isset( $_GET['p']) && !empty( $_GET['p'])) ? $_GET['p'] : 'home';
// Only allow alphabetic characters in a user supplied page
if( preg_match( '/[^a-z]/i', $page))
{
$page = '404';
}
if( !file_exists( "inc/".$page.".php"))
{
$page = '404';
}
include("inc/header.php");
include("inc/".$page.".php");
include("inc/footer.php");
However, this is also no longer susceptible to Local File Inclusion, as $page is restricted to only alphabetic characters, and the script will show the 404 page if anything else is submitted.
It's also more efficient as its not using output buffering.

Related

How I can create a PHP breadcrumb with $_GET

In my index.php, I use this method to generate my pages:
<?php
$pages = scandir("views/");
if(isset($_GET["p"]) && !empty($_GET["p"]) && in_array($_GET["p"].".php", $pages))
{
$page = $_GET["p"];
}
else
{
header("Location: ?p=home");
}
ob_start();
include "views/$page.php";
$content = ob_get_clean();
include "views/layout.php";
?>
I would like to create a breadcrumb like this:
How can I do that please? Using what I have in my index.php

Error with if statement to include pages in php

I have a group of pages, and I want to include one of them dependent on a variable in url, but the page is always appear is dashboard
link1 : index.php?pth=&page=dashboard
link2 : index.php?pth=modules/institution&page=inst_classification
if statement :
if (isset($page) && !empty($page)) {
$page = htmlspecialchars($_GET["page"]);
$pth = htmlspecialchars($_GET["pth"]);
}else{
$page ='dashboard';
$pth = '';
}
include ('../admin/template/'.$template_fldr.'/html/'.$pth.$page.'.php');
thanks!
You access $page before you write to it. You also never check for the existance of your pth value. Try:
if (empty($_GET['page']) || empty($_GET['pth'])) {
$page ='dashboard';
$pth = '';
}else{
$page = htmlspecialchars($_GET["page"]);
$pth = htmlspecialchars($_GET["pth"]);
}
include ('../admin/template/'.$template_fldr.'/html/'.$pth.$page.'.php');
You probably also need a / here in your include, if modules/institution/inst_classification.php is the file you are looking for:
include('../admin/template/'.$template_fldr.'/html/'.$pth.'/'.$page.'.php'); - but that is not clear from your question.
if (isset($_GET["page"]) && isset($_GET["pth"])) {
$page = htmlspecialchars($_GET["page"]);
$pth = htmlspecialchars($_GET["pth"]);
} else {
$page = 'dashboard';
$pth = '';
}
include ('../admin/template/'.$template_fldr.'/html/'.$pth.'/'.$page.'.php');

Show content depending on url

Is it possible to determine what to show depending on the URL?
I have an index file which is:
<?php include './includes/header.php'; ?>
<?php include './includes/menu.php'; ?>
<?php include './includes/content.php'; ?>
<?php include './includes/sidebar.php'; ?>
<?php include './includes/footer.php'; ?>
Note: I have different "content.php"'s
Is it possible to do something like:
If Url = url {
show only content for the url
}
and then have case system like
case: home.php
show some
etc
I know Wordpress can do it. Is it possible with PHP and MySQL and HTML?
EDIT: Instead of content.php i would want show the desired HTML code gotten from my db
Use this function to see your current page. Then use the "switch" case for proper include file:
## Get Current Page / Section
function cur_page()
{
$cur_page='';
if(isset($_SERVER['PHP_SELF']) && $_SERVER['PHP_SELF']!='')
{
$temp_var1 = explode('/', $_SERVER['PHP_SELF']);
$cur_page = $temp_var1[count($temp_var1)-1];
}
else if(isset($_SERVER['SCRIPT_NAME']) && $_SERVER['SCRIPT_NAME']!='')
{
$temp_var1 = explode('/', $_SERVER['SCRIPT_NAME']);
$cur_page = $temp_var1[count($temp_var1)-1];
}
else if(isset($_SERVER['REQUEST_URI']) && $_SERVER['REQUEST_URI']!='')
{
$temp_var1 = explode('/', $_SERVER['REQUEST_URI']);
$cur_page = $temp_var1[count($temp_var1)-1];
$temp_var2 = explode('?', $cur_page);
$cur_page = $temp_var2[0];
}
else if(isset($_SERVER['SCRIPT_FILENAME']) && $_SERVER['SCRIPT_FILENAME']!='')
{
$temp_var1 = explode('/', $_SERVER['SCRIPT_FILENAME']);
$cur_page = $temp_var1[count($temp_var1)-1];
}
return $cur_page;
}//end func.....
Querying from database.
I don't recommend MySql, and I hope you learn PDO instead, but just
for this example
function get_me_title($page) {
$query = "SELECT * FROM title WHERE title = $page";
$result = mysql_query($query);
foreach($result as $row) {
return $row[$page];
}
}
Now, you can use function .get_me_title('whatever') to query from database, and echo below
if(isset($_GET['page_id'])) {
$page = $_GET['page_id'];
switch($page) {
case "contact";
echo get_me_title('contact');
break;
case "about";
echo get_me_title('about');
break;
case "portofolio";
echo get_me_title('portofolio')
break;
default:
echo 'you are in home page';
}
}else {echo '404 ERROR! The Page you have requested does not exist';}
Instead of including content.php, you can include needed page.
For example, if You build Your urls, where, for example, $_GET['page'] will refer to needed page, then simply You can do this.
$availablePages = array('default' => 'home', 'about');
if (isset($_GET['page']) && in_array($_GET['page'], $availablePages) {
$page = $_GET['page'] . '.php';
} else {
$page = $availablePages['default'] . '.php';
}
include $page;

Substitute for if(isset($_GET['page'])) and header('Location:'.$url); in PHP for JSP

Please help me convert the following PHP code into JSP
<?php
$url = $_REQUEST['url'];
if(isset($_GET['page']))
{
if( $_GET['page'] == '' )
{
header('Location:'.$url);
}
else
{
$_REQUEST['page'] = $_REQUEST['page'];
header('Location: '.$url.'?page=#'.$_REQUEST['page']);
}
}
?>
I am unable to find substitute for Isset function in PHP and header location tag in PHP used for redirection in JSP
I am not good in JSP ..Any way i tried. Probably this is the thing you want:
<%
String url, page;
url = request.getParameter("url");
page = request.getParameter("page");
if(page)
{
if( page == '' )
{
response.sendRedirect(url);
}
else
{
response.sendRedirect(url + "?page=#"+page));
}
}
%>

How To Overwrite Meta Tags?

I have index.php page with "default" meta tags, with switch function I call e.g. single_page.php and its looks something like www.something.com/?page=single_page.
how can I overwrite meta tags from index page with meta tags from single_page.php
$conlibrary="play/pages/" ;
IF(!isset($_GET['page'])){
$page = 'deafault';
} ELSE {
$page = $_GET['page'];
$findme = '&';
$pos = strpos($page, $findme);
IF ($pos ===true) {
$data = explode("&", $data);
$dest =$conlibrary."/".$data[0].".php";
IF (file_exists($dest)) {
$page = $_GET['page'];
} ELSE {
$page = '404';
}
} ELSE {
$dest =$conlibrary."/".$page.".php";
IF (file_exists($dest)) {
$page = $_GET['page'];
} ELSE {
$page = '404';
}
}
}
include($conlibrary . $page .".php");
If you really need to modify meta tags, and depending on the specific situation, my strategy would be to give the meta tags ID attributes and then make the alterations using Javascript, as in this gist.
It doesn't work so well if the alterations need to be made before the page is sent to the browser; as PHP is not a primary language, my amateur instinct would be to simply use string variables for the "default" meta tags (rewriting the code if required) so that the included file could modify those strings as necessary.

Categories