Hello, general help please!

Teach

Hello there.
How wonderful to see these forums! I really hope you'll be able to help me please.

Basically, what I'm trying to achieve is the following.

The below code is my "contact.php" which is loaded via page.php (hence the stuff at the top), so it's actually page.php?p=contact.
I have the staff information in /home/LAN/public_html/staffinfo/ which is 1.html through to 11.html.
Basically, I want it so that if say, page.php?p=contact&id=4 is loaded, 4.html will loaded. I have an old way of doing this that works, but I believe what i'm trying is more secure. I also want it so that only files from within that directory can be loaded.

Here's what I've so far, it doesn't work but I'm hoping you guys will easily see what i've done wrong and what I need to do, I am pretty new so my apologies.

The NON working code:

<?php
 if (!strpos($_SERVER['PHP_SELF'], "page.php")) {
     die ("Sorry, You cannot access this file directly...");
 }

 $index = 0;
 include("header.php");

$allowed = array('1' => '1.html','2' => '2.html','3' => '3.html','4' => '4.html','5' => '5.html','6' => '6.html','7' => '7.html','8' => '8.html','9' => '9.html','10' => '10.html','11' => '11.html');
if (empty($_GET['id'])) {
    include $allowed['/home/LAN/public_html/staffinfo/1.html'];
} else {
  if (in_array($_GET['id'], $allowed)) {
      include('/home/LAN/public_html/staffinfo/' . $allowed[$_GET['id']]);
  } else {
    echo 'Sorry, that staff ID does not exist.  Please try again.';
         exit;
    }
}
?>

<div align="center">
The staff list here.
<br /></div>

<?php
 include("footer.php");
 ?>

My old way of doing this:

<?php
 if (!strpos($_SERVER['PHP_SELF'], "page.php")) {
     die ("Sorry, You cannot access this file directly...");
 }

 $index = 0;
 include("header.php");

if (is_numeric($_GET['id'])) {

$id = $_GET['id'];

$info = "/home/LAN/public_html/staffinfo/$id.html";

if (file_exists($info)) {
include ($info);
} else {
echo "Sorry, that staff ID does not exist.  Please try again.";
}

}
else {
 ?>

<div align="center">
The staff list here.
<br /></div>

<?php
}
 include("footer.php");
 ?>

Thank you very much in advance. 🙂

AstroTeg

I think you left off the ".html" for this line:

include('/home/LAN/public_html/staffinfo/' . $allowed[$_GET['id']]);

Teach

Ahh, thanks.
Like:

include('/home/LAN/public_html/staffinfo/'_._$allowed.html[$_GET['id']]);

Or am I doing that wrong? :S sorry.

AstroTeg

Nope, thats not going to work...

You want it to load "1.html", right?

If so, you have the code to fetch the number 1 (or whatever number it is), but you don't have any code to include the ".html" at the END of the number.

Teach

AstroTeg thanks, sorry to be a pain, I am new .. :S

Yes, I want it that whatever ID is given, between that 1 -> 11 will load the appropriate .html file, what would I need to change to make that work, and in your opinion is this new way I'm trying to get this to work better than the old way I've done it?

Thanks again.

AstroTeg

Oops oops oops - MY BAD...

This line is fine the way you have it:

include('/home/LAN/public_html/staffinfo/' . $allowed[$_GET['id']]);

Visually, I some how missed that $allowed[] was an array with the full file name. Ok, you're cool.

Ok, I'm not sure why your code isn't work.

Teach

Thanks.
Well, The error I'm getting now I test it is about line 11:

Warning: main(): Failed opening '' for inclusion (include_path='.:/usr/local/lib/php') in /home/LAN/public_html/contact.php on line 11

include $allowed['/home/LAN/public_html/staffinfo/1.html'];

Also, whatever ID i give, i.e. page.php?p=contact&id=4 just brings that error Sorry, that staff ID does not exist. Please try again. and doesn't load it.

😕

AstroTeg

I think you're going to need parenthesis around the include statement:

include ($allowed['/home/LAN/public_html/staffinfo/1.html']);

Teach

still the same unfortunately. :o

AstroTeg

Actually, you need to do this:

include('/home/LAN/public_html/staffinfo/1.html');

and have that $allowed removed from the picture.

Teach

Hey AstroTeg,
we're getting somewhere now!!!

Some probs though, it loads 1.html instantly i need it that whenever "id=x" is loaded it will load the appropriate .html file, when i'm adding page.php?p=contact&id=4 it's just still bringing up that error and not loading the info.

😕 now - i bet you are too!!!

AstroTeg

$info = "/home/LAN/public_html/staffinfo/$id.html";

$id does not equal anything right here. Print out your strings and it will be more obvious where the problems are at. You'll need to use $_GET['id'] in place of $id.

Teach

Hmm I thought I made an absolute ballsup at this, my apologies 🙁

Is that old one that bad? I think maybe this new one is a bit too advanced...

Teach

😕 whatever im doing i'm just making it worse!!! 😕
Can anyone spot what's wrong? If so it'd be much appreciated, it's making me go boggle-eyed now! hehehe.

AstroTeg

When you print your problem strings out, what are you getting?

Teach

How would I print them out? sorry?

AstroTeg

you can use echo or print.

echo $string;
print $string;

Teach

Hi again, thanks.

id returns nothing.
allowed returns "Array"