A php script that writes another php script

SpecialFX

I need to make something like on "myspace" where users can define their own url like www.example.com/myurl. I know how to make the directory and all but inside it, it needs to have a "index.php" that just has a header location it in to redirect them to their profile. So How could I have the script where they define their URL have it implement a index.php file to redirect, due to the fact that they have different profile links?

etully

Creating directories and files on the fly is dangerous and unnecessary. You can use mod_rewrite so that even though the URL is http://www.example.com/myurl, Apache is really pulling up: http://www.example.com/index.php?user=myurl

That way, you can make a single index.php that works for everyone and it retrieves that particular user's page from a database. It's much safer, much easier, and is much more scaleable than making directories and files for everyone.

apparition668

A cheat I've found on this is to set up a custom 404 page, parse everything after the www.domainname.com and then redirect to the index page as appropriate...

so, www.domainname.com/bob/page1.html would go to:

www.domainname.com/index.php?user=bob&page=page1

the index page would then do a SQL query to display the content associated with bob, that has a page name of page1.

And, in the 404, if the URL doesn't parse out to a user / page, then display the standard 404 error.

mod_rewrite is a better option, but your hosting company may not allow you to implement it...

etully

mod_rewrite is a better option, but your hosting company may not allow you to implement it...
This is about the 3rd time in a week I've seen a reference to using a inferrior technique because of limitations imposed by the hosting company. Sure, I understand that sometimes you have to compromise... but for the most part, if your hosting company won't let you use things like SSH, mod_rewrite, or Cron... then man, it's time to switch.

maxxd

I don't mean to be thick, but what is mod_rewrite? I just looked it up on the PHP site and didn't get any results. I created a site a while ago that creates directories on the fly and haven't had a problem with it - I just made sure that no non-alphanumeric characters or spaces were in the directory name at the time of creation. In what ways is this dangerous?

Thanks in advance for any advice/explanations!

etully

It's dangerous because, as you said, people could insert characters that you didn't intend. It sounds like you probably have that covered. It's also dangerous because someone could automate the creation of accounts and create more than your operating system can handle. That can make backing up difficult.

Moreover, it's just wrong. I know there are people who will tell me I'm wrong for saying, "It's just wrong", but so be it. It's just wrong. You are allowing the users to dictate your directory structure - and maybe that's OK if you have no other way to do it - but you do have a much more elegant and lightweight way to do it. Even the 404 trick that was mentioned is more elegant.

Search Google for mod_rewrite. All you have to do is create a text file called .htaccess in your root directory. When someone requests http://www.yourdomain.com/foobar, before Apache looks for that directory (foobar) it will check to see if there is a mod_rewrite instruction. If there is, it will change the URL to whatever you want. So it will convert:

http://www.yourdomain.com/ (WHATEVER)
to:
http://www.yourdomain.com/index.php?user= (Hey Apache, Insert WHATEVER right here)

Even better, you can tell your users that their personal site is:
http:// (WHATEVER) .yourdomain.com
and you use mod_rewrite to convert that to
http://www.yourdomain.com/index.php?user= (WHATEVER)

Yes, it will take you an hour to figure it out your first time. But you'll have the satisfaction of knowing that you're not letting users stuff four gazillion new domains in your directory AND you'll have a new skill that you can use when your boss (or client) gives you this project:

Hey Maxxd. We have 4,000 links on our web site that look like this:
http://www.super-duper.com/search.php?product=75
and we just found out that the search engines aren't following them (or the search engines are scoring them low). We want you to create 4,000 HTML files like this instead:
http://www.super-duper.com/product75.html
because Google prefers to see HTML extensions over PHP extensions.

With mod_rewrite, you can change the links on the web site but you won't have to build (OR MAINTAIN!!) 4000 HTML pages. You can tell mod_rewrite to convert any URL in this form:
http://www.super-duper.com/product ### .html
to this:
http://www.super-duper.com/search.php?product= ###

So the search engines see the links to http://www.super-duper.com/product75.html and they follow them and there is content there. They don't know (or care) that you are altering the URL or building the page on the fly from a database. It's like walking into a store and saying, "Hi, can I have the shirt that's in window #45" and the clerk knows that they really need to go to the storeroom (not the display window) and get the shirt in BIN #45.

That's just one example. Another good example is letting users think that they've created their own folder in your directory when, in fact, you have ONE simple PHP file that builds their page on the fly from a tightly maintained database.

maxxd

ahh... makes sense to me - thanks for the info. Time to hit Google!

madwormer2

Don't hit Google... it didn't do anything wrong... why so much violence?

etully

Don't hit Google...

Quite the opposite. Merely hitting Google isn't enough. Give it a ferocious attack. A savage beating, even.