folders?

jwilson122

Hey, I'm trying to build up a simple framework for my projects, and need a little help!
How can I find folders using PHP? I have one file called global.php which will include a folder called "plugins". Inside "plugins" will be all the actual site files. I do not want a index.php?page=pluginfilehere... I want strictly say.. example.com/site/index.php. So inside plugins folder, I will have another folder called site, which inside that will be the .php files for it. But, keep in mind, I will not just have a folder called site in the plugins.. It could be called account, or user whatever I am building!

Thanks in advance.

Justin

Bonesnap

If I am understanding this correctly, you have a folder named global.php? Is that correct?

jwilson122

Bonesnap;10967113 wrote:
If I am understanding this correctly, you have a folder named global.php? Is that correct?

No No No! haha, OK. Lol.. I'm building a framework. How can I make a plugins system? I need to have a plugins folder, which inside that will have multiple folders where my files will be stored. Simple as that if you understand what I'm saying lol. So when someone accesses say.. example.com/account/edit.php
the account folder will be inside my PLUGINS directory. Understand what I'm saying?

cretaceous

use mod_rewrite so that urls can take your chosen format...
and then be mapped onto your chosen directory structure

jwilson122

cretaceous;10967193 wrote:
use mod_rewrite so that urls can take your chosen format...
and then be mapped onto your chosen directory structure

Yeah actually did that, with backend URLS: pluginLoader.php?folder=bla&page=bla
Any special securities I should implent into it? I've done preg_match to make sure its letters only, so that they cant put like: ../ to navigate through my folders 😉 Then I used file_exists to make sure the file is valid!

Thanks.

cretaceous

seems ok what you have done..
it's really no different from using a standard page addess and query string.
You still need to make sure what gets fed ino the php is safe, so you should "mysql_real_escape_string" data, once it's in the PHP

jwilson122

cretaceous;10967200 wrote:
seems ok what you have done..
it's really no different from using a standard page addess and query string.
You still need to make sure what gets fed ino the php is safe, so you should "mysql_real_escape_string" data, once it's in the PHP

Ohh, yeah I defiantly have a secure function created 🙂 Check it out:

function secure($value)
{
   $value = trim($value);
   if(get_magic_quotes_gpc())
   {
   $value = stripslashes($value);
   }
   if(function_exists('mysql_real_escape_string'))
   {
   $value = mysql_real_escape_string($value);
   }
   else
   {
   $value = addslashes($value);
   }
   return $value;
}

Does that look good enough? Am I missing anything in it?

jgetner

function secure($value)
{
$value = trim($value);
if(get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
if(function_exists('mysql_real_escape_string'))
{
$value = mysql_real_escape_string($value);
}
else
{
$value = addslashes($value);
}
return $value;
}

this is not a proper security function and if you want to build a simple framework start looking into design patterns such as "frontcontrollers" , "app controllers", "registery" , "bootstrapping" , "routing( for url parsing!)" , autoloading as framework's require alot of files to work toghther to make a big picture make it easy to load them".

i currently am working on advanced php 5.3 framework that brings alot of new things to the table.... and all in all uncomplicated.....