11 replies to this topic

[RustyNail]

I tried to put a php navigation system on my site but it just isn't working. Everything that is in index.php is showing up but the part that I am trying to include does not show up at all. I have been working for hours to solve this problem and I have gotten nothing done.
Then page is http://www.fuzzphobi.../test/index.php if you want to check my coding. I haven't put up all of the pages yet since I'm still trying to test it on the defualt page. The defualt page is home.php. I've checked everything that I know of but I am still really knew to PHP so I'm not getting anywhere on this it would seem.

[Chaos King]

Please post your include code.

Thats a start.

[Sicloan]

Checking your source i noticed that you have:

<>
$HTTP_GET_VARS[p])
{
//Default - case
case 'home':
default:
include ('home.php');
break;//Archives - case
case 'archives':
include 'archives.php';
break;//Cartoons - case
case 'cartoons':
include 'cartoons.php';
break;//Games - case
case 'games':
include 'games.php';
break;//Graphics - case
case 'graphics':
include 'graphics.php';
break;//Web Design - case
case 'webdesign':
include 'webdesign.php';
break;//Tutorials - case
case 'tutorials':
include 'tutorials.php';
break;//School - case
case 'school':
include 'school.php';
break;
}
?>

try doing this:

//grabs the id extension...
$p = $_GET['id'];
// begin switch
switch ($p)
{
	case 'archives':
		include 'archives.php';
	break;
	case 'cartoons':
		include 'cartoons.php';
	break;
	case 'games':
		include 'games.php';
	break;
	case 'graphics':
		include 'graphics.php';
	break;
	case 'webdesign':
		include 'webdesign.php';
	break;
	case 'tutorials':
		include 'tutorials.php';
	break;
	case 'school':
		include 'school.php';
	break;
	default:
		include('home.php');
}

[RustyNail]

worked like a charm
Thanks a bunch

[Av-]

how te heck did you manage to look into his source code?

[Sicloan]

He was kind enough to include it into his document between some html comments. I dont think he meant to give away his source like that, but he did put it there for some reason, which made it easy for me to help him.

[liveman]

to much code!! AHH lol, an eaiser way is

<?PHP
// change $id to w.e you want the variable to be 
 if (empty($id) || !file_exists('/' . $id . '.php'))
 {
  include 'news.php';
 }
else
 {
 include '/' . $id . '.php';
}
?>

I think I posted that somewere else too

[Sicloan]

That would be good, except if you had other files you wanted to include. such as tutorial.php?page=3 or something similar. OR if you just wanted to include and html file.

Plus, you could create some issues, and possibly a threat by allowing ALL $id pages to be included.

Going with your route as well though, you could use an array of acceptable file names and check to see if the file is in the array before you included the file. That way you could also serve a 404 page.

[liveman]

Quote

That would be good, except if you had other files you wanted to include. such as tutorial.php?page=3 or something similar. OR if you just wanted to include and html file.

Yeah you can it would be

index.php?id=tutorials&page=3 and about the .html, just save all files into .php it dont matter if they have and php code. also you can do
index.php?id=scripts/tutorials&page=3 would go to the scripts directory

[rc69]

Liveman, id's would need to be a bit longer then that for 1 simple reason.
include '/'.$_GET['id'].'.php';
Would include any thing from the root directory. To include from the proper directory you would need to do:

include $_SERVER['DOCUMENT_ROOT'].'/'.$_GET['id'].'.php';

But then any newbi hacker could still mess things up by running a link like:
index.php?id=../../secret_file
assuming secret_file is a .php file.

But either way, Rusty's problem is solved, and he has no further questions. So even though he's using a bunch of secure code, i believe topic is solved.

[HaloprO]

That presents a big security problems, never give the user the ability to include what they want.
Use something like

<?php
$allowed = array('index', 'tutorials', contact', 'more', 'files');
if (in_array($_GET['id'])) {
include($_GET['id'] . '.php');
}
?>

Edited by HaloprO, 25 November 2005 - 05:33 PM.

[rc69]

Original question has been answered we are re-solving this thread, if you have any further questions please start a new topic.