Announcement

Collapse
No announcement yet.

Script help

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    um.. this is what i came up with.. and in a lot fewer lines of code too.

    PHP Code:
    <?php

    //your extension
    $ext ".php";

    switch (
    $page) {
    //Content Pages
    case $page:
    $page $page $ext;
    if (
    file_exists("$page")) {
    include(
    "$page");
    } else {
    include(
    "default.php"); }
    break; }
    ?>
    just put the files with the extension you specify in the same directory as this script and it should run fine

    Comment


    • #17
      that method isnt very secure

      Comment


      • #18
        Ok well I need some more help because the way I'm doing it is not working.

        PHP Code:
        <?php 

        switch($nav

        case 
        "about":
        include (
        'about.txt');
        break;

        case 
        "forums":
        include (
        'forums.txt');
        break;

        case 
        "contact":
        include (
        'contact.html');
        break;

        case 
        "staff":
        include (
        'staff.txt');
        break;

        case 
        "links":
        include (
        'links.txt');
        break;

        case 
        "downloads"
        include (
        'downloads.txt'); 
        break; 

        case 
        "projects":
        include (
        'projects.txt');
        break;

        default: 
        include (
        'news.txt'); 


        ?>
        there is the script and it is currently running on www.surrix.net at this very moment but I have not included all the .txt files just yet but anyways when I click on the contact and forums link and you can test this out yourself on the site it gives me the default news.txt instead of the contact.html page I want it to give me anyone have solutions. Btw the reason default is news.txt is because I'm using a cgi news script that posts the news in news.txt so that is how I have the news included in my main page.
        Surrix.net: Computer help forums/articles

        The person in my avatar is Elisha Cuthbert she plays on Fox's 24

        Comment


        • #19
          ur links are wrong, it's not index.php?page=____, it should be index.php?nav=____

          Comment


          • #20
            PHP Code:
            <?

            $page 
            = (isset($_GET['page']) ? $_GET['page'] : '');

            if (
            $page == '') {
                die(
            'The link was screwed up...');
            }


            $filename $page ".txt";
            if (!
            file_exists($filename)) {
                die(
            "File doesn't exist: $filename");
            }

            include(
            $filename);

            ?>
            It's shorter, it's safer

            Comment


            • #21
              Originally posted by megahard
              that method isnt very secure
              how is it NOT secure?

              Comment


              • #22
                script.php?page=../../some_other_thing_that_you_shouldnt_have_access_to

                Comment


                • #23
                  My method's the best!

                  Comment


                  • #24
                    Originally posted by Dan615
                    PHP Code:
                    <?

                    $page 
                    = (isset($_GET['page']) ? $_GET['page'] : '');


                    $filename $page ".txt";
                    if (!
                    file_exists($filename) && $page != ''") {
                        include("
                    index.html");
                    }

                    include(
                    $filename);

                    ?>
                    wouldnt that be a better solution.

                    Comment


                    • #25
                      Originally posted by Goldfinger


                      wouldnt that be a better solution.
                      no, u shud verify EVERYTHING that a user gives you, and the best way to verify it is with either 1) an array or 2) a switch


                      an array will let u use shorter aliases and will be secure.

                      Comment


                      • #26
                        Originally posted by Dan615
                        My method's the best!
                        ur method is identical to the other one except u let it work on register_globals off.

                        Your method would only work on newer version of PHP also.

                        It isnt secure either as it doesnt validate what the user is sending

                        Comment


                        • #27
                          PHP Code:
                          <?

                          $page 
                          = (isset($_GET['page']) ? $_GET['page'] : '');

                          if (
                          $page == '') {
                              die(
                          'The link was screwed up...');
                          }

                          $page str_replace('/'''$page); // if they tried to throw in some directory names, take em out...

                          $filename "./includes/" $page ".txt";
                          if (!
                          file_exists($filename)) {
                              die(
                          "File doesn't exist: $filename");
                          }

                          include(
                          $filename);

                          ?>
                          There, that only lets them include txt files in the includes directory...

                          Comment


                          • #28
                            Well my way I have already typed and it works just fine and it looks good instead of the crazy mixed up crap.
                            Surrix.net: Computer help forums/articles

                            The person in my avatar is Elisha Cuthbert she plays on Fox's 24

                            Comment


                            • #29
                              Try some nice simple code

                              PHP Code:
                              if (empty($_REQUEST['page']) or strstr($_REQUEST['page'], '..') or !file_exists('./' $_REQUEST['page'] . '.txt')) {
                                  include(
                              './news.txt');
                              } else {
                                  include(
                              './' $_REQUEST['page'] . '.txt');

                              or for all you people wanting to make it as small as possible here it is on one line

                              PHP Code:
                              ((empty($_REQUEST['page']) or strstr($_REQUEST['page'], '..') or !file_exists('./' $_REQUEST['page'] . '.txt')) ? include('./news.txt') : include('./' $_REQUEST['page'] . '.txt') ) 
                              so its just index.php?page=blah
                              Scott MacVicar

                              My Blog | Twitter

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X