quote:
Originally posted by Eddie
Yeah the method i used to use followed the logic from your first page, but instead of having seperate variable things like you have, you had all your page names.
So for example, we used to use a random format, for our old site we used .hz. So in the php code we would have it realising the format name, posting it like any other include but only reading the page names from 'test', 'test1', 'test2' which it would realise are test.hz, test1.hz and test2.hz, and it would show as index.php?p=test or index.php?p=test1
Your original post does this, but in a way that is slightly different and not completely how i wanted.
Ah! Very interesting, although it's not 100% secure it would stop a lot of potential malicious users... A simple way to do this would be to get the page variable, then add the extension on and include this, which in code form would be:
php code:
$extension = ".hz";
$llama = "$_GET['page']"."$extension";
include ($llama);
Line by line, this defines your extension, then retreives your page variable and attaches the extension to the end and includes the page that this is called. You could probably do with checking the file exists using file_exists to prevent any messy error pages, which could easily be done by shoving it into an if statement and having the error include in the else bracket:
php code:
$extension = ".hz";
$llama = "$_GET['page']"."$extension";
if(file_exists($llama) == TRUE){
include ($llama);
}
elseif(file_exists($llama) == FALSE){
include("error.php")
}
This would mean a link to include page1.hz would look like this btw:
html code:
<a href="?page=page1">page one</a>
NB:Edited link, it stated it should be "page1" when it should be "?page=page1", sorry!
SIDE NOTE:
To increase security, might be worth incresing the size of the random extension and throwing a few numbers in there, this way it can't be stumbled upon as easily =)
FURTHERMORE:
If you wanted to keep all of your includes in a seperate folder or altogether seperate directory, you could assign a variable called $dir and then set this to be your include folder directory and attach it to $llama in the same way... ie, it becomes
php code:
$dir = "./some/file/dir"; //extra line to define dir
$llama = "$dir"."$GET_['page']"."$extension"; //new $llama line
FURTHERMORE SIDE NOTE:
You could also have different subfolders and a seperate GET variable if you REALLY wanted... So lets take that example. Imagine you had a database of users all stored in nice text files. Each user has their own folder in the dir ./data/users/ so a user with username methos would have a folder directory ./data/users/methos/ with all their user data in. Say we had a profile page that we wanted to include, and it was stored within the users data folder, we'd have two GET variables: user and page, and we could use the following code to find the correct profile:
php code:
$extension = ".hz"; //sets the extension variable
//this two line section defines the two variables included in the URL, you don't have to do this - you could just substitue the variables in the $llama variable for the values defined here, but this way it shows it nice and clearly and allows for explanation and comments...
$username = $_GET['user'];
$page = $_GET['page'];
//the directory that the username folders will be in
$dir = "./data/users/";
//defines the path of the file to include in the following format: directory-user-folders-are-in/user-folder-name/page-to-include.extension
$llama = "$dir"."$username"."$page"."$extension";
//checks whether this file exists, if it does include it, if it doesnt include the page error.php
if(file_exists($llama) == TRUE){
include ($llama);
}
elseif(file_exists($llama) == FALSE){
include("error.php")
}
Which for the url (or link to the url of) "http://www.bbq.com/index.php?user=methos&page=profile" would have the page index.php and it would include the file ./data/users/methos/profile.hz
Hope all this helps
MASS EDIT: I've changed a couple of explanations, corrected some spelling errors and added some php comments to specifically explain coding =)
/ 
