FRIHOSTFORUMSFAQTOSBLOGSDIRECTORY
You are invited to Log in or Register a Frihost Account!

Simple PHP Navigation

   Frihost Forum Index -> Scripting -> Php and MySQL
 


yule
Hello all,

In this tutorial you will be able to make a simple PHP navigation system that is easy to setup and requires no editing afterwards.

Steps:
1. Open index.php on your website, if it isnt .php change it.
2. Place in the following code:
Code:

<?php
$id = @$_GET['id'];
if ($id == "" or $id == "index") {
   include("default.php"); // Default page
} else {
   include($id.".php");
}
?>


3. Then make your pages, however they must all end in .php, also leave out your website template from all the pags except index.php because they will just be automaticaly included into the page. You will also access your pages by going: index.php?id=some_page

Then your done! Very Happy
snowboardalliance
what if someone used this and they typed in something like

http://yoursite.com/index.php?id=http://mysite.com/hacking/bad

You should also check for external $id's before including it.

Still, good basic info.
Ranfaroth
yule wrote:
include($id.".php");
As said previously : wrong !
This is very danregous.
One simple rule everyone should respect is : no dynamic includes. (That is to say, no variables passed to the include function)
charliehk
Why dangerous? Could anyone give an example?
snowboardalliance
charliehk wrote:
Why dangerous? Could anyone give an example?


Let me repeat, someone could put ANYTHING in there and it would add .php to the end. So if they have a site with a file that can do something bad, they just put it inthe URL and thier page is included. Now this might not always work, but if someone from the same host would do it (like home/username/public_html/hacking_file) they could also load something bad.
mathiaus
This is a safer way that I use (slightly modified) Smile

Code:
<?php
$id=$_GET['id'];
if (!empty($id)) {
$page = "/home/cpanelusername/public_html/" .$id. ".php";
if(file_exists("$page")){
include("$page");
}
else {
include("/home/cpanelusername/public_html/error.php");
}
}
else {
include("/home/cpanelusername/public_html/welcome.php");
} ?>
snowboardalliance
mathiaus wrote:
This is a safer way that I use (slightly modified) Smile

Code:
<?php
$id=$_GET['id'];
if (!empty($id)) {
$page = "/home/cpanelusername/public_html/" .$id. ".php";
if(file_exists("$page")){
include("$page");
}
else {
include("/home/cpanelusername/public_html/error.php");
}
}
else {
include("/home/cpanelusername/public_html/welcome.php");
} ?>


Almost perfect, but it should check to make sure it doesn't load itself. (if ($page == 'index'))
Lacoste
here's a code for my navigation

in funcs.php:

Code:
$admin_menu = array(
        "Templates" => "templates.php",
        "Redirects" => "redirects.php",
        "Categories" => "categories.php",
        "FTP Servers" => "ftp_servers.php"
    );
   
    function admin_menu($title = "Sample menu") {
        GLOBAL $admin_menu;
?>
<table cellspacing="0" cellpadding="0" width="100%" style="border-top: 0px solid white;border-bottom: 1px solid #3A5E77;">
    <tr bgcolor="#749FBD">
        <td>
        <table cellspacing="0" cellpadding="5">
            <tr>
<?
        foreach ($admin_menu as $item => $file) {
            if (strstr($_SERVER["SCRIPT_NAME"], $file)) {
                $bgcolor = "bgcolor=\"#3A5E77\"";
            } else {
                $bgcolor = "";
            }
?>
                <td align="left" <?=$bgcolor?>>
                    &nbsp;<a href="<?=$file?>" class="menu"><?=$item?></a>
                </td>
<?
        }
?>
            </tr>
        </table>
        </td>
        <td align="right" style="font-size: 11px; color: white; background-image: url('../img/hole.gif'); background-repeat: no-repeat; background-position: center" width="81"></td>
    </tr>
    <tr bgcolor="white" height="1"><td></td></tr>
</table>
<?
    }
?>


in every page:
Code:
<?
    admin_menu();
?>
bdoneck
what you should do is make a folder for all of the files to include, this will help your security.

you'll also need to put in $page = str_replace('..','',$page); to prevent the user from changing folders
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2007 Frihost, forums powered by phpBB.