FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Simple PHP Navigation





yule
Hello all,

In this tutorial you will be able to make a simple PHP navigation system that is easy to setup and requires no editing afterwards.

Steps:
1. Open index.php on your website, if it isnt .php change it.
2. Place in the following code:
Code:

<?php
$id = @$_GET['id'];
if ($id == "" or $id == "index") {
   include("default.php"); // Default page
} else {
   include($id.".php");
}
?>


3. Then make your pages, however they must all end in .php, also leave out your website template from all the pags except index.php because they will just be automaticaly included into the page. You will also access your pages by going: index.php?id=some_page

Then your done! Very Happy
snowboardalliance
what if someone used this and they typed in something like

http://yoursite.com/index.php?id=http://mysite.com/hacking/bad

You should also check for external $id's before including it.

Still, good basic info.
Ranfaroth
yule wrote:
include($id.".php");
As said previously : wrong !
This is very danregous.
One simple rule everyone should respect is : no dynamic includes. (That is to say, no variables passed to the include function)
charliehk
Why dangerous? Could anyone give an example?
snowboardalliance
charliehk wrote:
Why dangerous? Could anyone give an example?


Let me repeat, someone could put ANYTHING in there and it would add .php to the end. So if they have a site with a file that can do something bad, they just put it inthe URL and thier page is included. Now this might not always work, but if someone from the same host would do it (like home/username/public_html/hacking_file) they could also load something bad.
mathiaus
This is a safer way that I use (slightly modified) Smile

Code:
<?php
$id=$_GET['id'];
if (!empty($id)) {
$page = "/home/cpanelusername/public_html/" .$id. ".php";
if(file_exists("$page")){
include("$page");
}
else {
include("/home/cpanelusername/public_html/error.php");
}
}
else {
include("/home/cpanelusername/public_html/welcome.php");
} ?>
snowboardalliance
mathiaus wrote:
This is a safer way that I use (slightly modified) Smile

Code:
<?php
$id=$_GET['id'];
if (!empty($id)) {
$page = "/home/cpanelusername/public_html/" .$id. ".php";
if(file_exists("$page")){
include("$page");
}
else {
include("/home/cpanelusername/public_html/error.php");
}
}
else {
include("/home/cpanelusername/public_html/welcome.php");
} ?>


Almost perfect, but it should check to make sure it doesn't load itself. (if ($page == 'index'))
Lacoste
here's a code for my navigation

in funcs.php:

Code:
$admin_menu = array(
        "Templates" => "templates.php",
        "Redirects" => "redirects.php",
        "Categories" => "categories.php",
        "FTP Servers" => "ftp_servers.php"
    );
   
    function admin_menu($title = "Sample menu") {
        GLOBAL $admin_menu;
?>
<table cellspacing="0" cellpadding="0" width="100%" style="border-top: 0px solid white;border-bottom: 1px solid #3A5E77;">
    <tr bgcolor="#749FBD">
        <td>
        <table cellspacing="0" cellpadding="5">
            <tr>
<?
        foreach ($admin_menu as $item => $file) {
            if (strstr($_SERVER["SCRIPT_NAME"], $file)) {
                $bgcolor = "bgcolor=\"#3A5E77\"";
            } else {
                $bgcolor = "";
            }
?>
                <td align="left" <?=$bgcolor?>>
                    &nbsp;<a href="<?=$file?>" class="menu"><?=$item?></a>
                </td>
<?
        }
?>
            </tr>
        </table>
        </td>
        <td align="right" style="font-size: 11px; color: white; background-image: url('../img/hole.gif'); background-repeat: no-repeat; background-position: center" width="81"></td>
    </tr>
    <tr bgcolor="white" height="1"><td></td></tr>
</table>
<?
    }
?>


in every page:
Code:
<?
    admin_menu();
?>
bdoneck
what you should do is make a folder for all of the files to include, this will help your security.

you'll also need to put in $page = str_replace('..','',$page); to prevent the user from changing folders
Related topics
[tutor] How to protect images without htaccess using PHP
simple php problem, please help...
IIS, PHP and Tomcat not cooperating!
PHP Navigation
PHP Blog
Simple PHP forum code needed!
Simple PHP script not working
I need a VERY simple php script
another simple php request
Anyone care to help me with a simple PHP Form ?
simple php to mysql form doesn't work
VERY simple php script needed
How to build simple PHP upload form
need help in a simple php register script based on flat file
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.