[Phpwm] Site Structure
David Goodwin
david at codepoets.co.uk
Fri Dec 9 12:45:21 GMT 2005
Matt Harris wrote :
> Hi Folks,
>
> Hope your all ok.
>
> I was after some basic advice, regarding setting up my site using php (this is my first php project).
>
> I have my index page with two divs, one for the menu and one for the content where I pull in the different pages, by setting a variable thats the name of the page, in the url. Below is the code I have in my index.
>
> <?php
> if (isset($_GET['page'])) {
> $page = $page . "." . "php";
> include("$page");
> }
> else {
> include("welcome.php");
> }
> ?>
>
Hi,
That's a bit of a security hole, in that your page might open arbitary .php files.
http://server/path/to/page.php?page=/var/www/index
or
(this assumes php is able to include remote files.. there's a config
option to control this)
http://server/path/to/page.php?page=http://foo.bar.com/nasty
I'd have thought you're probably better off with something along the lines of :
if(isset($_GET['page'])) {
$desired_page = $_GET['page'];
$allowable = array("index", "aboutme", "foo", "bar", "something", "else");
foreach($allowable as $ok) {
if($ok == $desired_page) {
include($ok);
continue;
}
}
}
> How do you guys go about setting up your sites in a resourceful way?
>
> Am I just better off sticking to including a header and a footer on all my pages?
Either method is fine - you'll see many web apps (e.g. phpbb springs to
mind) which have a 'front controller' which includes the content from a
particular include file; alternatively you'll also find many sites that
have seperate distinct files and each page using headers/footers.
Which route you go is probably determined by which offers the best code re-use or
maintainability, and which you're most comfortable with. Technically the
front/fat controller route probably offers best code reuse and less repetition.
David
More information about the Phpwm
mailing list