Results 1 to 7 of 7
-
07-24-2005, 12:45 AM #1Web Hosting Guru
- Join Date
- Feb 2003
- Location
- L.A. C.A.
- Posts
- 346
Enhanced Navigation (page.php?page=bla)
Ok, I have a spare 10 minutes while I'm waiting for something to download, its 5.31am and I'm trying to stay awake, what do i do? write a tutorial so excuse any mistakes or poor spelling/sense.
Well, i realise there are probably many of these scripts avaliable in the tutorials section but i gauruntee none of them are like mine. I posted this script a while back in reply to someones question on these forums and no-one really gave feedback. I use it on many of my sites and it hasn't really aged, very usefull.
[SIZE=medium]The script[/SIZE]
PHP Code:<?php
/*
* Enhanced Nav v1.01 by arkin [@] dsl [.] pipex [.] com
* More from http://www.arkin.org.uk
*/
$page = Array();
// Edit these vars or leave as is.
$page['home'] = "home"; // Replace this with the default page.
$page['error'] = "404"; // Replace this with the 404 page, can be home.php also or even $page['home'].
$page['format'] = ".php"; // This will be the format of your page so ?page=bla will be bla.php.
$page['trig'] = "page"; // The trigger used so ?page=bla.
// Do not edit below.
if (empty($_GET[($page['trig'])])) $pg = $page['home'].$page['format'];
elseif (!file_exists($_GET[($page['trig'])].$page['format'])) $pg = $page['error'].$page['format'];
else $pg = $_GET[($page['trig'])].$page['format'];
include($pg);
?>
So, what does it do? Its a highly configurable navigation script, as mentioned above, it takes your configured values and uses them to advantage you making you look professional and knowledgable.
[SIZE=medium]The configuration[/SIZE]..
$page['home'] = "home";
^^ Replace this with the default page, i.e. the home/front page for when no page is specified.
$page['error'] = "404";
^^ Replace this with the 404 page, the page that is displayed when the page requested does not exist, this can be set to $page['home'] if you just want it to return to the front/home page.
$page['format'] = ".php";
^^ This is the format of the page files, so if your pages are [page.pg.php] you would put .pg.php. I stick to just plain .php.
$page['trig'] = "page";
^^ This is the nice part, you can change the ?page=bla part of the script here so you can have whatever you want, you could even have ?page-content-load=hehe.
[SIZE=medium]The script workings[/SIZE]..
if (empty($_GET[($page['trig'])])) $pg = $page['home'].$page['format'];
^^ This checks if the $_GET['<page trigger>'] value is empty.. i.e. page.php?<page trigger>=bla, and if it is it continues to set the $pg variable to the homepage.
elseif (!file_exists($_GET[($page['trig'])].$page['format'])) $pg = $page['error'].$page['format'];
^^ This checks if the $_GET['<page trigger>'] page even exists or if the user is trying to access a page that doesn't work, if it doesn't the $pg variable is set to the error page as configured above.
else $pg = $_GET[($page['trig'])].$page['format'];
^^ This is for when the other 2 'if' criteria's aren't met. Basically if the page is being requested and it actually exists, it sets the $pg variable to the page being requested not forgetting the page format variable on the end
include($pg);
^^ Finally, this includes the page file to be displayed using the variable we have set above ($pg). Make sure you place the script where you want the content to go and not at the top otherwise the content will be displayed at the very top and cut up all your design.
[SIZE=medium]Notes[/SIZE]...
For those who may question or wonder...
The dot operator or whatever its called simply joins 2 variables.
PHP Code:<?php
$x='12'; $y='13';
// $x is 12, $y is 13.
$z=$x.$y;
// $z is 1213
?>
[SIZE=medium]Thanks[/SIZE]...
Well, thanks for reading my tutorial, it was an experience for me writing it, hope it at least helps one person because then i know my goal has been achieved.
Feedback would be nice, hey - flame away if you wish.Last edited by arkin; 07-24-2005 at 12:49 AM.
WLKNS.co - A collection of my programmer thoughts
-
07-24-2005, 06:07 AM #2Junior Guru Wannabe
- Join Date
- Jul 2005
- Posts
- 63
the only issue is if magic_quotes_gpc is off then someone could do something like this page.php?page=/etc/passwd%00
so I propose something like this:
Code:$modes = array( 'mode1', 'mode2', 'mode3', ); if (in_array($_GET['mode'], $modes)) { include('inc/'.$_GET['mode'].'.php'); } else { include('inc/default.php'); }
Code:switch ($_GET['mode']) { case 'mode1' : case 'mode2' : case 'mode3' : include('inc/'.$_GET['mode'].'.php'); break; default : include('inc/default.php'); }
-
07-24-2005, 09:27 AM #3Web Hosting Guru
- Join Date
- Feb 2003
- Location
- L.A. C.A.
- Posts
- 346
Originally posted by opera.mp3
the only issue is if magic_quotes_gpc is off then someone could do something like this page.php?page=/etc/passwd%00
so I propose something like this:
Code:$modes = array( 'mode1', 'mode2', 'mode3', ); if (in_array($_GET['mode'], $modes)) { include('inc/'.$_GET['mode'].'.php'); } else { include('inc/default.php'); }
Code:switch ($_GET['mode']) { case 'mode1' : case 'mode2' : case 'mode3' : include('inc/'.$_GET['mode'].'.php'); break; default : include('inc/default.php'); }
-
07-24-2005, 10:01 AM #4Junior Guru Wannabe
- Join Date
- Jul 2005
- Posts
- 63
as your script stands it is insecure. Set magic_quotes_gpc=off in your php.ini (it cannot be set during runtime) then restart Apache. Now run the script with a %00 at the end of the query string, e.g., script.php?page=/etc/passwd%00.
(I'm not sure if this has been fixed in newer versions since it is not necessarily a bug).
-
07-24-2005, 12:43 PM #5Web Hosting Guru
- Join Date
- Feb 2003
- Location
- L.A. C.A.
- Posts
- 346
Originally posted by opera.mp3
as your script stands it is insecure. Set magic_quotes_gpc=off in your php.ini (it cannot be set during runtime) then restart Apache. Now run the script with a %00 at the end of the query string, e.g., script.php?page=/etc/passwd%00.
(I'm not sure if this has been fixed in newer versions since it is not necessarily a bug).
Instead of trying to fix my code for me, which i can do myself, i'd rather some feedback on the actuall tutorial on how it bases on navigation, error reporting, page displaying and randomness.
Thanks.
-
05-03-2006, 04:18 AM #6Newbie
- Join Date
- Apr 2006
- Posts
- 22
It's a nice script, I used wordpress to make my address bar snazzie, but I defiently prefer this one overall
-
05-05-2006, 10:21 AM #7Web Hosting Guru
- Join Date
- Feb 2003
- Location
- L.A. C.A.
- Posts
- 346
Thanks Ben07
It will work with .htaccess if you wanna point /bla/directory/ to page.php?page=directoryWLKNS.co - A collection of my programmer thoughts