Results 1 to 7 of 7
  1. #1
    Join Date
    Feb 2003
    Location
    L.A. C.A.
    Posts
    346

    Enhanced Navigation (page.php?page=bla)

    Ok, I have a spare 10 minutes while I'm waiting for something to download, its 5.31am and I'm trying to stay awake, what do i do? write a tutorial so excuse any mistakes or poor spelling/sense.

    Well, i realise there are probably many of these scripts avaliable in the tutorials section but i gauruntee none of them are like mine. I posted this script a while back in reply to someones question on these forums and no-one really gave feedback. I use it on many of my sites and it hasn't really aged, very usefull.

    [SIZE=medium]The script[/SIZE]
    PHP Code:
    <?php 
    /* 
    * Enhanced Nav v1.01 by arkin [@] dsl [.] pipex [.] com
    * More from http://www.arkin.org.uk
    */ 
    $page = Array(); 

    // Edit these vars or leave as is. 

    $page['home'] = "home"// Replace this with the default page. 
    $page['error'] = "404"// Replace this with the 404 page, can be home.php also or even $page['home']. 
    $page['format'] = ".php"// This will be the format of your page so ?page=bla will be bla.php. 
    $page['trig'] = "page"// The trigger used so ?page=bla. 

    // Do not edit below. 

    if (empty($_GET[($page['trig'])])) $pg $page['home'].$page['format']; 
    elseif (!
    file_exists($_GET[($page['trig'])].$page['format'])) $pg $page['error'].$page['format']; 
    else 
    $pg $_GET[($page['trig'])].$page['format']; 

    include(
    $pg); 
    ?>
    [SIZE=medium]Explanation begins[/SIZE]..

    So, what does it do? Its a highly configurable navigation script, as mentioned above, it takes your configured values and uses them to advantage you making you look professional and knowledgable.

    [SIZE=medium]The configuration[/SIZE]..

    $page['home'] = "home";
    ^^ Replace this with the default page, i.e. the home/front page for when no page is specified.
    $page['error'] = "404";
    ^^ Replace this with the 404 page, the page that is displayed when the page requested does not exist, this can be set to $page['home'] if you just want it to return to the front/home page.
    $page['format'] = ".php";
    ^^ This is the format of the page files, so if your pages are [page.pg.php] you would put .pg.php. I stick to just plain .php.
    $page['trig'] = "page";
    ^^ This is the nice part, you can change the ?page=bla part of the script here so you can have whatever you want, you could even have ?page-content-load=hehe.

    [SIZE=medium]The script workings[/SIZE]..

    if (empty($_GET[($page['trig'])])) $pg = $page['home'].$page['format'];
    ^^ This checks if the $_GET['<page trigger>'] value is empty.. i.e. page.php?<page trigger>=bla, and if it is it continues to set the $pg variable to the homepage.

    elseif (!file_exists($_GET[($page['trig'])].$page['format'])) $pg = $page['error'].$page['format'];
    ^^ This checks if the $_GET['<page trigger>'] page even exists or if the user is trying to access a page that doesn't work, if it doesn't the $pg variable is set to the error page as configured above.

    else $pg = $_GET[($page['trig'])].$page['format'];
    ^^ This is for when the other 2 'if' criteria's aren't met. Basically if the page is being requested and it actually exists, it sets the $pg variable to the page being requested not forgetting the page format variable on the end

    include($pg);
    ^^ Finally, this includes the page file to be displayed using the variable we have set above ($pg). Make sure you place the script where you want the content to go and not at the top otherwise the content will be displayed at the very top and cut up all your design.


    [SIZE=medium]Notes[/SIZE]...

    For those who may question or wonder...

    The dot operator or whatever its called simply joins 2 variables.
    PHP Code:
    <?php
    $x
    ='12'$y='13';
    // $x is 12, $y is 13.
    $z=$x.$y;
    // $z is 1213
    ?>

    [SIZE=medium]Thanks[/SIZE]...
    Well, thanks for reading my tutorial, it was an experience for me writing it, hope it at least helps one person because then i know my goal has been achieved.

    Feedback would be nice, hey - flame away if you wish.
    Last edited by arkin; 07-24-2005 at 12:49 AM.
    WLKNS.co - A collection of my programmer thoughts

  2. #2
    Join Date
    Jul 2005
    Posts
    63
    the only issue is if magic_quotes_gpc is off then someone could do something like this page.php?page=/etc/passwd%00

    so I propose something like this:
    Code:
    $modes = array(
        'mode1',
        'mode2',
        'mode3',
    );
    if (in_array($_GET['mode'], $modes)) {
        include('inc/'.$_GET['mode'].'.php');
    } else {
        include('inc/default.php');
    }
    or this:
    Code:
    switch ($_GET['mode']) {
        case 'mode1' :
        case 'mode2' :
        case 'mode3' :
            include('inc/'.$_GET['mode'].'.php');
            break;
        default :
            include('inc/default.php');
    }

  3. #3
    Join Date
    Feb 2003
    Location
    L.A. C.A.
    Posts
    346
    Originally posted by opera.mp3
    the only issue is if magic_quotes_gpc is off then someone could do something like this page.php?page=/etc/passwd%00

    so I propose something like this:
    Code:
    $modes = array(
        'mode1',
        'mode2',
        'mode3',
    );
    if (in_array($_GET['mode'], $modes)) {
        include('inc/'.$_GET['mode'].'.php');
    } else {
        include('inc/default.php');
    }
    or this:
    Code:
    switch ($_GET['mode']) {
        case 'mode1' :
        case 'mode2' :
        case 'mode3' :
            include('inc/'.$_GET['mode'].'.php');
            break;
        default :
            include('inc/default.php');
    }
    No need, the page format is added onto the check and /htpasswd.php won't exist so no problem.

  4. #4
    Join Date
    Jul 2005
    Posts
    63
    as your script stands it is insecure. Set magic_quotes_gpc=off in your php.ini (it cannot be set during runtime) then restart Apache. Now run the script with a %00 at the end of the query string, e.g., script.php?page=/etc/passwd%00.
    (I'm not sure if this has been fixed in newer versions since it is not necessarily a bug).

  5. #5
    Join Date
    Feb 2003
    Location
    L.A. C.A.
    Posts
    346
    Originally posted by opera.mp3
    as your script stands it is insecure. Set magic_quotes_gpc=off in your php.ini (it cannot be set during runtime) then restart Apache. Now run the script with a %00 at the end of the query string, e.g., script.php?page=/etc/passwd%00.
    (I'm not sure if this has been fixed in newer versions since it is not necessarily a bug).
    Well, i guess this tutorial was a bit of a waste of space then really wasn't it ? It does what I want it to and I'm pleased with it and if you have PHP set up correctly it will not exploit itself.

    Instead of trying to fix my code for me, which i can do myself, i'd rather some feedback on the actuall tutorial on how it bases on navigation, error reporting, page displaying and randomness.

    Thanks.

  6. #6
    It's a nice script, I used wordpress to make my address bar snazzie, but I defiently prefer this one overall

  7. #7
    Join Date
    Feb 2003
    Location
    L.A. C.A.
    Posts
    346
    Thanks Ben07

    It will work with .htaccess if you wanna point /bla/directory/ to page.php?page=directory
    WLKNS.co - A collection of my programmer thoughts

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •