Location: PHPKode > projects > Modular Site Manager > htdocs/tutorials/PHP-16.php
Ever wanted to have one of those sites where you only need one main page, and not have to deal with using seperate pages and messy links? Well, this is the tutorial for you!<br /><br />
<br /><br />
To see a result, use the links in the navigation. The main layout of this site is all in one file. index.php, and all I'm doing is including the pages. In fact, this tutorial you're seeing right now is actualy a file in the folder <a href="/tutorials/PHP/16.php">/tutorials/PHP/16.php</a>. Ok, I'm sure you're thinking this is nice and all, but where is the tutorial? Well, this has all been an explaination of what this tutorial is for.<br /><br />
<br /><br />
Here's what you will learn:<br /><br />
1.) How to use php includes<br /><br />
2.) How to use the strpos() function for security<br /><br />
3.) How to flush all content out of a page and display only what you want it to.<br /><br />
<br /><br />
Ok, I'll give you the code first, then how to implement it and such.<br /><br />
<br /><br />
<div class="code"><strong>CODE:</strong><br /><hr /><?php xhtml_highlight('<?php <br /><br />
if (!isset($_GET[\'page\']) || empty($_GET[\'page\'])) <br /><br />
{<br /><br />
	$page = "Home";<br /><br />
} else {<br /><br />
	$page = $_GET[\'page\'];<br /><br />
} <br /><br />
if (!is_file("content/".$page.".php")) {<br /><br />
	ob_clean();<br /><br />
	die("The page $page does not exist");<br /><br />
} <br /><br />
<br /><br />
if(strpos($page, "../") == "true")<br /><br />
{<br /><br />
	ob_clean();<br /><br />
	die("HACKING ATTEMPT!");<br /><br />
}<br /><br />
include ("content/".$page.".php"); <br /><br />
?>'); ?></div><br /><br />
Ok, now to explain it.<br /><br />
<div class="code"><strong>CODE:</strong><br /><hr /><?php xhtml_highlight('if (!isset($_GET[\'page\']) || empty($_GET[\'page\'])) <br /><br />
{<br /><br />
	$page = "Home";<br /><br />
} else {<br /><br />
	$page = $_GET[\'page\'];<br /><br />
}'); ?></div><br /><br />
<br /><br />
Ok, this part checks the ?page= link to see if it's there, and if it is, whether or not it has a property set. If it's not, it includes the page "Home". And if it is set, and it's not empty, use the string in the url.<br /><br />
<br /><br />
<div class="code"><strong>CODE:</strong><br /><hr /><?php xhtml_highlight('if (!is_file("content/".$page.".php")) {<br /><br />
	ob_clean();<br /><br />
	die("The page $page does not exist");<br /><br />
} '); ?></div><br /><br />
This part checks the string to see if the page exists. If it doesn't, it wipes everything that comes before it and reports the error to the user.<br /><br />
<br /><br />
<div class="code"><strong>CODE:</strong><br /><hr /><?php xhtml_highlight('if((strpos($page, "../") == "true") || (strpos($page, "/") == "true"))<br /><br />
{<br /><br />
	ob_clean();<br /><br />
	die("HACKING ATTEMPT!");<br /><br />
}'); ?></div><br /><br />
This is the security part. This checks the ?page url to see if it has the string "../" or "/" (hence directory changing) it cleans the page and reports the hacking atrtempt. If you want, you can use another tutorial on this site and log when this happens.<br /><br />
<br /><br />
<div class="code"><strong>CODE:</strong><br /><hr /><?php xhtml_highlight('include ("content/".$page.".php"); '); ?></div><br /><br />
<br /><br />
This if it all works, and everything went ok, it includes the page!<br /><br />
<br /><br />
I'll write a tutorial soon on how to have urls like mine. I didn't include it in this one, because it's not directly related.
Return current item: Modular Site Manager