Hi everybody. This is my 3rd script, but this dont use MySQL
It does this: divide the site in SECTIONS and PAGES.
Benefits:
-You have to create just the text of your pages, no create ech page with the entire layout again.
-If its just the text that is included, you just have to have one page with the layout, witch is the INDEX.PHP.
-If you chanche the layout in the index.php, you DONT HAVE TO change in the other pages.

Here is the code:

How to use:
If you want to have a page caled 'my_book.php' in the directory 'library', you can create a link like this:
http://www.yoursite.com/index.php?section=...ry&page=my_book
or just
http://www.yoursite.com/?section=libary&page=my_book

To crate a link to the index, you have 4 options:
http://www.yoursite.com/ ----JUST THE SITE ADRESS, WITH NOTHIS AFTER IT
http://www.yoursite.com/?section=index
http://www.yoursite.com/?section=main
http://www.yoursite.com/?section=deafult
This will load a page called PRINCIPAL.PHP (lower case)

To create a link to the INDEX.PHP (lower case) of some SECTION, do this:
http://www.yoursite.com/?section=my_section
This will include the index.php of the directory MY_SECTION (lower case, again, )

---------REMEBER--------
-The files HAVE TO BE IN .php !
-The falis MUST

This post has been edited by Alexandre Cisneiros: Feb 17 2006, 04:36 PM

Nice! This is one script I'll have to save and play with!

I use a similar system except the site is controlled through a MySQL database to save file space.

Very nice!

[N]F

You shouldn't do this. And it should be obvious why.

You see, anyone can put anything in the URL, loading and executing any file with .php extension on the server. If you are on a shared hosting space some one could easily set up a malicious script to his own home directory and just use the section variable to navigate to right place and run the code. With your scipt...

To make things even worse, with PHP5. flle_exists works with URLs too. So with this script it is possible to load any script from anywhere inside your page.

And please don't forget that PHP can be used to run system commands, meaning that doing practiacally anything is possible. For instance it would be easy to delete your entire website.



So how this should be done then?

By allowing only pre-defined files to be included. You could put the allowed files (the PHP files that make up your website) in an array and use the array index in the URL GET variable to include the right page. For secions you could use multi-dimensional arrays or multiple arrays. Other option would be just use control structures like if() or switch() to load only specific pages: like this

Unfortunately your code won't work correctly.

Here's a fixed up version with a few additional things to check for:



The changes for the fix, is that we're using the switch statement to check strings, which was incorrect with Hercco's code.

Also setting the $page variable uses the ternary operator ?: which acts as a single if/else statement. e.g. it could be written as:



The reason for exiting the script, is because there's really nothing to do, and loading the default isn't something that they may want. However if the page requested is not one of the listed, then the default will load the main content, because obviously the changes would have been made manually, and you should have hardcoded what you wanted specified.

Cheers,


MC

Yeah. Iy`s true. I din't think about this...

So whith cases...

--==-=-=-=--=-
Sory for this...
But I`m a human xD

You're showing off by this one that much as if you were the one who discovered it. I think, most of the people visitin' that topic use this one. And this is one of the biggest PHP's advantages.

P.S. Sorry, I was a bit rude to you, but I really dislike people showin' off for nothing.

Hey nice work

Although I have not totally understoood the script, but I have copied it and I gonna play with it now ....

I hope that I will have no problems .....

If I came up with some problem, than I will mention here


Regards:
Samya Khalid