Be a Supporter!

Php: Secure Navigation

  • 1,780 Views
  • 11 Replies
New Topic Respond to this Topic
bigftballjock
bigftballjock
  • Member since: Feb. 23, 2005
  • Offline.
Forum Stats
Member
Level 04
Blank Slate
Php: Secure Navigation 2006-06-16 13:40:11 Reply

Ok in this tutorial, I will teach you how to create a secure PHP navigation through including files.
Basically another way to use stuff like: ?page=this, etc..

Ok first off I'll just post the entire code:
<?php
$allowed_pages = array(
'about',
'members',
'admincp',
'forum'
);
if(!$_GET['page'] || !in_array($_GET['page'],$allowed_pages)){
$page = "home";
}else{
$page = $_GET['page'];
}
if($page == "home"){
echo "Welcome to the main page!";
}else{
require($page.".php");
}
?>

Ok now to break it down:
<?php
$allowed_pages = array(
'about',
'members',
'admincp',
'forum'
);

This assigns the variable $allowed_pages an array(or list) with all the pages you wish for the users allowed to view.

if(!$_GET['page'] || !in_array($_GET['page'],$allowed_pages)){
$page = "home";
}else{
$page = $_GET['page'];
}
This will check if the current page the user is trying to view: ?page=BLAH is in the list we made earlier, if it isn't, then the variable $page will be set as 'home' (to send the user to the home page), otherwise it will set the $page variable as ?page='THIS'

if($page == "home"){
echo "Welcome to the main page!";
}else{
require($page.".php");
}
?>

This will be the content part of your site, it will first check if the $page variable we assigned earlier is set to 'home', if it is, then it will just print out 'Welcome to the main page'(you can always change that to something else or another block of code). If the $page variable isn't set to 'home', then it will simply require the file from the server into that page(which will display all the file contents onto the page).

Pretty cruddy tutorial, but it might help somebody out :)

Any questions / comments then please reply. :D

NinoGrounds
NinoGrounds
  • Member since: Nov. 28, 2005
  • Offline.
Forum Stats
Member
Level 19
Programmer
Response to Php: Secure Navigation 2006-06-16 13:47:26 Reply

Okay.

I'd personally add a file_exist too. Even though this is secure enough, but if you are getting the data from a input, there may be some injections, so it is good to add file_exist ;)

bigftballjock
bigftballjock
  • Member since: Feb. 23, 2005
  • Offline.
Forum Stats
Member
Level 04
Blank Slate
Response to Php: Secure Navigation 2006-06-16 13:53:55 Reply

True, but since there is an array with pages that people are ONLY allowed to view, you really cant have any injections to override it, because if you use something like:
?page=config
and try to view the config file, and if the file isn't viewable through the array, then it will just redirect the user back to the main page.

ProxyJock
ProxyJock
  • Member since: May. 25, 2005
  • Offline.
Forum Stats
Member
Level 02
Blank Slate
Response to Php: Secure Navigation 2006-06-24 15:33:44 Reply

You do realize you could shorten this script by about 50% if you'd just use a switch statement, right?

ProxyJock
ProxyJock
  • Member since: May. 25, 2005
  • Offline.
Forum Stats
Member
Level 02
Blank Slate
Response to Php: Secure Navigation 2006-06-24 15:37:02 Reply

At 6/24/06 03:33 PM, ProxyJock wrote: You do realize you could shorten this script by about 50% if you'd just use a switch statement, right?

Sorry, forgot to add the code.

<?php
$page = ( !isset($_GET['page']) ) ? 'home' : $_GET['page'];

switch($page) {
case 'home': $inc = 'home.html'; break;
case 'forums': $inc = 'forum.php'; break;
case 'login': $inc = 'login.html'; break;
default: $inc = 'home.html'; break;
} // End switch

require_once($inc);

# I included the last break statement on the default case
# in case you wanted to add more cases at the bottom of the list.

# That sentence had the word "case" a lot lol

?>

bigftballjock
bigftballjock
  • Member since: Feb. 23, 2005
  • Offline.
Forum Stats
Member
Level 04
Blank Slate
Response to Php: Secure Navigation 2006-06-24 19:06:03 Reply

At 6/24/06 03:37 PM, ProxyJock wrote:
At 6/24/06 03:33 PM, ProxyJock wrote:
You do realize you could shorten this script by about 50% if you'd just use a switch :statement, right?

Switch navs aren't as good, sure they're easy but they don't shorten the script, with my script you can simply make a whole new page, but with switch navs you'll end up having 100's of lines of code that can make the page quite slow. Unless of course you use an include func in each case.

But still its not going to shorten the script.

ludnix
ludnix
  • Member since: Feb. 4, 2006
  • Offline.
Forum Stats
Member
Level 02
Blank Slate
Response to Php: Secure Navigation 2006-06-25 15:35:49 Reply

At 6/24/06 07:06 PM, bigftballjock wrote:
At 6/24/06 03:37 PM, ProxyJock wrote:
At 6/24/06 03:33 PM, ProxyJock wrote:
You do realize you could shorten this script by about 50% if you'd just use a switch :statement, right?
Switch navs aren't as good, sure they're easy but they don't shorten the script, with my script you can simply make a whole new page, but with switch navs you'll end up having 100's of lines of code that can make the page quite slow. Unless of course you use an include func in each case.

But still its not going to shorten the script.

What are you talking about? The switch does shorten the script and is just as easy to add pages to. The Switch statement is just a a bunch of if statements shortened into one easy statment.

bigftballjock
bigftballjock
  • Member since: Feb. 23, 2005
  • Offline.
Forum Stats
Member
Level 04
Blank Slate
Response to Php: Secure Navigation 2006-06-25 18:24:52 Reply

Ok lets see here, my navigation system is roughly 18 lines long,
and it will stay that length unless if you add more pages which will only add ONE line of code.

But if you use a switch navigation, each time you want to add a new page, thats adding 3 more lines of code:
case 'page':
//code here
break;

6 pages later, your going to have the same length as my navigation, and then much more each time you add more pages and code for each.

But use whatever floats your boat.

DFox
DFox
  • Member since: Aug. 9, 2003
  • Offline.
Forum Stats
Member
Level 30
Blank Slate
Response to Php: Secure Navigation 2006-06-25 18:28:11 Reply

Yeah bigftballjock's way is really good because you're just adding page names to a simpe array instead of adding a case for it.


BBS Signature
Zerabira
Zerabira
  • Member since: Jun. 26, 2006
  • Offline.
Forum Stats
Member
Level 02
Blank Slate
Response to Php: Secure Navigation 2006-06-26 11:30:01 Reply

Nice straightforward little script bigftballjock. Cheers :)

Pilot-Doofy
Pilot-Doofy
  • Member since: Sep. 13, 2003
  • Offline.
Forum Stats
Member
Level 37
Musician
Response to Php: Secure Navigation 2006-06-27 17:13:26 Reply

At 6/25/06 06:24 PM, bigftballjock wrote: if you add more pages which will only add ONE line of code.

The switch statement is the exact same way. Let's suppose we want to add a page called "contactus.html" we'd edit the switch statement like so:

<?php
$page = ( !isset($_GET['page']) ) ? 'home' : $_GET['page'];

switch($page) {
case 'home': $inc = 'home.html'; break;
case 'forums': $inc = 'forum.php'; break;
case 'login': $inc = 'login.html'; break;
case: 'contactus': $inc = 'contactus.html'; break;
default: $inc = 'home.html'; break;
} // End switch

require_once($inc);

# I included the last break statement on the default case
# in case you wanted to add more cases at the bottom of the list.

# That sentence had the word "case" a lot lol

?>

I don't think you realize the brievity of a switch statement or switch statements in general.

thecoshman
thecoshman
  • Member since: Jun. 11, 2006
  • Offline.
Forum Stats
Member
Level 12
Blank Slate
Response to Php: Secure Navigation 2006-08-08 08:12:05 Reply

Ok, so I can see why this system will be wanted, but a real site will have a fair few pages, and listing them all in an array or switch statment can get fairly repetative, and it would have to be one every page right?

So you just tell it to get the list of allowed pages form a text file, that you jsut need to change to add more pages, but still this is gonig to get long and hard to keep understandable for long.

Would it not be better to use this script to redirect people if tehy are on a page they are not ment to see, sure it will involve more thinking to keep it working, but how many sites are going to have more pages that you are not allowed to see then pages you are allowed to see?