homepage Welcome to WebmasterWorld Guest from 174.129.103.100
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Help with coding
multi php pages in one page
CroGame




msg:4380317
 6:41 pm on Oct 27, 2011 (gmt 0)

Hi, i need some help with coding webpage....so the problem is that i want to include one page to another and this is how it looks:

i have header.php ( this includes style.css + right and top of webpage...on right is login for users, and on top is logo and menu )
<!DOCTYPE HTML PUBLIC
"http://www.tele-sat.hr">
<html>
<HEAD>
<meta http-equiv="Content-Type" content="HTML; charset=iso-8859-1">
<title>Tele-Sat d.o.o</title>
<link href="style.css" rel="stylesheet" type="text/css">
</HEAD>
<BODY>
<div id="wrapper">
<!-- Header Start-->
<!-- Menu Start -->
<div id="menu_panel">
<div id="nav">
<ul>
<li><a href="index.php?page=pocetna">Pocetna</a></li>
<li><a href="index.php?page=ponuda">Ponuda</a></li>
<li><a href="index.php?page=galerija">Galerija</a></li>
<li><a href="index.php?page=kontakt">Kontakt</a></li>
</ul></div>
</div><!-- Menu End -->
<div id="header">
<div id="site_title"><a href="#"><span>Tele-Sat d.o.o</span></a></div>
</div>
<!-- Header End-->
<!-- Right Start-->
<div id="rightcolumn">
<!-- InfoBox 1 Start-->
<h2>Prijava</h2>
<center><img src="slike/lockicon.png"></center>
<table border="0">
<form method="POST" action="prijava.php">
<tr><td>Korisnik</td><td>:</td><td><input type="text" name="username" size="15"></td></tr>
<tr><td>Lozinka</td><td>:</td><td><input type="password" name="password" size="15"></td></tr>
<tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" value="Prijava"></td></tr>
</form>
</table>
<br>
<h2>Updates</h2>
<p>Datum updatea na najnovija verzija keyeva za download - <b>24.10.2011.</b></p>
Za download se morate prijaviti na stranicu </div>
<!-- Right End-->

<!-- Central Start-->
<div id="central_column">


index.php - used for swiching between pages( it should load only the middle part of webpage, without loading header again...so it should load header once...), and here is connection between links ( from header) and pages ( php files )
<?php

$page = $_GET['page'];
if ($page=="") { $page = "pocetna.php"; }

@include('header.php');

switch($page)
{

case "page1":
@include('pocetna.php');
break;

case "page2":
@include('ponuda.php');
break;

case "page3":
@include('galerija.php');
break;

case "page4":
@include('kontakt.php');
break;

}
@include('footer.php');

?>


footer.php - just to close all codes
</div>
<!-- Central End-->
<!-- Footer Start-->
<div id="footer">
<div id="footer_siteowners">All Rights Reserved &copy; 2011 <a href="#">Tele-Sat d.o.o</a></div>
<div id="footer_designer"><a href="http://www.crogame.com" title="CroGame">CroGame Design</a></div>
</div>
<!-- Footer End-->
</div>
</BODY>
</html>


and pocetna.php ( one of pages that are listed at header.php)
<h1>Nova stranica</h1>
<p>Nova stranica je napravljena s ciljem da bi korisnici mogli skidati kodove za receivere kako bi mogli

gledati kodirane programe </p>

<h1>Ostale informacije </h1>
<p><h3>Nema ostalih informacija</h3></p>


PROBLEM: Problem is that when i click on pocetna.php nothing happens ( except that my url link is site.com/index.php?page=pocetna )...so it should load text located in pocetna.php but it doesn't :(
It is the same blank text area on all pages ( pocetna.php, ponuda.php, galerija.php, kontakt.php )
does any1 see solution for this headache? Thanks :D

 

Matthew1980




msg:4380370
 7:48 pm on Oct 27, 2011 (gmt 0)

Hi there CrowGame,

Welcome to the forums!

After a brief scan of your code I can see this as the problem for the links not functioning:-

$page = $_GET['page'];
if ($page=="") { $page = "pocetna.php"; }

You're including the file extension in the quotes whereas you're defining the link as this:-


<li><a href="index.php?page=pocetna">Pocetna</a></li>

So from this bit, I can see that $_GET['page'] will have the value of 'pocetna' IF it's clicked on, then this is what you check for in your script.

if ($page=="") { $page = "pocetna"; }

Minus the file extension. Please note that I haven't scoured the code, and this is what I can see causing the error.

Then the second issue is the switch statement:-

Change yours to this:-

switch($page){
case "pocetna":
include('pocetna.php');
break;

case "ponuda":
include('ponuda.php');
break;

case "galerija":
include('galerija.php');
break;

case "kontakt":
include('kontakt.php');
break;
}

Your switch statement was looking for the wrong values in the supplied var; consequently, you page would never load as you expect it to. Just ensure that you have those file names available to load, and from the same directory that this script is ran in.

Also at this point I MUST recommend that you read up on website security as this script is horribly insecure, please look into this as this will pay dividends in future.

I hope as this answers your question.

Cheers,
MRb

CroGame




msg:4380653
 12:46 pm on Oct 28, 2011 (gmt 0)

Thanks Matthew1980, that worked...
im still new to this, so im trying code something and see what will happen

@website security
this is not really some important page, and im not placing any important things on it...its just for my education :)
but still...im going to take look at it

rocknbil




msg:4380759
 5:16 pm on Oct 28, 2011 (gmt 0)

im not placing any important things on it...


This justification gets to be a habit, I hear it several times a day. :-)

its just for my education


Then you need to take heed while you're learning, which is a very good habit to form. :-) There's nothing important on this page, yes, but what if I did this?

yourscript.php?page=/etc/passwd

Oops! :-) Though that directly wouldn't work, you get the idea - it's not the things on your page you have to worry about, especially if you're accepting external input as an include.

The first stop for security should always be accept only what you want and throw everything else away. **One** simple way to do that, modifying M's code, is to make a list of what you expect to be valid pages:

$valid_pages = Array('pocetna','ponuda','galerija','kontakt');

$page = $_GET['page'];
// Make sure it's JUST letters and numbers (though I don't see the need for numbers, there might be?)
$page = preg_replace('/[^a-z\d]/i','',$page); // kill anything not letters or numbers, case-insensitive

if (empty($page)) { $page = 'pocetna'; }

// If it's not in our list, OR doesn't exist, it's not a valid request
$full_path = $_SERVER['DOCUMENT_ROOT'] . "/$page.php";

if (in_array($page,$valid_pages) and is_file($full_path)) {
include("$page.php");
}
else { die("That is not a valid page."); }

So anything but what you expect is outta' here. Let's step it up a notch - let's not even reveal the names of your include files in the URL.

// Make your public requests something anonymous like <a href="script.php?page=a"> for example
// If you don't know them, this is an associative array, keys left, values right. So
// echo $valid_array['c']; will print "galerija.php"

$valid_pages = Array(
'a' => 'pocetna.php',
'b' => 'ponuda.php',
'c' => 'galerija.php',
'd' => 'kontak.php'
);

$page = $_GET['page']; // "$page" is now a, b, c, d ....
// Now we're SURE we only need letters, and only one of them, and we expect them all to be lower case (no i for case insensitive)
$page = preg_replace('/[^a-z]/','',$page); // kill anything not lower case letters

if (empty($page)) { $page = $valid_pages['a']; } // pocetna.php

$full_path = $_SERVER['DOCUMENT_ROOT'] . "/" . $valid_pages[$page];

if (array_key_exists($page,$valid_pages) and is_file($full_path)) {
include($valid_pages[$page]);
}
else { die("That is not a valid page."); }

CroGame




msg:4382270
 8:24 pm on Nov 1, 2011 (gmt 0)

@rocknbil
thanks :)

but really this is something that im still learning...there is nothing seriuos on that webpage, and everything is on my localhost

:D

Matthew1980




msg:4382832
 10:25 pm on Nov 2, 2011 (gmt 0)

Hi there CroGame,

>>there is nothing serious on that webpage...

Well I have to agree with Rocknbil on this:-

>>Then you need to take heed while you're learning, which is a very good habit to form. :-)

Getting into good habits now will pay immence dividends later on.

All we can do is advise on what we know and have seen from experience, if you're ever intending on issuing something to a public domain, you will certainly need to read up on this topic.

Anyway, however you decide to proceed; enjoy your learning process!

Have fun.

Cheers,
MRb

Leosghost




msg:4382842
 11:02 pm on Nov 2, 2011 (gmt 0)

There will be nothing serious on that page until ( maybe ) someone gets through your non existent security.. and maybe adds some childpron or something else which can get you a long holiday behind bars ..to your site..

Then it will be serious ..and your responsibility ..

And the people who may be investigating what someone else reported on your site may not heed your protestations that it wasn't you..

Or none of that might happen..if you are lucky ..do you buy lottery tickets, play the slots ? ..have you ever won a great deal of money ..are you lucky ?

You have had very good detailed advice..don't be so quick to dismiss it..:)

And it being on your local host will make no difference, if it is connected to the outside..

And if it isn't ..( then, as has been said to you already ) the best time to learn good habits is now..

rocknbil




msg:4383101
 4:43 pm on Nov 3, 2011 (gmt 0)

Fair enough, it's just local, but if you examine the last method I exemplified it's a little more efficient and expandable. Need to add another "page" include? Just add it's name to the array. :-)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved