0

I'm currently working to make my own CRM website application and I followed Alex youtube tutorial which is the login/register using OOP.

In addition I need my index.php to be the dynamic content switcher, which I only include header and footer while the content load from a folder where it stores all the page. I believe the end result should be like www.example.com/index.php?page=profile

I look around and it seems like what I'm doing it's something similar to MVC pattern where index is the root file and all the content is loaded from view folder.

I managed to get everything done correctly but now instead of displaying the link like: www.example.com/user.php?name=jennifer

I wanted it to be www.example.com/user/name/jennifer

I try to look around phpacademy forum but the forum seems to be abandon, some search I managed to find a topic that relevant to what I want, but the code doesn't seems to be working and I got the same error with poster.

here is the code:

<?php
// Define the root of the site (this page should be in the root)
define('ROOT', rtrim(__DIR__, '/') . '/');
define('PAGES', ROOT . 'pages/');


// Define "safe" files that can be loaded
$safeFiles = ["login", "regiser", "profile", "changepassword"];


// Get URL
if(isset($_GET['page']) && !empty($_GET['page'])) {
    $url = $_GET['page'];
} else {
    $url = '/';
}


// Remove Path Traversal
$sanatize = array(
    // Basic
    '..', "..\\", '../', "\\", 
    // Percent encoding
    '%2e%2e%2f', '%2e%2e/', '..%2f', '%2e%2e%5c', '%2e%2e', '..%5c',     '%252e%252e%255c', '..%255c',
    // UTF-8 encoding
    '%c1%1c', '%c0%af', '..%c1%9c'
);
$url = str_replace($sanatize, '', $url);
// Prevent Null byte (%00)
// PHP 5.6 + should take care of this automatically, but PHP 5.0 < ....
$url = str_replace(chr(0), '', $url);
// Filter URL
$url = filter_var($url, FILTER_SANITIZE_URL);
// Remove any extra slashes
$url = rtrim($url, '/');
// Make lowercase url
$url = strtolower($url);


// Check current page
$path = PAGES . $url . '.php';
// If the file is in our safe array & exists, load it!
if(in_array($url, $safeFiles) && file_exists($path)) {
    include($path);
} else {
echo "404: Page not found!";
}

I search around Google but I couldn't find a solution and I notice there were people asking in this forum as well hence I hope someone can assist me in this area.

Jennifer Low
  • 1
  • 1
  • create a htaccess file in the root folder of your application and define the rules for URL. There are tons of examples in the stackover flow take a look on like http://stackoverflow.com/questions/26285463/creating-seo-friendly-urls-using-htaccess – jogesh_pi Jan 20 '15 at 11:32
  • @jogesh_pi just added more info in my first post. with more relevant info of what I wanted to achieve. – Jennifer Low Jan 20 '15 at 11:36
  • Unless this is a purely academic exercise, then you would be a lot better off using a nice micro-framework like fatfreephp (recommended) or even a full 'fat' framework like Laravel - the framework code will be tried and tested, plus you will have an active community to discuss problems with. – Steve Jan 20 '15 at 11:44

0 Answers0