I like to script php, and lately i was looking for a way to create a 100% dynamic page in php, with the least possible overhead and create a rich user experiance.

I say this is a "New" PHP structure because I have come up with the idea myself, that does not go to say that no one has come up with this before me.

The structure is simple in its conception, by using 2 variables, one is whether the user is logged on and the other is whether the user has requested a specific page.

The main page, simply index.php in my case, is what i would refer to as a key page. without the first page none of the links on any other pages will work if they are made in a relative position to the first page.

By using the PHP include statement you can include the page with the name equal to the pagename variable i mentioned above, thus the "key" page can be a shell for the rest of the pages to be included into and you can have a whole website based on a single page name, in my case index.php.

as i said, the coding behind the paging was simple:

at the beggining of the page:

<?php session_start(); $loggedin=@$_SESSION['loggedin']; ?>

and in the space you wish to have the data incorporated into the shell:

<?PHP

$pagename=@$_POST['page'];

if(Empty($loggedin) && Empty($pagename))
include("NLI.php");

if(Empty($pagename) && !Empty($loggedin))
die('<center><h3>ERROR: There seems to be an error in the page you are vieweing</h3><br>please report this error code: 1001</center>');

if(!Empty($pagename))
include("$pagename");

?>

Where loggedin is a simple binary variable, stating weather they are logged in or not, and pagename is the page to display if they are logged in, the site is operated by forms and session variables.


I really enjoyed creating this site, and in my own opinion, i would think this would increase the security of the site itself, but im still a novice at PHP and i hope someone finds this information useful!

You made a huge security risk for yourself.

Including pages based on $_POST data without proper validation can lead to serious security risks. I can include files from other servers and get sensitive information.

I have been using this kind of method for awhile, a little more complex but the same principle.

hmm, ok, i changed it so its a little different and now it will only include the files which are on the server, under the includes directory, and those files only operate if you are logged in, eg the login check, and all pages regarding a change, such as changing personal information, require you to reenter your password.

the new code for that part of the page is:

<?PHP

$pagename=@$_POST['page'];
$username=@$_SESSION['username'];

if(Empty($loggedin) && Empty($pagename))
include("includes/NLI.php");

if(Empty($pagename) && !Empty($loggedin))
include("includes/home.php");

if(!Empty($pagename))
include("includes/$pagename");

?>

as i said i am still a novice, i just like the idea of having it all based on one page :D

This article has been dead for over six months. Start a new discussion instead.