Simple php skinning

[zhono]

I figured it would be easy to find a tutorial for this, but since I'm not sure exactly what to search for, I haven't found what I need.

Normally when I make a new site layout, I make one php page for each section.

index.php, news.php, aboutus.php, etc

Each file contains it's own content, and uses includes to pull in the menu, header, footer, etc.

But what I want to do instead, is pretty much the opposite. I want to make a single index.php file, with my layout, meunu, header, footer, etc, and have an html file be called for the contents. So going to

index.php?about.html

will pull the content from about.html into the index file, and

index.php?folder/somefile.html

would do the same.

I know this would seem very simple to most people, but I am extremely new to php, and really have no idea how this is done. Thanks in advance for any help given.

[Nile]

Like this?:

Code:

<title>Page!</title>
<?php
  if(file_exists($_GET['ext'])){
    include($_GET['ext']);
  } else {
   die ("You were directed to a non existing page!");
  }
?>

Then:
index.php?ext=about.html

[Twey]

Like that, yes, but without the gaping security hole: index.php?ext=/etc/passwd

Code:

<?php
  $page = urldecode($_SERVER['QUERY_STRING']);

  if ($page[0] === '/'
      || $pagestrpos($page, '../') !== false
      || !file_exists($page)) {
    header('404 File Not Found');
    die('This page does not exist!');
  }

  require_once sprintf('templates/%s.inc.php', $page);
?>

Going to index.php?about will load includes/about.inc.php.

Note that this code is secure for *nix operating systems only. If you're running on something weirder, say so: it probably needs different checks.

URLs like this are a prime candidate for rewriting with mod_rewrite to get /yourapp/about instead of /yourapp/index.php?about or /yourapp/?about.

[techietim]

This allows you to include anything in the current and sub directorys, excluding the current file (no infinate includes)

PHP Code:

<?php
$request = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING']:'';
if($request == ''){
    $request = 'default.html'; //The page to include
}
$include_path = realpath($request);
$self_dir = dirname(__FILE__);
if(substr($include_path, 0, strlen($self_dir)) == $self_dir){
    if(file_exists($request) && $include_path != __FILE__){
        include $request;
        die;
    }
}
echo 'Error in including file';

(I only tested this on Windows. Let me know if you have problems on a non-Windows OS)

[zhono]

Ah, yes. Exactly what I needed. Thanks guys.

Now one other question. How would I simply assign the value to a variable to use on the page. So if the url is

index.php?image=pic1

then have it create a variable $image and set it's value to pic1 so I can do

Code:

<img src="images/<? $image ?>.jpg">

[Nile]

Code:

<?php
echo "<img src=\"images/{$_GET['image']}.jpg\">;
?>

[zhono]

With that, all I get is:

Parse error: syntax error, unexpected $end in /path/to/file/index.php on line 3

[techietim]

He meant:

PHP Code:

<?php
echo '<img src="images/' . $_GET['image'] . '.jpg">';
?>

[Twey]

But he should have meant:

Code:

<img src="images/<?php echo $_GET['image']; ?>.jpg">

If you ever find yourself echoing HTML, you're probably doing it wrong. It seriously harms readability and performance.

Code:

$request = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING']:'';

That's unnecessary — $_SERVER['QUERY_STRING'] will always be set, although it may be empty.

I like what you've done with realpath(), though.