replace frames in php

Printable View

Apr 30th, 2008, 10:00 PM
BlackMagic

replace frames in php

Im try to explain what im trying to do,

in html you can use a frame to open a open within the site without having to open a new window outside the website,

what I wanna do is have all my pages open like an iframe but in php is there anyway to use php to open a page within the same page but without having to pop open a new window out side the page,

I was thinking maybe it could be done using an include or something but i wanted to see anyone could give me an exsample or tell me if its even possible.
Apr 30th, 2008, 10:33 PM
penagate

Re: replace frames in php

PHP produces HTML. There is nothing it can do to help.

Opening pages within pages is a bad idea because it makes navigation and identifying the present location rather difficult.
May 1st, 2008, 12:18 AM
BlackMagic

Re: replace frames in php

a buddy told me to use this..

PHP Code:

<?php if (!isset($_GET["link"])) include 'main.php'; else if(is_file($_GET["link"] . ".php") && $_GET["link"] !="index" ) include htmlspecialchars($_GET["link"] . ".php"); else include 'error.php'; ?>

seems to work how i wanted :D
May 1st, 2008, 12:25 AM
penagate

Re: replace frames in php

Do not use that code. That contains serious security flaw: anyone can input a path as the 'link' parameter and — assuming the Apache or PHP user account has permissions to access it — read any other file ending with '.php' in your system.

If you want to specify content via a HTTP parameter, you must define a mapping table of content names to physical file names, and validate parameters against this table.

In general, passing any variables to include/require statements is bad practice.
May 1st, 2008, 12:37 AM
BlackMagic

Re: replace frames in php

It's not that big of a security flaw it will only allow them to try to get .php that are in the root folder i tried to get subfolders it dont allow me to view them i also tried getting a random .php file out of a sub folder it didn't allow me to view it either it went to the error.php file.
May 1st, 2008, 01:23 AM
penagate

Re: replace frames in php

You may have an open_basedir restriction enabled. Don't rely on that.
May 4th, 2008, 10:48 AM
BillGeek

Re: replace frames in php

Question: Is the following still unsafe? I use a variable in my site in order to generate the content, thus generating a single PHP file the whole time, just using different includes, eg: If the address bar reads www.billgeek.com/index.php?content=links I have a file on the server called: "content_links.html" which is included in the output.

As I have ZERO PHP experience and knowledge, you guys actually determine the outcome of my site... :) :wave:

PHP Code:

if ($_GET["content"] == "prog" || $_GET["content"] == "photo" || $_GET["content"] == "image" || $_GET["content"] == "serious") { echo "<FONT FACE=\"Tahoma\" SIZE=2 COLOR=\"#FFFFFF\">This area is coming soon!</FONT>"; } else { // Following if statement default for when the URL entered contains no variable called content if ($_GET["content"] == "") readfile("content_home.html"); else readfile("content_".$_GET["content"].".html"); }
May 4th, 2008, 08:06 PM
penagate

Re: replace frames in php

No: what if $_GET['content'] contains periods, slashes, or other characters that manipulate the path in some way?

You need to always validate parameters coming from the client side.

A very simple method:

PHP Code:

$pages = array(   '' => 'content_home.html',   'links' => 'content_links.html'   # etc. ); if (array_key_exists($_GET['content'], $pages))   $page = $pages[$_GET['content']]; else   $page = $pages['']; readfile($page);

(Can't remember offhand whether or not you can have an empty string as a key.)

Also, avoid using echo to output HTML. PHP is an output preprocessor; it does it by default. Simply close the PHP code tags.

PHP Code:

<?php   header('Content-type: text/html; charset=utf-8');   # some code here ?>  <?php   # more PHP code here ?>

You can use an alternative syntax for conditional blocks:

PHP Code:

<?php if (something): ?>    <?php endif; ?>
May 4th, 2008, 08:08 PM
dclamp

Re: replace frames in php

i use a switch. it allows me to have other vars for each page.
May 5th, 2008, 12:12 AM
BillGeek

Re: replace frames in php

Quote:

Originally Posted by pena

what if $_GET['content'] contains periods, slashes, or other characters that manipulate the path in some way?

Valid point. :thumb:

Quote:

Originally Posted by pena

Opening pages within pages is a bad idea because it makes navigation and identifying the present location rather difficult.

How would one go about doing something like this then? Are there any alternatives to building an HTML page for every instance of, for example, the "header" section?
May 5th, 2008, 01:11 AM
penagate

Re: replace frames in php

That's not opening a page within a page. That point was referring to IFRAMEs.
Sep 12th, 2008, 07:35 AM
BlackMagic

Re: replace frames in php

Code:

$pages = array( '' => 'content_home.html', 'links' => 'content_links.html' # etc. ); if (array_key_exists($_GET['content'], $pages)) $page = $pages[$_GET['content']]; else $page = $pages['']; readfile($page);

How would use use that to in the index.php or in a config file is what I dont understand I dont get how to use that code to open pages like if I have stuff like home.php and I want home.php to open the main content that will be seen on the site when they view it hard to explain in text

I was looking for something like I had when Im given something I didn't code I dont understand how its to be used. I dont get where I'd place thet above code and then have it open new pages within the content box like and iframe does but I dont wanna use iframes I wanna do it in php