Hi there.
Hope you can help me with this.

The idea:

Well, I have a newuser-terms.php page, which list the terms of registration, and on that page is a button which proceeds the visitor to newuser.php.
What I ultimately want to achieve is that it actually all becomes one page. I want it that when the visitor clicks the button, the application will appear within newuser-terms.php - so that they are "forced" in a manner of speaking to read the terms.

How do I think I could achieve this?:

Well, I guess it'd still keep the newuser.php itself for the application HTML code, but i'd need to add something to that so it can only be loaded within newuser-terms.php and not directly otherwise it's pointless.
Would I use something like include('myApp.php'); and some form of the require(). I suppose the button would need something like newuser-terms.php?agreed=1 to make the application appear. Do you think this is possible?

I'm using:

Apache 1.3.27, PHP 4.3.2

Many thanks if you can help me with this.

Hi Daniel,

Should be pretty easy to do. Maybe use functions that contain certain bits of data and then call them depending on what is clicked? ie:

Have your form action as something like:

newuser-terms.php?action=view

then:



if ($_GET['action'] == "view") {

loadForm();
exit;

}



Maybe something like that?

Hi dreamcatcher, thanks for your reply.
:confused: *confused look* :confused:
I'll try and give it a go.

Hi Daniel,

Sorry if it sounds a little complicated. If you haven`t done this before then it probably is. :confused:

Working with functions can be a little awkward, if you call them before any HTML output, then you might just get a white page that isn`t formatted. Probably best to call them after the </head> tag. Then if you are using a style sheet link, it will still work.

It really is the best way to have all your code on the same page. You can put your functions in an external file if you wish. Just remember to include it in the file that you are using the functions.

I wish I could give you some more help, but you really need to have a play around and see what happens. Looking at other PHP scripts is a good learning curve.

You don`t HAVE to use functions, I just like them because they keep things nice and tidy. You could just do:



if ($_GET['action'] == "view") {

blah blah
exit;

}



exit stops execution of the script in case you hadn`t seen that before.

Maybe someone else knows a better way to go about this?

:)

<?php
$action = (isset($_GET['action'])) ? $_GET['action'] : "";
if ($action == "banmember") {
#ban member code
}
else if ($action == "newmember") {
#new member code
} else {

# code if action is unkown!
}
?>



ok this sets up three things....

it sets up filename.php?action=banmember
it sets up filename.php?action=newmember
and if it doesnt recognise the action it displays the final one ;)
replace # whatever with your coding ;)

Thanks.

Could I use something like this though, or am I completely on the wrong track???


<?php
if (!eregi("page.php", $_SERVER['PHP_SELF'])) {
die ("Sorry, You cannot access this file directly...");
}

$index = 0;
include("header.php");
?>

<?php
if($_GET['proceed'] == 1){
echo ("
<div align=\"center\">
The HTML code for the newuser application.
<br /></div>
"); }

?>

<div align="center">
The terms HTML blah blah.
<br /></div>

<?php
include("footer.php");
?>


The original query:

Hi there.
Hope you can help me with this.

The idea:

Well, I have a newuser-terms.php page, which list the terms of registration, and on that page is a button which proceeds the visitor to newuser.php.
What I ultimately want to achieve is that it actually all becomes one page. I want it that when the visitor clicks the button, the application will appear within newuser-terms.php - so that they are "forced" in a manner of speaking to read the terms.

How do I think I could achieve this?:

Well, I guess it'd still keep the newuser.php itself for the application HTML code, but i'd need to add something to that so it can only be loaded within newuser-terms.php and not directly otherwise it's pointless.
Would I use something like include('myApp.php'); and some form of the require(). I suppose the button would need something like newuser-terms.php?agreed=1 to make the application appear. Do you think this is possible?

I'm using:

Apache 1.3.27, PHP 4.3.2

Many thanks if you can help me with this.





Thanks.

Ok managed to get it working, and also for the terms to "vanish" when the button was pressed, forgot to mention that.
Can you just confirm I've done this right and it's ok/secure or if you have any suggestions?

The code:


<?php
if (!eregi("page.php", $_SERVER['PHP_SELF'])) {
die ("Sorry, You cannot access this file directly...");
}

$index = 0;
include("header.php");
?>

<?php
if (isset($_POST["proceed"]))
{
?>
The newuser HTML code.
<?php
} else {
?>
The terms
<?php
}
?>

<?php
include("footer.php");
?>


and the html i'm using for the button to submit this (as it's page.php?p=newuser):


<form action="page.php?p=newuser" method="post"><input type="hidden" name="proceed" value="1"><input type="submit" class="mainoption" value="Proceed">
</form>


How does this look? any suggestions and do you think it's pretty secure/OK?
Your help is much appreciated.

Ok, let me hit them one at a time...

you should use if(!empty instead of if(isset because your code will allow and empty ID.

Since all you are doing is checking if a hidden form field is set, I can't see the benefit of checking if it is empty over just checking if it was set.

and you should probable get rid of eregi, because that can be done without a regexp (please correct me if i'm wrong).

Correct, and true. Something like strstr() (http://us3.php.net/manual/en/function.strstr.php) would be more appropriate.

additionally you might want to show the footer before you let the script die. for instance: echo "bad boy, you are not allowed to do that"; include("footer.php"); exit;"

Depends if you want the footer to be included with your error message. If you do, odds are very good you'll also want to include the header. :)

lol... I see you edited your post. Well, there are my answers, anyway... :p

Hi ok - last few qus on this thread, sorry! :D

Instead of:


<?php
if (!eregi("page.php", $_SERVER['PHP_SELF'])) {
die ("Sorry, You cannot access this file directly...");
}

$index = 0;
include("header.php");
?>

<?php
if (isset($_POST["proceed"]))
{
?>
The newuser HTML code.
<?php
} else {
?>
The terms
<?php
}
?>

<?php
include("footer.php");
?>


Should I use (seeming as we tidied up the other php (the other thread)):


<?php
if (!eregi("page.php", $_SERVER['PHP_SELF'])) {
die ("Sorry, You cannot access this file directly...");
}

$index = 0;
include("header.php");
?>

<?php
if (isset($_POST["proceed"]))
{
?>

The newuser HTML code.

<?php
} else {
?>

The terms

<?php
}
include("footer.php");
?>


Also any other suggestions of how to improve it or is it ok with no gaping holes? :p

many thanks!

It looks pretty good. One thing you might want to change is this:

if (!eregi("page.php", $_SERVER['PHP_SELF'])) {

to:

if (!strstr($_SERVER['PHP_SELF'], "page.php")) {

ahh i'd have to change that on all my pages, as they all have that.
Thanks pyro.
I've changed the "}" into the bottom <?php with the footer - so that's fixed.
:)

so now:


<?php
if (!strstr($_SERVER['PHP_SELF'], "page.php")) {
die ("Sorry, You cannot access this file directly...");
}

$index = 0;
include("header.php");
?>

Sure thing. :)

Okie done.

Just wondering, my header.php/footer.php have:

header.php:


<?php
session_start();
if (eregi("header.php",$_SERVER['PHP_SELF'])) {
Header("Location: index.php");
die();
}

$header = 1;
?>


footer.php:


<?php
if (eregi("footer.php",$_SERVER['PHP_SELF'])) {
Header("Location: index.php");
die();
}

$footer = 1;
?>


would they need to be changed?

I would, as there really is no reason to invoke the regex engine to simply check if one string is contained in another. strstr() or strpos() will work fine.

Okie pyro, think i'm all done.
thank you very very much for all your help.
Quick overview... of the code I *think* should be using, please correct me if I've done anything wrong. I'd really aprpeciate your "it's ok" :) The other one - with the conctact and this script splitting the terms would be appreciated to know it's ok.

For contact.php:


<?php
if (!strstr($_SERVER['PHP_SELF'], "page.php")) {
die ("Sorry, You cannot access this file directly...");
}

$index = 0;
include("header.php");

if (isset($_GET['id'])) {

$id = $_GET['id'];

$info = "/home/LAN/public_html/staffinfo/".$id.".html";

if (file_exists($info)) {
include ($info);
} else {
echo "Sorry, that ID does not exist. Please try again.";
}

}
else {
?>

<div align="center">
staff list.
<br /></div>

<?php
}
include("footer.php");
?>


For my application-split:


<?php
if (!strstr($_SERVER['PHP_SELF'], "page.php")) {
die ("Sorry, You cannot access this file directly...");
}

$index = 0;
include("header.php");
?>

<?php
if (isset($_POST["proceed"]))
{
?>

<div align="center">
The application here.
<br /></div>

<?php
} else {
?>

<div align="center">
The terms to be displayed first here.
<br /></div>

<?php
}
include("footer.php");
?>


My page.php:


<?php

if (isset($_GET['p'])) {

$dir = "/home/LAN/public_html/"; #root path to directory

$p = (strstr($_GET['p'], ".php")) ? $_GET['p'] : $_GET['p'].".php";

$p = str_replace("../", "", $p); #remove any ../

if (file_exists($dir.$p)) {

include $p;

}

else {

include "index.php";

}

}

else {

include "index.php";

}

?>


Top of all pages:


<?php
if (!strstr($_SERVER['PHP_SELF'], "page.php")) {
die ("Sorry, You cannot access this file directly...");
}

$index = 0;
include("header.php");
?>

and bottom:

<?php
include("footer.php");
?>


and header.php:


<?php
session_start();
if (!strstr($_SERVER['PHP_SELF'], "header.php")) {
Header("Location: index.php");
die();
}

$header = 1;
?>


lastly footer.php:


<?php
if (!strstr($_SERVER['PHP_SELF'], "footer.php")) {
Header("Location: index.php");
die();
}

$footer = 1;
?>


thanks!!!

Ok, it all looks pretty good. The only big thing would be that I would change Header() to header() on header.php and footer.php.

Thanks!
No gaping holes then!?
yahoooo!!
changed that too:

header("Location: index.php");

Thanks so much pyro!

Happy to help. :)

Originally posted by pyro
Ok, it all looks pretty good. The only big thing would be that I would change Header() to header() on header.php and footer.php.

Sorry to make this drag pyro. Any little things you've noticed that I should perhaps do, anything to make this as perfect as is much appreciated - I really wanna be able to just leave it and not worry about it. Or did you mean that's the only thing that needed changing?

thanks so much for this pyro, your help over today/last night is much appreciated.

also pyro, am I correct in thinking this is a little better?
on my contact.php I have:

$info = "/home/LAN/public_html/staffinfo/".$id.".html";

Should I use:
$info = "/home/LAN/public_html/staffinfo/$id.html";

I'm a little concerned about people being able to to load anything with that, or did I do it correctly so that ONLY .html is loaded?

Correct, only .html files wil be able to be loaded, as you are prepending that to the end of the string. Also, since PHP has variable interpolation with double quotes, it will be fine to use your second example.

Thanks! :) re-assured now.
Last qu - promise ;) (like you believe me...hahha)

the page.php I posted earlier, for all the time i've been using it, just noticed something.
I can do page.php?p=page and it seems to just load and load and load, and weirdly the server goes under strain, is this a bug? can it be avoided?

ta =)

Yes, that would be putting it into an endless loop. Not good. ;)

Try changing this:

$p = (strstr($_GET['p'], ".php")) ? $_GET['p'] : $_GET['p'].".php";
to this (just adding one statement, but showing you where to put it)

$p = (strstr($_GET['p'], ".php")) ? $_GET['p'] : $_GET['p'].".php";
$p = ($p == "page.php") ? "" : $p;

ok wonderful thanks pyro.
So with these lil changes, ya think my php is ok, quite secure and ok?
:) thanks.

Yep, I'd say so. People would have to guess the name of the HTML page to view it, and if they guess it, they could just type it into their location bar and get it, so it should be fine.

Okay pyro, thanks.
Page.php is now:


<?php

if (isset($_GET['p'])) {

$dir = "/home/LAN/public_html/"; #root path to directory

$p = (strstr($_GET['p'], ".php")) ? $_GET['p'] : $_GET['p'].".php";
$p = ($p == "page.php") ? "" : $p;

$p = str_replace("../", "", $p); #remove any ../

if (file_exists($dir.$p)) {

include $p;

}

else {

include "index.php";

}

}

else {

include "index.php";

}

?>


So that should be okay, as for the rest of the PHP (the post where I put all my PHP) you think that's all okay? nothing i need to add/rem?

Thankies pyro again.

Hi pyro again.
Did some reading, didn't want to keep bugging you!
I kept on loading, and a standard freebsd KDE konqueror said tehre was a cyclic link in my index.php, as index.php has hardly anything, just an include to header.php, i had a look at that.

Before we had:


<?php
session_start();
if (!strstr($_SERVER['PHP_SELF'], "header.php")) {
header("Location: index.php");
die();
}

$header = 1;
?>


The "!" shouldn't have been there, as (kind of quote from teh page I read) $_SERVER['PHP_SELF'] is always teh name of the REQUESTED php page, so the string comparisons will always fail, if() will redirect over and over. (or something!)

Fixed this by removing the "!" and moving session_start(); after the if(), as apparantly it's not meant to be above. So we have now:


<?php
if (strstr($_SERVER['PHP_SELF'], "header.php")) {
header("Location: index.php");
die();
}

session_start();
$header = 1;
?>


Correct? All else working great!

Does this mean I need to remove the "!" from all the other pages too, as on the other pages I have:


<?php
if (!strstr($_SERVER['PHP_SELF'], "page.php")) {
die ("Sorry, You cannot access this file directly...");
}

$index = 0;
include("header.php");
?>


It seems to be working okay now, with just the header/footer.php without the ! just wondered if I need all the others modified too.

The page.php?p=page brings up an error now, which is good, but is there a way to echo an error isntead of the standard PHP one? I get:

Warning: main(): Failed opening '' for inclusion (include_path='.:/usr/local/lib/php') in /home/LAN/public_html/page.php on line 14

Thanks pyro.

ok, here it is:

[php]
if ($_GET["mode"] == "terms" {
terms contents
}

if ($_GET["mode"] == "register" {
Register page code
}

In the page with terms u would need form action/link to be page.php?mode=register

Or if he declines then be index.php or whatever...

Aoeguy

Hiya aoeguy, thanks for your reply.
Did you mean to post it here?
I don't understand what you mean...

thanks.

U wanted to know how to have the stuff in one page...
What didnt u understand?

Ah it was meant for me.

Thanks.

pyro and idea on the "!" thing?

Yes, from looking at it, you will want to remove the ! from the if statements.

Hi pyro.
thanks.
I've removed them off the header/footer.php, but not off the normal pages, that have:

<?php
if (!strstr($_SERVER['PHP_SELF'], "page.php")) {
die ("Sorry, You cannot access this file directly...");
}

$index = 0;
include("header.php");
?>

Would they need to have the "!" removeD? They seem to be working ok with it.
Thanks.

Yes, I think you would want to remove it from all of them. Basically, it works like this:

Without the ! it checks if the second paramater is contained in the first. So, if the pages is named page.php and you do not want it to be able to be called directly, you would not want to have the ! in there.

Thank you very much pyro.
So, I have now from all your help, and the changes you've guided me to make the following PHP, hopefully this is ok/secure/"proper" :).

Top of all pages:


<?php
if (strstr($_SERVER['PHP_SELF'], "page.php")) {
die ("Sorry, You cannot access this file directly...");
}

$index = 0;
include("header.php");
?>


Top of header.php:


<?php
if (strstr($_SERVER['PHP_SELF'], "header.php")) {
header("Location: index.php");
die();
}

session_start();
$header = 1;
?>


Top of footer.php:


<?php
if (strstr($_SERVER['PHP_SELF'], "footer.php")) {
header("Location: index.php");
die();
}

$footer = 1;
?>


Bottom of pages to include footer:


<?php
include("footer.php");
?>


Contact.php:


<?php
if (strstr($_SERVER['PHP_SELF'], "page.php")) {
die ("Sorry, You cannot access this file directly...");
}

$index = 0;
include("header.php");

if (isset($_GET['id'])) {

$id = $_GET['id'];

$info = "/home/LAN/public_html/staffinfo/$id.html";

if (file_exists($info)) {
include ($info);
} else {
echo "Sorry, that staff ID does not exist. Please try again.";
}

}
else {
?>

Staff list here.

<?php
}
include("footer.php");
?>


split application:


<?php
if (strstr($_SERVER['PHP_SELF'], "page.php")) {
die ("Sorry, You cannot access this file directly...");
}

$index = 0;
include("header.php");
?>

<?php
if (isset($_POST["proceed"]))
{
?>

Application here.

<?php
} else {
?>

Terms.

<?php
}
include("footer.php");
?>


And finally, page.php:


<?php

if (isset($_GET['p'])) {

$dir = "/home/LAN/public_html/"; #root path to directory

$p = (strstr($_GET['p'], ".php")) ? $_GET['p'] : $_GET['p'].".php";
$p = ($p == "page.php") ? "" : $p;

$p = str_replace("../", "", $p); #remove any ../

if (file_exists($dir.$p)) {

include $p;

}

else {

include "index.php";

}

}

else {

include "index.php";

}

?>


All okay now? :) Thanks so much pyro for all this.