im trying to make my links open in the same page with html and php includes... i need some help. My links are like this <a href="index.php?id=test">Test Link</a>. I want each link that i type to open up in my php include...so basically I want the php include to open any html file as long as it has the correct id to the name of the file. I need the code if anyone can help and if possible make it where index.php opens the news page.

PHP Code:

//check here to make it is correct name
if($_GET['id']!='test')
    die('invalid data');

include $_GET['id']; 


well it's simple,
just check it whether id requested do exist or not if not then redirect it to your desired page, but remember one thing that you will have many ids in future as you will increase your pages, so the above suggestion will not help you out. In that case you need to cross check it with your database.
/*suppose you are having a table with name pageinfo which is having a field page_id */

$id=$_GET['id'];
$sql= "select * from pageinfo where page_id='".$id."'";
$rs=mysql_query($sql);
$count=mysql_num_rows($rs);
if($count!>0)
{
header("Location=yourpage.php")
}

AND check that the ID does NOT contain a reference to an external source.

Quote:

Originally Posted by chrishirst

AND check that the ID does NOT contain a reference to an external source.

ps. the code I wrote above in my previous post does this check.

Quote:

Originally Posted by nayes84

PHP Code:

//check here to make it is correct name
if($_GET['id'])!='test')
    die('invalid data');

include $_GET['id']; 


Quote:

Originally Posted by nayes84

Quote:

ps. the code I wrote above in my previous post does this check.

How??
The code only checks that the value is NOT equal to 'test'

Quote:

Originally Posted by chrishirst

How??
The code only checks that the value is NOT equal to 'test'

I understand you meant security measures to avoid code injection.

Checking on 'test' means it can't be any thing other than 'test'

For example if $_GET['id'] equals http://badsite.com/badscript.php

Running

PHP Code:

include $_GET['id']; 


Without checking on id can be very dangerous. So checking if id has certain values like 'test', 'foo' or any valid name is important. Isn't that what you mean?

Quote:

Checking on 'test' means it can't be any thing other than 'test'

Correct, but what if the end user need more than a page called 'test'

While your code will work for one instance and will need editing and extending to cover each page that is added.

Code that will block potentially malicious includes (anything external) while checking that a local page exists with that name will make the code flexible and extendable.

Quote:

Originally Posted by chrishirst

Correct, but what if the end user need more than a page called 'test'

While your code will work for one instance and will need editing and extending to cover each page that is added.

Code that will block potentially malicious includes (anything external) while checking that a local page exists with that name will make the code flexible and extendable.

Correct. but doing that will make another vulnerability in the code.

1- Limiting it to just local files doesn't mean it is 100% safe because it can be used to view protected files or non php files. like perl or cgi which will show the code directly if included in php file ex: include '/home/username/public_html/perlcode.cgi'

2- another thing is if $_GET['id'] for example equals '/secured-zone/secured-data.txt' assuming secured-data.txt file has important users information like passwords or even login information to some services in the server itself. doing checks if file is local only will not detect such an attack and will result in the server getting hacked.

3- can be used to execute uploaded files like uploading a file using some other upload form in the same site/server. doing so place that file in /tmp directory or /home/username/tmp. that file can be remain undeleted if not handled properly by the uploader script.
anyway having such a bug with allowing included using $_GET['id'] as an argument for the file can allow the intruder to upload a file and execute it on the server.

That are only 3 vulnerabilities that I thought of while replying you but I think there are more to mention.

Flexibility & Extendability are a good thing to do but making sure the script secured is much more important, I think.

Yep all possible, provided the "attacker" knows what files exist and their location. and of course that the script developer has not restricted what local folders can be specified.

When coding scripts like this only a file name should be allowed for a local reference and a predetermined folder path added to the file name.

Correct!
And better, if includes are allowed only from a pre-written list either inside the php file itself or in a database. this could limit files to exactly the files allowed for inclusion.
But anyway this would contradict with your script flexibility standard. lol

In short it is a trade off between security and flexibility.