Posts: 456
Name: RAHUL RAJ
Location: Cochin, Kerala, India
|
The typical way to write your index page, if you are not really that knowledgeable in PHP, is just go about coding whatever there is for the index page. For instance, suppose that your index page has a login form and some introductory text. Your approach would be to just write the code for the index page and then, for every link on that page, create another page. This would mean that you now have an index.php page, a contact.php page, a mail.php page and more.
The “index.php?page=home” Way
Instead of having a home.php page, you see something like “index.php?page=home”. The same happens for every page of the website. What happens is that the index.php page includes the code of the other webpages, as asked. The variable page that you notice in the url is actually a typical $_GET type global variable that you can read in order to identify what is the page that the browser asks for.
the actual code of index page would be:
$page = isset($_REQUEST['page']) ? $_REQUEST['page'] : 'home';
switch($page)
{
case 'home': break;
case 'mail': break;
case 'contact': break;
default:
$page = 'home';
}
include("$page.php");
The index page just gets the $_REQUEST['page'] global variable ($_REQUEST is a union of $_GET and $_POST, retrieves whatever is available).If an attacker somehow manages to upload a new php page, say hello.php, this index page, without the switch structure, would execute it normally when instructed with index.php?page='hello'. However, if the switch is there, hello.php never gets executed. Instead, the default home.php gets executed. This is always a very good practice and you should really stick to it. 
Last edited by rahulraj; 06-22-2010 at 02:30 AM..
|
