hi all

Been trying to setup a website where the url wont change in the address bar for security reasons. this is index. php

PHP Code:

<?
session_start(); 
switch ($PAGE)
{
     case "HOME":
          $OPEN = "./myhomepage.php";
          break;
     case "NEWS":
          $OPEN = "./mynewspage.php";
          break;
     case "ADMIN_LOGIN":
          $OPEN = "<a href='Special.htm'>Click here to log in etc</a>";
          break;
     default:
          $OPEN = "./notFound.php";
          break;
}

include($OPEN);

?> 
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>New Page 1</title>
</head>
<body>
<a href='index2.php?PAGE=ADMIN_LOGIN'>Click here to log in etc</a>
</body>
</html>

When the user clicks on the link it just writes downloading index2.php in the status bar, it actualy wont go to the Special.htm page.

Your problem is $PAGE isn't working? Try replacing it with $_GET['PAGE'], since your register globals value in php.ini may be disabled.

But for the record, hiding an admin cp or anything like that behind a simple query string condition is not very secure at all. Security through obscurity doesn't work too well.

Using mod_rewrite to rewrite your URLs is an excellent way to secure your website if you don't want the user to know the directory structure. You might look into doing it that way.

What about passing variables via post to a page that determines what to execute from the variables received?

Enclose every page in <form> tags and make links perform javascript submit() calls instead of using actual the href

By the way, we have done this on a site in the past and Phaedrus is write, using mod_reqrite in Apache using HTaccess files is a much better solution.

This:
$OPEN = "<a href='Special.htm'>Click here to log in etc</a>";

Should be this:
$OPEN = "./Special.htm";

You can include a hyperlink, you can only include other pages.

-dk