Introduction I'm aiming this tutorial at people with minimal PHP knowledge who are looking to implement a simple CMS (Content Management System) and learn a bit about PHP on the way. I'm no PHP expert myself so if you notice a better way of doing something that I explain here, feel free to point it out. This method has proved useful to me on a number of sites so I thought I'd share it. So our basic CMS system... if it really qualifies as such... will allow us to have different pages stored in .txt format in a folder on your website, this will, if you haven't already realized, need PHP enabled. I'm not sure how backwards compatible this code is earlier versions of PHP but as far as I know it's fine on 4x and up. These pages will be called from one file, allowing you to keep the design the same throughout. Lets Begin To start with we need our content to manage. Create a folder on your web server, for the purpose of this tutorial I'm using "page/" in the root of my website (eg. htdocs/pages/). Inside that folder create a file, the name and type is not important but I am going to call it "1.txt" for ease of organization, then put your content into it. I am going to put the following; <h3>Sample Content</h3> <p>Testing text, write your content in here just as if it was a normal HTML file.</p> Code (markup): Next we need our actual CMS file, I did say it was basic. Create a file called "cms.php", and in that file code a standard HTML document. The below example is just that, please don't pick holes in it's lack of doctypes and the like. <html> <head><title>Simple CMS Script</title></head> <body> </body> </html> Code (markup): Now we have our template. There are better ways of doing this such as having a template file that your PHP script reads and places the content at an appropriately marked point, but that's for a different tutorial. Now we need our PHP code. In our "cms.php" file, between the body tags, insert the following code; <?php $pagedir = "page/"; //Sets the directory the pages are stored in, relative to the php file $page = $_GET['id']; //Gets page id from the url include $pagedir.$page.".txt"; //Includes the selected page. ?> Code (markup): Now, if you go to your php script in a browser with the identifier "?id=1" afer cms.php (eg. www.example.com/cms.php?id=1) you should end up with a page that is coded like this; <html> <head><title>Simple CMS Script</title></head> <body> <h3>Sample Content</h3> <p>Testing text, write your content in here just as if it was a normal HTML file.</p> </body> </html> Code (markup): The Home Page All good right? Not quite. That works fine but what if there isn't an id in the url? For this I create another .txt file in my page directory called something like "home.txt" or "index.txt", this is my fallback page. In this file you put what you want people to see if they just go to www.example.com/cms.php. It's worth noting that you shouldn't need to do this if you never link to that url, but there will always be someone who knows what their doing that will type that just to see what happens. So this page could have information about what your pages contain, or, for example, if you were using this script as a news posting system, it could display a list of the page in your page directory. This can be done fairly easily in PHP but again, that's for another tutorial. Now we have our fallback page, we need to modify our PHP code by adding an IF ELSE statement before our include. if (isset($_GET["id"])){ //If $_GET ID has a value $page = $_GET["id"]; //Set $page to that value } else { $page ="index"; //Otherwise set it to your fallback page } Code (markup): The Error Page Now our script will check to see if a page ID has been entered, and if it hasn't, it will set it to our fallback page. All nice and seamless so far. There is one more thing though. What if you delete a page from your pages directory? Or someone, just for the hell of it, puts a random value to see if it breaks your site? You don't want your site to break and you don't really want to be throwing up unintelligible PHP errors at users because you've deleted an old page. To prevent this we have one more .txt file to create and a final bit of code to put IN PLACE of our existing include. The file needs to go inside our page directory, I have called it "404.txt" although it should be noted that this is not a real 404 page, the reasons for this being an issue are noted at the end. In this file put something explaining whats going on like "Sorry, this page does not exists or has been deleted" or something of the like. Now the code, remember, this is REPLACING the existing include statement we had. if (file_exists($pagedir.$page.".txt")) { //Check to see if the page exists include $pagedir.$page.".txt"; //If it does, include it } else { include $pagedir."404.txt"; //If not, include an error page } Code (markup): The Final Code So now we can safely call our cms.php page without fear of any unsightly php errors. If no page id is called (www.example.com/cms.php) then we get our fallback home page. If a page that doesn't exist is called (www.example.com/cms.php?id=nonexistantpage) we get our error page. Finally, and most importantly, if a valid page is called (www.example.com/cms.php?id=1) we get the page the user is looking for/has clicked on. By now your full cms.php should look something like this; <?php $pagedir = "page/"; //Sets the directory the pages are stored in, relative to the php file $page = $_GET['id']; //Gets page id from the url if (isset($_GET["id"])){ //If $_GET ID has a value $page = $_GET["id"]; //Set $page to that value } else { $page ="index"; //Otherwise set it to your fallback page } if (file_exists($pagedir.$page.".txt")) { //Check to see if the page exists include $pagedir.$page.".txt"; //If it does, include it } else { include $pagedir."404.txt"; //If not, include an error page } ?> Code (markup): Things To Note First off, I'm not sure if this counts as a CMS, but I believe it's along the same lines and serves the same purpose at a very basic level. As you should hopefully have realized, pretty much nothing I coded is fixed. You can change the extension type from .txt to whatever. For example if you wanted to use php functions in your pages you can have "1.php" instead of "1.txt". On that line, you don't have to call your files 1, 2, 3 etc. I called it that for organizational purposes, but you could call it by name or anything you wanted. A useful way for a news system would be date, for example "050308.txt" would be called "www.example.com/cms.php?id=050308". You also don't need to put your page files in a separate directory, although I strongly recommend you keep the files separate from the other files on your website for ease of use. All this can be done by modifying the appropriate parts of the php file to reflect new locations or file extensions. The final thing to note is that the error page we throw up in this tutorial is not idea from a search engine point of view. Google, for example will remove pages from it's index that return 404 errors. As our error page is not a 404 page, there is the possibility of search engines sending users to your error page from now till the end of time. Well that's all. I haven't got an exact replica of the tutorial online but you can see the script in action at http://www.emptycupboard.co.uk/portfolio.php. I hope this was of use to someone and like I said, if you are a PHP programmer and you can see better ways of doing something feel free to mention it, but remember I was aiming more for simplicity and ease of use than great programming.
Is everypage on that site run using this method? I didn't see variables in the URL, so how did you get it to look like each one has it's own url?
On the emptyCupboard site? No sorry, I guess I wasn't very clear on that. That site... which I should point out isn't entirely finished, uses that method for the portfolio section and the news section. I'll state here and now that the news section is the main part that isn't finished. If you try and play with my news.php script you WILL get some of those unsightly php errors I talked about but I haven't got round to fixing it yet on account of me actually getting clients (who'd have thunk it) That said, as far as I'm aware it is doable to "mask" your ?whatever=blah type links as more SEO friendly links... like permalinks, but this tutorial was meant to be an absolute bottom level basic affair, I only posted it because I started writing it about a week ago and have managed about a sentence or two a night due to time constraints, I decided it was going up tonight.
Typically people invoke a ModRewrite in their .htaccess file. This takes out the so called 'variables' in the URL . . . when in fact they are still there. Just makes them prettier On a side note: It appears this code is vulnerable to a local file include. I am not bothered to look into it, but you may consider verifying the file user's are sending via GET.
Yeah it is, if someone put cms.php?id=../somethingsecret they could potentially get to something they shouldn't be looking at, but in this script it would have to be a .txt file as the extension is coded rather than specified. I should have noted this in the summary.