On www.animeomnitude.com Code (markup): I have an include in the content area which is <?php /* Inklude v2.3 By: Kage (Alex) E-Mail: Kage@DBZSC.com URL: http://www.dbzsc.com/?dbzsc=phpinclude Copyright: © 2002-2005 Kage (Alex), All Rights Reserved. */ // Settings: $abspath = "."; // Set the above to your absolute path. _DO NOT_ include a trailing slash. // You can leave it as "." and it should work just fine. $extension = "php"; // The extention of included files. It is STRONGLY recommended you use a unique extension // that will be used by NO other files except include files. _DO NOT_ include a dot. // It is also STRONGLY recommended that you absolutely DO NOT use PHP as include extentions. $defaultfile = ""; // This is the default file that is called should no query be provided. You MUST include the // extension, however, _DO NO_ include the absolute path, that's already added by what you // provided in $abspath. $errorfile = "404.shtml"; // This is the error file included should someone provide a nonexistant query. You MUST // include the extension, however, _DO NO_ include the absolute path, that's already added // by what you provided in $abspath. $query = "page"; // This is the query used when calling include pages. // Ex: main.php?id=blah -- id is the query // End User Serviceable Parts clearstatcache(); $includestring = ""; $mainpage = urldecode($$query); $mainstring = $abspath."/".$mainpage.".".$extension; if (!$mainpage) { $includestring = $abspath."/".$defaultfile; } elseif (ereg("\.\.", $mainpage) || substr($mainpage,0,2) == "./" || substr($mainpage,0,3) == "../") { die("Screw off."); } else { if (file_exists($mainstring) && is_file($mainstring)) { $includestring = $mainstring; } else { $includestring = $abspath."/".$errorfile; } } @include($includestring); // End Of Inklude ?> PHP: However when you try to click a link on the side it doesn't load it up. Can anyone help me? Cheers
I'd start by removing the @ from the include statement as that is supressing error messages. Run again and let us know what error is reported.
i.e. make sure that $includestring translates to a valid file reference that exists on your server. So if for example the end result of your $inputstring manipulations ($abspath, $mainpage etc) is "myinclude.inc", then make sure it actually exists. Echo it and see what it boils down to.
<?php error_reporting(E_ALL); /* Inklude v2.3 By: Kage (Alex) E-Mail: Kage@DBZSC.com URL: http://www.dbzsc.com/?dbzsc=phpinclude Copyright: © 2002-2005 Kage (Alex), All Rights Reserved. */ // Settings: $abspath = "."; // Set the above to your absolute path. _DO NOT_ include a trailing slash. // You can leave it as "." and it should work just fine. $extension = "php"; // The extention of included files. It is STRONGLY recommended you use a unique extension // that will be used by NO other files except include files. _DO NOT_ include a dot. // It is also STRONGLY recommended that you absolutely DO NOT use PHP as include extentions. $defaultfile = ""; // This is the default file that is called should no query be provided. You MUST include the // extension, however, _DO NO_ include the absolute path, that's already added by what you // provided in $abspath. $errorfile = "404.shtml"; // This is the error file included should someone provide a nonexistant query. You MUST // include the extension, however, _DO NO_ include the absolute path, that's already added // by what you provided in $abspath. $query = "page"; // This is the query used when calling include pages. // Ex: main.php?id=blah -- id is the query // End User Serviceable Parts clearstatcache(); $includestring = ""; $mainpage = urldecode($$query); $mainstring = $abspath."/".$mainpage.".".$extension; if (!$mainpage) { $includestring = $abspath."/".$defaultfile; } elseif (ereg("\.\.", $mainpage) || substr($mainpage,0,2) == "./" || substr($mainpage,0,3) == "../") { die("Screw off."); } else { if (file_exists($mainstring) && is_file($mainstring)) { $includestring = $mainstring; } else { $includestring = $abspath."/".$errorfile; } } echo $includestring; ?> PHP: Run that and it should display/echo the dir/file path, can you reply with that? along with any errors.
Heh, thanks. Atleast it shows something different now. Notice: Undefined variable: page in /home/animeomn/public_html/index.php on line 169 ./ PHP:
Why don't you make life simpler by using cases for your includes, and avoid playing with absolute paths and all? Remove all $abspath references, I don't think you need it here.
Here try this instead: <?php //change this if needed... $abs_path = $_SERVER['DOCUMENT_ROOT']; //the default file to include if none selected... $default_file = ''; //the extension for the included file... $extension = 'php'; //page.php?page=... $query = 'page'; //check if value is set or use the default_file... $current_page = (isset($_GET[$query])) ? $_GET[$query] : $default_file; //clean it up... $current_page = trim(urldecode($current_page)); //validate... $page = (preg_match('~^[\w\-]{1,}$~', $current_page)) ? $current_page : null; if (isset($page)) { $file_name = $page . ".{$extension}"; //remove trailing slash... if (substr($abs_path, -1) == '/') { $abs_path = rtrim($text, '/'); } elseif (substr($abs_path, -1) == '\\') { $abs_path = rtrim($text, '\\'); } if (file_exist($file_name)) { require_once($file_name); } elseif (file_exist($abs_path . "/" . $file_name)) { require_once($abs_path . "/" . $file_name); } else { trigger_error('No file exists under that filename', E_USER_ERROR); } } else { trigger_error('$current_page is not a valid filename', E_USER_ERROR); } ?> PHP:
Appreciate that a lot. I feel we are getting there. However Fatal error: Call to undefined function file_exist() in /home/animeomn/public_html/index.php on line 160 PHP: and Fatal error: $current_page is not a valid filename in /home/animeomn/public_html/index.php on line 168 PHP: My code now reads as <?php //change this if needed... $abs_path = $_SERVER['DOCUMENT_ROOT']; //the default file to include if none selected... $default_file = 'news.php'; //the extension for the included file... $extension = 'php'; //page.php?page=... $query = 'index'; //check if value is set or use the default_file... $current_page = (isset($_GET[$query])) ? $_GET[$query] : $default_file; //clean it up... $current_page = trim(urldecode($current_page)); //validate... $page = (preg_match('~^[\w\-]{1,}$~', $current_page)) ? $current_page : null; if (isset($page)) { $file_name = $page . ".{$extension}"; //remove trailing slash... if (substr($abs_path, -1) == '/') { $abs_path = rtrim($text, '/'); } elseif (substr($abs_path, -1) == '\\') { $abs_path = rtrim($text, '\\'); } if (file_exist($file_name)) { require_once($file_name); } elseif (file_exist($abs_path . "/" . $file_name)) { require_once($abs_path . "/" . $file_name); } else { trigger_error('No file exists under that filename', E_USER_ERROR); } } else { trigger_error('$current_page is not a valid filename', E_USER_ERROR); } ?> PHP:
Change the file_exist to file_exists http://php.net/manual/en/function.file-exists.php and remember, this is your opportunity to learn. You could have checked at php.net for the correct function name quickly and easily.
Weird this seems to be happening for any php include code I use now. I tried using <?php if (isset($_GET['pg']) && $_GET['pg'] != "") { $pg = $_GET['pg']; if (file_exists('pages/'.$pg.'.php')) { @include ('pages/'.$pg.'.php'); } elseif (!file_exists('pages/'.$pg.'.php')) { echo 'Page you are requesting doesn´t exist'; } } else { @include ('pages/home.php'); } ?> PHP: and same thing happened
if (isset($_GET['pg']) && $_GET['pg'] != "") { $pg = $_GET['pg']; include("pages/$pg"); } Code (markup): works, provided that /pages directory contains the file retrieved by $pg without extensions (e.g. index.php?pg=myinclude) if you want an extension, just write include("pages/$pg.php"); or whatever, but then makesure the display.php for example, exists in the pages dir
Try this instead, fixed the typo etc.: <?php //change this if needed... $abs_path = 'pages'; //the default file to include if none selected (without extension)... $default_file = 'home'; //the extension for the included file... $extension = 'php'; //page.php?page=... $query = 'index'; //check if value is set or use the default_file... $current_page = (isset($_GET[$query])) ? $_GET[$query] : $default_file; //clean it up... $current_page = trim(urldecode($current_page)); //validate... $page = (preg_match('~^[\w\-]{1,}$~', $current_page)) ? $current_page : null; if (isset($page)) { $file_name = $page . ".{$extension}"; //remove trailing slash... if (substr($abs_path, -1) == '/') { $abs_path = rtrim($text, '/'); } elseif (substr($abs_path, -1) == '\\') { $abs_path = rtrim($text, '\\'); } if (file_exists($file_name)) { require_once($file_name); } elseif (file_exists($abs_path . "/" . $file_name)) { require_once($abs_path . "/" . $file_name); } else { trigger_error('No file exists under that filename', E_USER_ERROR); } } else { trigger_error('$current_page is not a valid filename', E_USER_ERROR); } ?> PHP:
Still struggling? Haha...my solution works 101% but if you don't want to use it...oh well, ta-ta & good luck dude.
No it would'nt as your solution would work the same as anyone's elses, furthermore your solution is vulnerable.