开发者

Index file loader, Wordpress-like

开发者 https://www.devze.com 2023-02-18 02:16 出处:网络
I have a website with a huge htaccess, but I\'m trying to find a nice way to have a Wordpress-like index.php file: everything is redirected to it, it starts the system, loads include files, loads conf

I have a website with a huge htaccess, but I'm trying to find a nice way to have a Wordpress-like index.php file: everything is redirected to it, it starts the system, loads include files, loads configuration files, and finally it loads the HTML environment.

I'm not sure if complex websites use this system, I'm not sure if it's a good way to load a page, but I think it is since the index.php would load most of the include files and would define constants that are used on most pages, so I won't have to include and define in every page.

So what I'm asking here if any of you know a good way to do this. If everything is directed to index.php then it'd act like an .htaccess, and the only开发者_开发百科 way I can think of it will load the content for the correct page is by checking the $_SERVER['REQUEST_URI'] variable and according to it, load a page (it'd have many "if").

Or I could use the huge .htaccess and make requests like "www.site.com/post/" go to "index.php?page=post" and load pages according to $_GET['post'].

Since the answer could be long, I was thinking of a website where this is explained or something like that, or the name for this system (if it has one), so if any of you know how to correctly use this system, please let me know how can I find more information about it.


There are tutorials for Model View Controller type frameworks out there that largely describe what you want to do. Here is a nice and simple example. Have a look at it and see if it's usefull to you.


I saw something similar where they would use the Apache rewrite engine to redirect a URL to index.php?page=$page They would pull the name out of the $_REQUEST variable, check the file_exists() function for that file name and assign to $page.

They ran into a security problem where even though the file_exists() function would return true, an attacker could still inject something from the server, like a password file. They ended up also checking that the file was named '.php' via a string function.

Short of creating a list of known page names and checking against that, I wouldn't advise using this way unless you can be sure to lock it down from code injection attacks.

If you proceed: include a core file that includes your configuration and constants, then sets up everything else before including $page.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号