My Engine

Written something you are proud of, post it here.
Post Reply
Suero
Posts: 2
Joined: Sat Jul 21, 2012 5:27 pm

My Engine

Post by Suero »

I'm currently working on a base for all my websites, could anyone please check through my code for errors and for things that could be improved?

I would really appreciate your feedback because I want my websites as good as possible, thanks! ;)

Download here (http://ge.tt/85L4mpK/v/0) or see below:

index.php
[syntax=php]
<?php
//Check if something is requested
if (!empty($_GET['u'])){
if (!preg_match('/^([\/a-zA-Z0-9._])+$/', $_GET['u'])){
//Potential hacker, GTFO!
header('Location: /error/404');
exit;
}
else{
$var = explode("/", strip_tags($_GET['u']));
}
}

//Set url to GET variable if available, else set it to Home
$url = !empty($var[0]) ? $var[0] : 'home';

//Set dynamic variables
$a1 = !empty($var[1]) ? $var[1] : false;
$a2 = !empty($var[2]) ? $var[2] : false;
$a3 = !empty($var[3]) ? $var[3] : false;

//Check if .php page exists.
if (file_exists('inc/'.$url.'.php')) {
require_once 'inc/'.$url.'.php';
//Store the loaded page into a variable
$page = new $url($a1,$a2,$a3);
}
else{
//Page not found, 404
header('Location: /error/404');
exit;
}

require_once 'design.php';
?>
[/syntax]
design.php
[syntax=php]<?php
$title = isset($page->title) ? $page->title : ucfirst($url);


echo '<!DOCTYPE html>
<html>
<head>
<title>'.$title.'</title>
<base href="http://'.$_SERVER['HTTP_HOST'].'/" />
</head>
<body>
'.$page->html.'
</body>
</html>
';
?>[/syntax]
inc/error.php
[syntax=php]<?php
class error
{
public $html;
public $title;
function __construct($error)
{
//Check if error ID is valid
if (!is_numeric($error)){
header('Location: /error/404');
exit;
}
else{
//Error ID is valid
$this->html .= '<h1>'.$error.'</h1><br/><br/>';

switch ($error)
{
case 404:
//Not found
$this->title = 'Error: 404';
$this->html .= 'Page not found.';
break;

default:
header('Location: /error/404');
exit;
}
}
}
}
?>[/syntax]
inc/home.php
[syntax=php]<?php
class home
{
public $html;
public $title;

function __construct()
{
$this->title = 'Home';

$this->html .= 'Welcome!';
}
}
?>[/syntax]
.htaccess
[syntax=text]
RewriteBase /

Options +FollowSymlinks
RewriteEngine on

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l

RewriteRule ^(.*)$ index.php?u=$1 [QSA,L]
[/syntax]
Top
User avatar
Helx
Posts: 350
Joined: Thu May 17, 2012 6:45 am
Location: Auckland, New Zealand

Re: My Engine

Post by Helx »

With index.php (line 6), instead of an error page, why not a HoneyPot?
I do that when somebody tries to see my /cores/ directory so I can have logs of potential hackers.

This is the code I use (flat file logging)
[syntax=php]<?php
if (getenv(HTTP_X_FORWARDED_FOR)){
$tbl_783424=getenv(HTTP_X_FORWARDED_FOR);
} else {
$tbl_783424=getenv(REMOTE_ADDR);
}
if ($tbl_783424){
$fh_4387565384756 = fopen('blank_local_webpage.html', 'a');
if($fh_4387565384756){
$HP_output = "<small><font face='Arial, Helvetica, Consolas'>" . $tbl_783424 . " - " . date("d/m/Y H:i:s") . "</font></small><br />\r\n";
fwrite($fh_4387565384756, $HP_output);
fclose($fh_4387565384756);
}
}

header('Location: http://website.net/404.php');
?>[/syntax]

You will notice the 'HTTP_X_FORWARDED_FOR' if() block, this is so proxies aren't logged, but the user itself is.
Top
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:
Contact jacek

Re: My Engine

Post by jacek »

You should really quote those strings
[syntax=php]if (getenv('HTTP_X_FORWARDED_FOR')){[/syntax]

and make use of $_SERVER
[syntax=php]if ($_SERVER['HTTP_X_FORWARDED_FOR']){[/syntax]

And then use isset()

[syntax=php]if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])){[/syntax]
:D
Image
Top
User avatar
Helx
Posts: 350
Joined: Thu May 17, 2012 6:45 am
Location: Auckland, New Zealand

Re: My Engine

Post by Helx »

And then use CSS instead of defining more and more text tags
[syntax=css]*{ /* Not too sure if "*" actually works... I may use html{ } */
font-family: Arial, monospace, sans-serif;
font-size: 8px;
}[/syntax]

And then apply security to the flat file storage
[syntax=php]<?php
if(isset($_SESSION["username"])){
echo "CONTENT";
}else{
header('Location: 404.php');
}
?>[/syntax]

And then make sure not just anybody who logged in could access it
[syntax=php]<?php
$usr = $_SESSION["username"];
$id = $_SESSION["id_num"];
$sql="SELECT * FROM $tbl_name WHERE username='$usr' and id='$id'";
$result=mysql_query($sql);
$array=mysql_fetch_array($result); // Array, because I'm going to use it elsewhere : )
if($array["perm_level"] < 1){
echo "CONTENT";
}else{
echo "You do not have the correct permissions level";
}
?>[/syntax]

I'm still working on the script XD

Hehe, I should probably update my code :)
Top
Suero
Posts: 2
Joined: Sat Jul 21, 2012 5:27 pm

Re: My Engine

Post by Suero »

jacek wrote:You should really quote those strings
[syntax=php]if (getenv('HTTP_X_FORWARDED_FOR')){[/syntax]

and make use of $_SERVER
[syntax=php]if ($_SERVER['HTTP_X_FORWARDED_FOR']){[/syntax]

And then use isset()

[syntax=php]if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])){[/syntax]
:D


That is cool and all, but could you find some errors in my code? :roll:
Top
User avatar
Helx
Posts: 350
Joined: Thu May 17, 2012 6:45 am
Location: Auckland, New Zealand

Re: My Engine

Post by Helx »

Doesn't look like theres any syntax errors.

Have you tried running it in your browser?
Top
Post Reply

Return to “Code”