I'm currently working on a base for all my websites, could anyone please check through my code for errors and for things that could be improved?
I would really appreciate your feedback because I want my websites as good as possible, thanks!
Download here (http://ge.tt/85L4mpK/v/0) or see below:
index.php
[syntax=php]
<?php
//Check if something is requested
if (!empty($_GET['u'])){
if (!preg_match('/^([\/a-zA-Z0-9._])+$/', $_GET['u'])){
//Potential hacker, GTFO!
header('Location: /error/404');
exit;
}
else{
$var = explode("/", strip_tags($_GET['u']));
}
}
//Set url to GET variable if available, else set it to Home
$url = !empty($var[0]) ? $var[0] : 'home';
//Set dynamic variables
$a1 = !empty($var[1]) ? $var[1] : false;
$a2 = !empty($var[2]) ? $var[2] : false;
$a3 = !empty($var[3]) ? $var[3] : false;
//Check if .php page exists.
if (file_exists('inc/'.$url.'.php')) {
require_once 'inc/'.$url.'.php';
//Store the loaded page into a variable
$page = new $url($a1,$a2,$a3);
}
else{
//Page not found, 404
header('Location: /error/404');
exit;
}
require_once 'design.php';
?>
[/syntax]
design.php
[syntax=php]<?php
$title = isset($page->title) ? $page->title : ucfirst($url);
echo '<!DOCTYPE html>
<html>
<head>
<title>'.$title.'</title>
<base href="http://'.$_SERVER['HTTP_HOST'].'/" />
</head>
<body>
'.$page->html.'
</body>
</html>
';
?>[/syntax]
inc/error.php
[syntax=php]<?php
class error
{
public $html;
public $title;
function __construct($error)
{
//Check if error ID is valid
if (!is_numeric($error)){
header('Location: /error/404');
exit;
}
else{
//Error ID is valid
$this->html .= '<h1>'.$error.'</h1><br/><br/>';
switch ($error)
{
case 404:
//Not found
$this->title = 'Error: 404';
$this->html .= 'Page not found.';
break;
default:
header('Location: /error/404');
exit;
}
}
}
}
?>[/syntax]
inc/home.php
[syntax=php]<?php
class home
{
public $html;
public $title;
function __construct()
{
$this->title = 'Home';
$this->html .= 'Welcome!';
}
}
?>[/syntax]
.htaccess
[syntax=text]
RewriteBase /
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.*)$ index.php?u=$1 [QSA,L]
[/syntax]
My Engine
Re: My Engine
With index.php (line 6), instead of an error page, why not a HoneyPot?
I do that when somebody tries to see my /cores/ directory so I can have logs of potential hackers.
This is the code I use (flat file logging)
[syntax=php]<?php
if (getenv(HTTP_X_FORWARDED_FOR)){
$tbl_783424=getenv(HTTP_X_FORWARDED_FOR);
} else {
$tbl_783424=getenv(REMOTE_ADDR);
}
if ($tbl_783424){
$fh_4387565384756 = fopen('blank_local_webpage.html', 'a');
if($fh_4387565384756){
$HP_output = "<small><font face='Arial, Helvetica, Consolas'>" . $tbl_783424 . " - " . date("d/m/Y H:i:s") . "</font></small><br />\r\n";
fwrite($fh_4387565384756, $HP_output);
fclose($fh_4387565384756);
}
}
header('Location: http://website.net/404.php');
?>[/syntax]
You will notice the 'HTTP_X_FORWARDED_FOR' if() block, this is so proxies aren't logged, but the user itself is.
I do that when somebody tries to see my /cores/ directory so I can have logs of potential hackers.
This is the code I use (flat file logging)
[syntax=php]<?php
if (getenv(HTTP_X_FORWARDED_FOR)){
$tbl_783424=getenv(HTTP_X_FORWARDED_FOR);
} else {
$tbl_783424=getenv(REMOTE_ADDR);
}
if ($tbl_783424){
$fh_4387565384756 = fopen('blank_local_webpage.html', 'a');
if($fh_4387565384756){
$HP_output = "<small><font face='Arial, Helvetica, Consolas'>" . $tbl_783424 . " - " . date("d/m/Y H:i:s") . "</font></small><br />\r\n";
fwrite($fh_4387565384756, $HP_output);
fclose($fh_4387565384756);
}
}
header('Location: http://website.net/404.php');
?>[/syntax]
You will notice the 'HTTP_X_FORWARDED_FOR' if() block, this is so proxies aren't logged, but the user itself is.
Re: My Engine
You should really quote those strings
[syntax=php]if (getenv('HTTP_X_FORWARDED_FOR')){[/syntax]
and make use of $_SERVER
[syntax=php]if ($_SERVER['HTTP_X_FORWARDED_FOR']){[/syntax]
And then use isset()
[syntax=php]if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])){[/syntax]
[syntax=php]if (getenv('HTTP_X_FORWARDED_FOR')){[/syntax]
and make use of $_SERVER
[syntax=php]if ($_SERVER['HTTP_X_FORWARDED_FOR']){[/syntax]
And then use isset()
[syntax=php]if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])){[/syntax]
Re: My Engine
And then use CSS instead of defining more and more text tags
[syntax=css]*{ /* Not too sure if "*" actually works... I may use html{ } */
font-family: Arial, monospace, sans-serif;
font-size: 8px;
}[/syntax]
And then apply security to the flat file storage
[syntax=php]<?php
if(isset($_SESSION["username"])){
echo "CONTENT";
}else{
header('Location: 404.php');
}
?>[/syntax]
And then make sure not just anybody who logged in could access it
[syntax=php]<?php
$usr = $_SESSION["username"];
$id = $_SESSION["id_num"];
$sql="SELECT * FROM $tbl_name WHERE username='$usr' and id='$id'";
$result=mysql_query($sql);
$array=mysql_fetch_array($result); // Array, because I'm going to use it elsewhere : )
if($array["perm_level"] < 1){
echo "CONTENT";
}else{
echo "You do not have the correct permissions level";
}
?>[/syntax]
I'm still working on the script XD
Hehe, I should probably update my code
[syntax=css]*{ /* Not too sure if "*" actually works... I may use html{ } */
font-family: Arial, monospace, sans-serif;
font-size: 8px;
}[/syntax]
And then apply security to the flat file storage
[syntax=php]<?php
if(isset($_SESSION["username"])){
echo "CONTENT";
}else{
header('Location: 404.php');
}
?>[/syntax]
And then make sure not just anybody who logged in could access it
[syntax=php]<?php
$usr = $_SESSION["username"];
$id = $_SESSION["id_num"];
$sql="SELECT * FROM $tbl_name WHERE username='$usr' and id='$id'";
$result=mysql_query($sql);
$array=mysql_fetch_array($result); // Array, because I'm going to use it elsewhere : )
if($array["perm_level"] < 1){
echo "CONTENT";
}else{
echo "You do not have the correct permissions level";
}
?>[/syntax]
I'm still working on the script XD
Hehe, I should probably update my code
Re: My Engine
jacek wrote:You should really quote those strings
[syntax=php]if (getenv('HTTP_X_FORWARDED_FOR')){[/syntax]
and make use of $_SERVER
[syntax=php]if ($_SERVER['HTTP_X_FORWARDED_FOR']){[/syntax]
And then use isset()
[syntax=php]if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])){[/syntax]
That is cool and all, but could you find some errors in my code?
Re: My Engine
Doesn't look like theres any syntax errors.
Have you tried running it in your browser?
Have you tried running it in your browser?