My Engine

Written something you are proud of, post it here.
Post Reply
Suero
Posts: 2
Joined: Sat Jul 21, 2012 5:27 pm

My Engine

Post by Suero »

I'm currently working on a base for all my websites, could anyone please check through my code for errors and for things that could be improved?

I would really appreciate your feedback because I want my websites as good as possible, thanks! ;)

Download here (http://ge.tt/85L4mpK/v/0) or see below:

index.php 
<?php
//Check if something is requested
if (!empty($_GET['u'])){
	if (!preg_match('/^([\/a-zA-Z0-9._])+$/', $_GET['u'])){
		//Potential hacker, GTFO!
		header('Location: /error/404');
		exit;
	}
	else{
		$var = explode("/", strip_tags($_GET['u']));
	}
}

//Set url to GET variable if available, else set it to Home
$url = !empty($var[0]) ? $var[0] : 'home';

//Set dynamic variables
$a1 = !empty($var[1]) ? $var[1] : false;
$a2 = !empty($var[2]) ? $var[2] : false;
$a3 = !empty($var[3]) ? $var[3] : false;

//Check if .php page exists.
if (file_exists('inc/'.$url.'.php')) {	
		require_once 'inc/'.$url.'.php';
		//Store the loaded page into a variable
		$page = new $url($a1,$a2,$a3);
	}
else{
	//Page not found, 404
	header('Location: /error/404');
	exit;
}

require_once 'design.php';
?>
design.php 
<?php
$title = isset($page->title) ? $page->title : ucfirst($url);


echo '<!DOCTYPE html>
<html>
<head>
	<title>'.$title.'</title>
	<base href="http://'.$_SERVER['HTTP_HOST'].'/" />
</head>
<body>
	'.$page->html.'
</body>
</html>
';
?>
inc/error.php 
<?php
class error
	{
		public $html;
		public $title;
		function __construct($error)
		{
			//Check if error ID is valid
			if (!is_numeric($error)){
				header('Location: /error/404');
				exit;
			}
			else{
				//Error ID is valid
				$this->html .= '<h1>'.$error.'</h1><br/><br/>';

				switch ($error)
				{
  				case 404:
	  				//Not found
	  				$this->title = 'Error: 404';
	  				$this->html .= 'Page not found.';
	  				break;

				default:
	  				header('Location: /error/404');
	  				exit;
				}
			}
		}
	}
?>
inc/home.php 
<?php
class home
	{
		public $html;
		public $title;
		
		function __construct()
		{
			$this->title = 'Home';

			$this->html .= 'Welcome!';
		}
	}
?>
.htaccess 
RewriteBase /

Options +FollowSymlinks
RewriteEngine on

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l

RewriteRule ^(.*)$ index.php?u=$1 [QSA,L]
Top
User avatar
Helx
Posts: 350
Joined: Thu May 17, 2012 6:45 am
Location: Auckland, New Zealand

Re: My Engine

Post by Helx »

With index.php (line 6), instead of an error page, why not a HoneyPot?
I do that when somebody tries to see my /cores/ directory so I can have logs of potential hackers.

This is the code I use (flat file logging) 
<?php
if (getenv(HTTP_X_FORWARDED_FOR)){
	$tbl_783424=getenv(HTTP_X_FORWARDED_FOR);
	} else {
		$tbl_783424=getenv(REMOTE_ADDR);
	}
	if ($tbl_783424){
		$fh_4387565384756 = fopen('blank_local_webpage.html', 'a');
		if($fh_4387565384756){
			$HP_output = "<small><font face='Arial, Helvetica, Consolas'>" . $tbl_783424 . " - " . date("d/m/Y H:i:s") . "</font></small><br />\r\n";
			fwrite($fh_4387565384756, $HP_output);
			fclose($fh_4387565384756);
		}
}

header('Location: http://website.net/404.php');
?>
You will notice the 'HTTP_X_FORWARDED_FOR' if() block, this is so proxies aren't logged, but the user itself is.
Top
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:
Contact jacek

Re: My Engine

Post by jacek »

You should really quote those strings 
if (getenv('HTTP_X_FORWARDED_FOR')){
and make use of $_SERVER 
if ($_SERVER['HTTP_X_FORWARDED_FOR']){
And then use isset()
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])){
:D
Image
Top
User avatar
Helx
Posts: 350
Joined: Thu May 17, 2012 6:45 am
Location: Auckland, New Zealand

Re: My Engine

Post by Helx »

And then use CSS instead of defining more and more text tags 
*{ /* Not too sure if "*" actually works... I may use html{ } */
font-family: Arial, monospace, sans-serif;
font-size: 8px;
}
And then apply security to the flat file storage 
<?php
if(isset($_SESSION["username"])){
    echo "CONTENT";
}else{
    header('Location: 404.php');
}
?>
And then make sure not just anybody who logged in could access it 
<?php
$usr = $_SESSION["username"];
$id = $_SESSION["id_num"];
$sql="SELECT * FROM $tbl_name WHERE username='$usr' and id='$id'";
$result=mysql_query($sql);
$array=mysql_fetch_array($result); // Array, because I'm going to use it elsewhere : )
if($array["perm_level"] < 1){
    echo "CONTENT";
}else{
    echo "You do not have the correct permissions level";
}
?>
I'm still working on the script XD

Hehe, I should probably update my code :)
Top
Suero
Posts: 2
Joined: Sat Jul 21, 2012 5:27 pm

Re: My Engine

Post by Suero »

jacek wrote:You should really quote those strings 
if (getenv('HTTP_X_FORWARDED_FOR')){
and make use of $_SERVER 
if ($_SERVER['HTTP_X_FORWARDED_FOR']){
And then use isset()
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])){
:D
That is cool and all, but could you find some errors in my code? :roll:
Top
User avatar
Helx
Posts: 350
Joined: Thu May 17, 2012 6:45 am
Location: Auckland, New Zealand

Re: My Engine

Post by Helx »

Doesn't look like theres any syntax errors.

Have you tried running it in your browser?
Top
Post Reply

Return to “Code”