UseBB Community: 1.0 Discussion » Includes and Code redundancy

Author	Post
IceNine	#1 Fri May 27, 2005 6:09 pm
Member Registered: Nov 2004 Posts: 18	Let me first say that I think you're doing a great job with this software. So much so that I'm considering donating my time to this project. I've been an on/off coder for MercuryBoard and am unfortunately going to quit with them. I'm mostly frustrated by the development team not being very active, nor telling the rest of us where we are going. Not only that, but their system is "written in OOP" without actually using OOP. The way they've done it kind of backed them into a corner. Sorry about that little rant. Anyway, I wanted to address the usage of 'page templates' and code redundancy. One 'trick' I've used for my sites/code is to have one central page that can be accessed, then use includes (I like to call them modules) to perform specific functions. This way I only have to do main configuration on one page, instead of having to make sure all accessible pages have it the same. The in_array() method helps make this secure. For example, let's say I want to access topic number 4 this way: http://www.example.org/?a=topic&id=4 Instead of doing a direct include we have something like this: $allowed_modules = array('topic', 'forum', 'etc'); // Get the module name, if allowed, use $_GET['a'] // otherwise, use 'main' $module = in_array($_GET['a'], $allowed_modules) ? $_GET['a'] : 'main'; include('./includes/' . $module . '.php'); Since I do this for a living and our server is our server, I keep all my includes safely stowed away from the outside world. Since we'd need to allow these modules to be in public HTML webspace the code below is perfect. That's really the only redundancy I can be okay with. if ( !defined('INCLUDED') ) exit(); I hope I made sense. Mornings are never good for me. Anyway, thoughts? _______________ I love PHP!
medwards	#2 Sun Oct 16, 2005 5:40 pm
Member Registered: Oct 2005 Posts: 9 Location: Edmonton, AB	I'm a little knew to trying to make PHP secure and I was wondering if you could elaborate on the need for this technique to be secure? Right now I'm exploiting this strategy with templates to help seperate the standard material on a page from the actual content (the entire one-template-many-changes sort of technique ie page.php?page=downloads will include the download content into a standard template). Anyways this is pretty straightforward with PEARs ITX and I figured just snagging the page variable from $_GET would be good enough. Am I wrong?

Let me first say that I think you're doing a great job with this software. So much so that I'm considering donating my time to this project. I've been an on/off coder for MercuryBoard and am unfortunately going to quit with them. I'm mostly frustrated by the development team not being very active, nor telling the rest of us where we are going. Not only that, but their system is "written in OOP" without actually using OOP. The way they've done it kind of backed them into a corner.

Sorry about that little rant.

Anyway, I wanted to address the usage of 'page templates' and code redundancy. One 'trick' I've used for my sites/code is to have one central page that can be accessed, then use includes (I like to call them modules) to perform specific functions.

This way I only have to do main configuration on one page, instead of having to make sure all accessible pages have it the same.

The in_array() method helps make this secure. For example, let's say I want to access topic number 4 this way: http://www.example.org/?a=topic&id=4

Instead of doing a direct include we have something like this:

$allowed_modules = array('topic', 'forum', 'etc');

// Get the module name, if allowed, use $_GET['a']
// otherwise, use 'main'
$module = in_array($_GET['a'], $allowed_modules) ? $_GET['a'] : 'main';

include('./includes/' . $module . '.php');

Since I do this for a living and our server is our server, I keep all my includes safely stowed away from the outside world. Since we'd need to allow these modules to be in public HTML webspace the code below is perfect. That's really the only redundancy I can be okay with. :mrgreen:

if ( !defined('INCLUDED') )
	exit();

I hope I made sense. Mornings are never good for me.

Anyway, thoughts?

_______________

I love PHP!

UseBB Community

The official board for UseBB help and discussion

Includes and Code redundancy