[page=Introduction]
Creating a single page website is a fairly easy task. For those of you not familiar with these types of websites, they are websites in which the only physical page is the index page. Using PHP you can add elements of a certain page into the index page using the PHP include function. However, most includes are implemented in an insecure fashion, so I will show you how to securely add includes to your website using a one page solution.
[page=Part: One]
In order to proceed you should have a beginners level understanding of PHP. With that, your web host must also support PHP. Optionally, you may have a MySQL database, or something similar.
Where you would normally add content in your page, add the following PHP code.
$page = $_GET['page'];
//The page.
if (( !empty ( $_GET['page'] ) ) and file_exists ( 'including/'.$page.'.inc.php' ) )
{
include ( 'including/'.$page.'.inc.php' );
}
else
{
include ( "./including/news.inc.php" );
}
?>What does this all mean? Basically the server, which processes the PHP code is checking to see if the page, which is specified in the URL by the $_GET['page'] variable, exists. If the page does exist it includes the contents of that page into the current file, which is your index page.
Breakdown:
$page = $_GET['page'];This is simply putting the variable from the URL into an easier to use format.
if (( !empty ( $_GET['page'] ) ) and file_exists ( 'including/'.$page.'.inc.php' ) )
{
include ( 'including/'.$page.'.inc.php' );
}This section of code checks to see whether the $_GET['page'] contains data. If it does then it checks to see weather the file, $page.inc.php, exists. If the page does exist, then it is included in the main page.
else
{
include ( "./including/news.inc.php" );
}This section of code is the fail safe. If the page does not exist, as checked by the previous chunk of code, this part of the code is processed. It includes the news.inc.php file. This ensures that if someone were to manually type your website's URL into the address bar, and misspell something in the $page variable that it would not bring up an error riddled page.
[page=Part: Two]
"This is all fine and dandy Stieffers, but what do I do with this code!" Well now that your have the base chunk of code added into the core of your website you are ready to create the include files. If you had a keen eye, you probably noticed that all of the includes were referring to a folder name "including". This folder was named oddly for security reasons, but I will get to that later. This means that we will need to create a folder called "including" in the root of our website.
This folder is where we are going to store our website's actual content. Or if you are using a database, the scripts required to connect to the database and retrieve data. If you are not using a database, well.. then there is really not much of a point to using a one page solution, and I am beginning to question your host, who provides PHP support, but not a database. :P Otherwise, if you do have a database, then continue to follow along.
Let us first create our news.inc.php page. If the extension is boggling you, well then read up on the security section. The ".inc" is short for include. Anyway, on to the news.inc.php page.
In the news page you would simply connect to the database retrieve the data, and then echo it out, in such a fashion as this.
// Connect to database
// For \ While Loops
echo "<strong>$title</strong>
$news
Posted by <em>$author</em> on $date.";Easy enough eh?
[page=Security]
One of the biggest flaws about PHP includes is the lack of security that usually comes with them. Most people simply use a line of code such as this.
include ( includes/$_GET['page'].inc );This is insecure for many reasons, one being that anyone can run a page with an “.inc” extension from a remote server. You can already see how this could cause trouble. Also, without a PHP extension at the end, you may end up with a page which is not processed by the server. Adding ".php" to the end ensures that it is always processed by the server as a PHP file.
Another common hole that people fall into is by naming their includes folder... "includes". Being as this is a common name it would be quite easy to run a script from a remote source, especially with code such as that above. One more thing I suggest doing is adding an empty “index.html” file to all of the main folders of your site. This prohibits directory listings.
Thank you for reading through my tutorial. I hope you enjoyed it, and learned something about PHP. If you would like to contact me shoot an email over to Stieffers@Gmail.com.
Excellent! Nice and simple!
Sure thing :)
Great tutorial. Love how you covered the extra security bit, as it's an issue lost on a lot of people unfortunantely.
hey... on Tony Hawk's Underground 2, on "mardi grass" level the girls raise their t-shirts!! ya... but its "censored" :(
anyone knows how can i mod that ****??
or a program that can modificate the textures??
or a thug2 mod??
please... it will help me on my new mod... :)
For people without any knowlegde of coding / programming, I think ASP is more easy to deal with. That's what I did - started up with ASP and when I got in to it, I started on PHP. (The only problem of ASP is that Microsoft (who created ASP) want money if the webserver should support ASP - but if using a webhotel, a lot of them support ASP anyway)... But nice tutorial :)