Including of files does not work as it should - url routing

Question

My redirect process is showing some crazy stuff. The first part of the whole loop works just fine (if only the first element is typed in).

Possible url's look like:

www.site.com/category

www.site.com/category/product

But also:

www.site.com/cart

Using site.com/jeans works just fine. But when you click on a product, something strange happens.

The categorie.php file (used to display categories) is STILL included and after that one, the product.php file is included.

Same story with the cart page (http://www.site.com/winkelwagen/).

So my includes are wrong at some point. Winkelwagen is a folder on my site which has an index file. It should include http://www.site.com/winkelwagen/index.php and not categorie.php as well.

The route code :

<?php

$mult = Array();
if( ! empty( $_SERVER[ 'REQUEST_URI' ] ) ) {
$mult = explode ( '/', substr ( $_SERVER[ 'REQUEST_URI' ], 1 ) );
} else if( ! empty( $_SERVER[ 'ORIG_PATH_INFO' ] ) ) {
$mult = explode ( '/', substr ( $_SERVER[ 'ORIG_PATH_INFO' ], 1 ) );   
} else if( ! empty( $_SERVER[ 'PATH_INFO' ] ) ) {
$mult = explode ( '/', substr ( $_SERVER[ 'PATH_INFO' ], 1 ) );
}

if(empty($mult[0]))
{
include("comingsoon/index.html");
}

if(!empty($mult[0]) && empty($mult[1]))
{
$file = "$mult[0].php";
if($mult[0] == "index2")
{
    include("index2.php");
    die;
}
// if file exists include file
if(file_exists($file))
{
    include($file);
}
else 
{
    $file2 = "/$mult[0]/index.php";

    // if folder index file exists include that file
    if(file_exists($file2))
    {
        include($file2);
    }   
    else {
        // if folder index file doesn't exist, send to category page
        $_GET['q'] = $mult[0];
        include("categorie.php");
    }
}
}
if(!empty($mult[0]) && !empty($mult[1]))
{
if($mult[0] == "add")
{
    $_GET['addid'] = $mult[1];
    include("addtocart.php");
}
elseif($mult[0] == "remove")                    
{
    $_GET['removeid'] = $mult[1];
    include("deletefromcart.php");
}
// check if folder exists (first part of the url)
elseif(is_dir($mult[0]))
{
    // check if file .php (second part of the url) exists
    $filenew = "$mult[0]/$mult[1].php";

    if(file_exists($filenew))
    {
        // include that file
        include("$mult[0]/$mult[1].php");
    }
    else 
    {
        // second file does not exist, do something
    }
}
else 
{
    // folder does not exist so redirect to product page
    $_GET['c'] = $mult[0];
    $_GET['p'] = $mult[1];
    include("product.php");
}
}
?>

I tried removing the categorie.php file but it still shows up (like, how on earth ?!)

I'm excited for the answer - I have absolutely no idea what I'm doing wrong.

Also nice to know: when I comment out the include(categorie.php) part in the route code, the file is STILL included...

Answer 1

Ok... Welcome to Stack Overflow. I'll start by saying you are allowed to post links, trying to disrupt links by using "dot" actually feels more like spam, to me at least.

I'll continue by advising you to not go with your site and that code public. It has various security vulnerabilities, to which I am not going to go into detail. But, let's just say I'm curious why your user is called d284h1 and why your site/home is on a mount point /mnt/home/d284h1...

Heed my words. You just posted your routing logic and your site on a very public site.

---

Regarding your code. I really hope that's SO destroying your indentation and not your actual source code.

You are missing some control logic. Some of them might have been leading to the file inclusions you were experiencing. I also noticed a possible bug, where you were testing and including a file from the root directory, instead of relatively to your site path.

Update: Actually looking back at your original code, absolutely referencing the file $file2 = "/$mult[0]/index.php"; was causing categorie.php to load. And not having proper control logic, was causing multiple inclusions to occur in the file.

---

Took the liberty of revising your code, mildly. The below code, should not continue to include any random files. Unless included files themselves do it.

$mult = array();
if( ! empty( $_SERVER[ 'REQUEST_URI' ] ) ) {
    $mult = explode ( '/', substr ( $_SERVER[ 'REQUEST_URI' ], 1 ) );
} else if( ! empty( $_SERVER[ 'ORIG_PATH_INFO' ] ) ) {
    $mult = explode ( '/', substr ( $_SERVER[ 'ORIG_PATH_INFO' ], 1 ) );   
} else if( ! empty( $_SERVER[ 'PATH_INFO' ] ) ) {
    $mult = explode ( '/', substr ( $_SERVER[ 'PATH_INFO' ], 1 ) );
}

if (empty($mult[0])) {
    include("comingsoon/index.html");
    die; #missing
}
# no need to test for !empty($mult[0]), if it were empty, the above die would fire
if (empty($mult[1])) {
    $file = "$mult[0].php";
    if($mult[0] == "index2") {
        include("index2.php");
        die;
    }
    // if file exists include file
    if (file_exists($file)) {
        include($file);
        die; # missing die
    } # no need for else, you just die'd

    # renamed $file2 to $file, don't use temporary variable names in global scope. It clutters your application
    $file = "$mult[0]/index.php";# are you sure you meant to include from the root level?
    // if folder index file exists include that file
    if (file_exists($file)) {
        include($file);
        die;# missing die
    } # no need for else, you just die'd

    // if folder index file doesn't exist, send to category page
    $_GET['q'] = $mult[0];
    include("categorie.php");
    die;# missing die
}

# don't do succesive if/elseif on the same variable, use a switch!
switch($mult[0]) {
    case'add':
        $_GET['addid'] = $mult[1];
        include('addtocart.php');
        break;
    case'remove':
        $_GET['removeid'] = $mult[1];
        include('deletefromcart.php');
        break;
}
if (is_dir($mult[0])) {
    // check if file .php (second part of the url) exists
    $filenew = "$mult[0]/$mult[1].php";
    if(file_exists($filenew)) {
        // include that file
        include("$mult[0]/$mult[1].php");
        die; # missing die
    }
} else {
    // folder does not exist so redirect to product page
    $_GET['c'] = $mult[0];
    $_GET['p'] = $mult[1];
    include("product.php");
}

My updates are commented with # and this is in no way the final form it should look like. Take a look at PSR1 for a mild idea, on what coding standards are. They are meant to help and make you more proficient in your quest for the ultimate code, despite initially feeling cumbersome.

Other things I'd continue on doing are:

1. swapping !empty($var) with isset($var[0]), if $var is a string
2. swapping include($file);die; with return include $file;, if you're in the main scope
3. swapping if/elseif blocks with ternary operators

Actually regarding #3, here's an example:

$mult = isset($_SERVER['REQUEST_URI'][0])
        ? $_SERVER['REQUEST_URI']
        : isset($_SERVER['ORIG_PATH_INFO'][0])
            ? $_SERVER['ORIG_PATH_INFO']
            : isset($_SERVER['PATH_INFO'][0])
                ? $_SERVER['PATH_INFO']
                : false
        ;
$mult = $mult
        ? explode('/', substr($mult, 1))
        : array();

P.S. I did not fix the security issues you were having, as I believe the code you are using should not be used. Consider using a framework or at least learning from one. Routing is the corner stone of good MVC, you're on the right path, go one step beyond.