Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Including of files does not work as it should - url routing

My redirect process is showing some crazy stuff. The first part of the whole loop works just fine (if only the first element is typed in).

Possible url's look like:

www.site.com/category

www.site.com/category/product

But also:

www.site.com/cart

Using site.com/jeans works just fine. But when you click on a product, something strange happens.

The categorie.php file (used to display categories) is STILL included and after that one, the product.php file is included.

Same story with the cart page (http://www.site.com/winkelwagen/).

So my includes are wrong at some point. Winkelwagen is a folder on my site which has an index file. It should include http://www.site.com/winkelwagen/index.php and not categorie.php as well.

The route code :

<?php

$mult = Array();
if( ! empty( $_SERVER[ 'REQUEST_URI' ] ) ) {
$mult = explode ( '/', substr ( $_SERVER[ 'REQUEST_URI' ], 1 ) );
} else if( ! empty( $_SERVER[ 'ORIG_PATH_INFO' ] ) ) {
$mult = explode ( '/', substr ( $_SERVER[ 'ORIG_PATH_INFO' ], 1 ) );   
} else if( ! empty( $_SERVER[ 'PATH_INFO' ] ) ) {
$mult = explode ( '/', substr ( $_SERVER[ 'PATH_INFO' ], 1 ) );
}

if(empty($mult[0]))
{
include("comingsoon/index.html");
}

if(!empty($mult[0]) && empty($mult[1]))
{
$file = "$mult[0].php";
if($mult[0] == "index2")
{
    include("index2.php");
    die;
}
// if file exists include file
if(file_exists($file))
{
    include($file);
}
else 
{
    $file2 = "/$mult[0]/index.php";

    // if folder index file exists include that file
    if(file_exists($file2))
    {
        include($file2);
    }   
    else {
        // if folder index file doesn't exist, send to category page
        $_GET['q'] = $mult[0];
        include("categorie.php");
    }
}
}
if(!empty($mult[0]) && !empty($mult[1]))
{
if($mult[0] == "add")
{
    $_GET['addid'] = $mult[1];
    include("addtocart.php");
}
elseif($mult[0] == "remove")                    
{
    $_GET['removeid'] = $mult[1];
    include("deletefromcart.php");
}
// check if folder exists (first part of the url)
elseif(is_dir($mult[0]))
{
    // check if file .php (second part of the url) exists
    $filenew = "$mult[0]/$mult[1].php";

    if(file_exists($filenew))
    {
        // include that file
        include("$mult[0]/$mult[1].php");
    }
    else 
    {
        // second file does not exist, do something
    }
}
else 
{
    // folder does not exist so redirect to product page
    $_GET['c'] = $mult[0];
    $_GET['p'] = $mult[1];
    include("product.php");
}
}
?>

I tried removing the categorie.php file but it still shows up (like, how on earth ?!)

I'm excited for the answer - I have absolutely no idea what I'm doing wrong.

Also nice to know: when I comment out the include(categorie.php) part in the route code, the file is STILL included...

like image 683
Andre Avatar asked Jan 16 '13 15:01

Andre


People also ask

What does URL routing mean?

URL routing allows you to configure an application to accept request URLs that do not map to physical files. A request URL is simply the URL a user enters into their browser to find a page on your web site.

Which file the URL routing is specified?

In the ASP.NET Web Forms application, every URL must match with a specific . aspx file.

What is the difference between routing and URL rewriting?

ASP.NET routing is used to dispatch a request to a handler based on the requested URL path. As opposed to URL rewriting, the routing module knows about the handlers and selects the handler that should generate a response for the requested URL. You can think of ASP.NET routing as an advanced handler-mapping mechanism.

What is the use of Route file?

The Network Print Facility uses a routing file or table to determine where to route output that will be processed on remote printers. The routing file is a VSAM key-sequenced data set that contains information to route each data set to its LPD printer queue.


1 Answers

Ok... Welcome to Stack Overflow. I'll start by saying you are allowed to post links, trying to disrupt links by using "dot" actually feels more like spam, to me at least.

I'll continue by advising you to not go with your site and that code public. It has various security vulnerabilities, to which I am not going to go into detail. But, let's just say I'm curious why your user is called d284h1 and why your site/home is on a mount point /mnt/home/d284h1...

Heed my words. You just posted your routing logic and your site on a very public site.


Regarding your code. I really hope that's SO destroying your indentation and not your actual source code.

You are missing some control logic. Some of them might have been leading to the file inclusions you were experiencing. I also noticed a possible bug, where you were testing and including a file from the root directory, instead of relatively to your site path.

Update: Actually looking back at your original code, absolutely referencing the file $file2 = "/$mult[0]/index.php"; was causing categorie.php to load. And not having proper control logic, was causing multiple inclusions to occur in the file.


Took the liberty of revising your code, mildly. The below code, should not continue to include any random files. Unless included files themselves do it.

$mult = array();
if( ! empty( $_SERVER[ 'REQUEST_URI' ] ) ) {
    $mult = explode ( '/', substr ( $_SERVER[ 'REQUEST_URI' ], 1 ) );
} else if( ! empty( $_SERVER[ 'ORIG_PATH_INFO' ] ) ) {
    $mult = explode ( '/', substr ( $_SERVER[ 'ORIG_PATH_INFO' ], 1 ) );   
} else if( ! empty( $_SERVER[ 'PATH_INFO' ] ) ) {
    $mult = explode ( '/', substr ( $_SERVER[ 'PATH_INFO' ], 1 ) );
}

if (empty($mult[0])) {
    include("comingsoon/index.html");
    die; #missing
}
# no need to test for !empty($mult[0]), if it were empty, the above die would fire
if (empty($mult[1])) {
    $file = "$mult[0].php";
    if($mult[0] == "index2") {
        include("index2.php");
        die;
    }
    // if file exists include file
    if (file_exists($file)) {
        include($file);
        die; # missing die
    } # no need for else, you just die'd

    # renamed $file2 to $file, don't use temporary variable names in global scope. It clutters your application
    $file = "$mult[0]/index.php";# are you sure you meant to include from the root level?
    // if folder index file exists include that file
    if (file_exists($file)) {
        include($file);
        die;# missing die
    } # no need for else, you just die'd

    // if folder index file doesn't exist, send to category page
    $_GET['q'] = $mult[0];
    include("categorie.php");
    die;# missing die
}

# don't do succesive if/elseif on the same variable, use a switch!
switch($mult[0]) {
    case'add':
        $_GET['addid'] = $mult[1];
        include('addtocart.php');
        break;
    case'remove':
        $_GET['removeid'] = $mult[1];
        include('deletefromcart.php');
        break;
}
if (is_dir($mult[0])) {
    // check if file .php (second part of the url) exists
    $filenew = "$mult[0]/$mult[1].php";
    if(file_exists($filenew)) {
        // include that file
        include("$mult[0]/$mult[1].php");
        die; # missing die
    }
} else {
    // folder does not exist so redirect to product page
    $_GET['c'] = $mult[0];
    $_GET['p'] = $mult[1];
    include("product.php");
}

My updates are commented with # and this is in no way the final form it should look like. Take a look at PSR1 for a mild idea, on what coding standards are. They are meant to help and make you more proficient in your quest for the ultimate code, despite initially feeling cumbersome.

Other things I'd continue on doing are:

  1. swapping !empty($var) with isset($var[0]), if $var is a string
  2. swapping include($file);die; with return include $file;, if you're in the main scope
  3. swapping if/elseif blocks with ternary operators

Actually regarding #3, here's an example:

$mult = isset($_SERVER['REQUEST_URI'][0])
        ? $_SERVER['REQUEST_URI']
        : isset($_SERVER['ORIG_PATH_INFO'][0])
            ? $_SERVER['ORIG_PATH_INFO']
            : isset($_SERVER['PATH_INFO'][0])
                ? $_SERVER['PATH_INFO']
                : false
        ;
$mult = $mult
        ? explode('/', substr($mult, 1))
        : array();

P.S. I did not fix the security issues you were having, as I believe the code you are using should not be used. Consider using a framework or at least learning from one. Routing is the corner stone of good MVC, you're on the right path, go one step beyond.

like image 51
Khez Avatar answered Oct 04 '22 18:10

Khez