Qbasicnews.com

The code here is for a website. What it's supposed to do is make it so that if $page is undefined, it will take the user to the main page, but if $page is defined (by clicking the links on the site), it will take them to the specified page. The problem is, however, that it seems to think the variable is always undefined, because when I type "http://blahblah.com/page=special.php", it will still take me to the main page. Is there something wrong with the code, or is my PHP configured differently?

Try putting this before the code you have at the moment:

[syntax="PHP"]
$page = $HTTP_GET_VARS['page'];
[/syntax]

Edit:
Also, try using this to determine whether the variable has been set:

[syntax="PHP"]
if(isset($page))
{
//...
}
[/syntax]

Another note: don't keep the code that you've got at the moment. It's incredibly vulnerable. I remember myself and a few guys from #quickbasic on EFNet were messing with a site that made this mistake; we could run any command as a fairly-privileged user on the remote server.

Something like this would be better:

[syntax="PHP"]
if(!isset($page))
{
include("main.php");
}
else
{
switch(intval($page))
{
case 0:
include("about.php");
break;
case 1:
include("something.php");
break;

// etc.

default:
include("404.php");
break;
}
}
[/syntax]

So now, to go to the about page, you would use http://www.somewhere.com/page=0.

This prevents the visitor being able to feed whatever they want into the include directive (including, on some servers, remote php scripts... which is how we were able to run whatever code we wanted... ).

Alright, thanks a lot. You're definitely right about the vulnerability of the whole thing, so I went ahead with your method, and I've got it working out. Thanks a lot. =]

Oops, actually...

Now when the variable isn't defined at all, it will load the index page normally, but it will give me an "Undefined Index" notice, and point to the $page = $HTTP_GET_VARS['page']; line...

just add the shut-up sign in front: