0

I am trying to get variables from a query string with the _GET superglobal. The way I have my project setup now is by using a driver file to access files within my website. Each included file as a security check that is set by the main index file therefore you cannot directly access nested files. As an example of my setup, here is how I've configured it.

localhost/index.php 
    define(‘SECURE_CHECK’, true);
    include(admin/site.php);

and the included file would only work by being included

admin/site.php
    defined('CHECK_SECURE_ENVOI') or die("Please return to the main page.");

In one of my admin files, I tried creating a clean way to retrieve pages based on URI requests and reinforce this with my .htaccess.

if (fnmatch("*dashboard/", $_SERVER['REQUEST_URI'])) {
    include(DIR_ADMIN_VIEWS . 'dashboard.php');
} else if (fnmatch("*add-post/", $_SERVER['REQUEST_URI'])) {
    include(DIR_ADMIN_VIEWS . 'add-posts.php');
} else if (fnmatch("*edit-post/", $_SERVER['REQUEST_URI'])) {
    include(DIR_ADMIN_VIEWS . 'edit-post.php');
} else if (fnmatch("*view-posts/", $_SERVER['REQUEST_URI'])) {
    include(DIR_ADMIN_VIEWS . 'view-posts.php');
} else {
    include(DIR_ADMIN_VIEWS . 'dashboard.php');
}

Any my .htaccess looks like:

<IfModule mod_rewrite.c>

Options -MultiViews
Options +FollowSymlinks
RewriteEngine on

RewriteCond %{REQUEST_URI} !^/?(resources)/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
#RewriteRule ^(.*) index.php [PT,L] <--- was my original before this issue
RewriteRule ^(.*)$ index.php?edit=$1 [NC,QSA]

</IfModule>

The above code makes so that I can use the url of localhost/admin/add-post/ instead of localhost/core/admin/views/add-posts.php. It also helps reinforce the security in a way that you can’t access a page without properly navigating to it. The problem is now I can’t seem to get values through a query string.

I tried following a few guides like this one, but I haven’t had success; Here

My goal is to be able to use a link like localhost/admin/edit-post/?edit=value Or localhost/admin/edit-post/edit/value and get the value with something like an isset check below:

if(isset(_GET[‘edit’])) {
$value = isset(_GET[‘edit’];
//do something
}

I think the problem I have might be related to my admin redirect pages through my if/else, but I am not sure. Any help would be greatly appreciated. Thanks.

Will Roberts
  • 79
  • 7
  • Can you take the url and split it by '/' and take the last record which will be your value ? I think this will work . – PHP Web Jun 25 '20 at 22:08
  • Could you elaborate or provide an example? I am not following what you are trying to say. – Will Roberts Jun 25 '20 at 22:25
  • Hello Will , when you are passing the value through URL in the format "localhost/admin/edit-post/edit/value" , get the current URL first , then split the string by '/' and take the last record . It will give you the value . – PHP Web Jun 25 '20 at 22:28
  • Sorry, I misunderstood. The problem is that the page associated to /edit-post/ doesn't load. So, I could get the value by splitting the URL by this way, but I need to page to continue loading so that I can perform actions with the value. If I navigate to localhost/admin/edit-post/ then the page loads, if I navigate to localhost/admin/edit-post/edit/value/ the page is blank. Ulitmately, there is something wrong with htaccess or with the if/then process in my admin file. – Will Roberts Jun 25 '20 at 22:35
  • Please re-check with the htaccess , that's why its not loading . By the way , have you put the debug mode on ? What error it is showing ? – PHP Web Jun 25 '20 at 22:37
  • Another method is to keep the URL to "localhost/admin/edit-post/" and pass the value through session or cookies . – PHP Web Jun 25 '20 at 22:39
  • I have debugging on and I am not getting any errors (and the system log isn't showing anything either). I think it might be an htaccess issue. I'll try passing through a session and let you know how that goes. – Will Roberts Jun 25 '20 at 23:41
  • What is the purpose of `RewriteRule ^(.*)$ index.php?edit=$1 [NC,QSA]`? That would get you the URL path in `edit`, but why are you trying to explicitly pass this as a parameter in the first place? `$_SERVER` gives you access to that value anyway. – CBroe Jun 26 '20 at 07:01
  • 1
    So, this issue was with my if/else statement. The line `} else if (fnmatch("*edit-post/", $_SERVER['REQUEST_URI'])) {` didn't account for anything coming after it. Adding a * allowed the page parameters to be captured. As for why it wasn't loading, the page was actually loading the dashboard because it defaulted to the bottom statement when it didn't meet any other conditions. PHP Web, you were absolutely right in that it all should have worked. Thanks for the help, the bottom line is attention to detail! – Will Roberts Jun 26 '20 at 14:39

1 Answers1

1

The issue I was faced with was my if/else statement. As PHP Web stated, the htaccess and query should have all worked properly but because I wasn't allowing the if/else statement to detect anything past the folder (*edit-post/), the query string was never processed.

else if (fnmatch("*edit-post/", $_SERVER['REQUEST_URI']))

By adding a wildcard (*edit-post/*), this allowed everything to process properly.

Will Roberts
  • 79
  • 7