i’m trying to apply some module system on my web, using get and include, here’s some of my code
on my index.php
$section = 'user';
if(isset($_GET) && !empty($_GET) && $_GET !== ''){
$module = $_GET['module'].".php";
load_module($section, $module);
}
load_module function
function load_module($section="", $module=""){
include(SITE_ROOT.DS.$section.DS.'modules'.DS.$module);
}
*i have already define DS as DIRECTORY_SEPARATOR
and i stored few files inside modules folder, the file loads perfectly, my problem is that all the variable i declared on my included page fails to load, here’s my code on one of the included file
if($session->is_logged_in()){
$user = User::find_by_id($session->user_id);
$profile = $user->profile();
$company = $user->compro();
$logo = $user->logo();
}else{redirect_to('index.php');}
on my index.php i got this error
Notice: Undefined variable: session in C:\www\starpro\user\modules\edit_company.php on line 3 Fatal error: Call to a member function is_logged_in() on a non-object in C:\www\starpro\user\modules\edit_company.php on line 3
and if i move those variables inside my index.php, i get this message
Notice: Undefined variable: company in C:\www\starpro\user\modules\edit_company.php on line 181 Notice: Trying to get property of non-object in C:\www\starpro\user\modules\edit_company.php on line 181
please some one help me, thank you in advance
Regards
======================================================================
i am using deceze’s answer
and modify my user’s class by adding a static function like this
public static function load_module($section="", $module="", $user_id=""){
$user = self::find_by_id($user_id);
$profile = $user->profile();
$company = $user->compro();
$logo = $user->logo();
include(SITE_ROOT.DS.$section.DS.'modules'.DS.$module);
}
and then on my index i use this
if(isset($_GET) && !empty($_GET) && $_GET !== ''){
$module = $_GET['module'].".php";
User::load_module($section, $module, $user->id);
}else{
i got it working, but is this a bad practice ??
need advise
thanks much
As has been stated, you are trying to include the code into the middle of the function, making the scope of the included page limited to that function.
One solution would be to have a global array of files to include, then include them at the end of the script. Just add each file to the array, and at the end, loop through it and include them all.
It is also a massive security risk to include a file based on a parameter in the GET request. You should sanitize that input by either stripping or encoding all symbols which could be used to traverse to another directory and include code you don’t want included (so remove any slashes, etc.), or make a whitelist of includable files. If you had an array of sections and modules and their locations you could take an approach which would solve both problems:
Note: I have not tested any of this code, this is purely theoretical. I would not advise copying this, but using it as a jumping-off place.