Example:
http://hotel.com/home?user=Jason
and then on the page
<?php echo $_GET['user']; ?>
I does not show Jason on the page, how do i get around that in RevCMS?
Thanks, :)
Printable View
Example:
http://hotel.com/home?user=Jason
and then on the page
<?php echo $_GET['user']; ?>
I does not show Jason on the page, how do i get around that in RevCMS?
Thanks, :)
RevCMS uses template engine, and doesn't allow any php code in the templates xdd. And also this GET is totally unsafe.
And I think to make that work you must write the code on revcms core but revcms core is really weird..
I recommend AzureWeb AzureWeb automatically transform all get keys in {{get_key}} vars, with safe escaping that u can use in the templates.
Cheers.
Go to http://hotel.com/index.php?url=home&user=Jason instead, due to RevCMS template engine as stated above:)
Quote:
Originally Posted by sant0ro
Not true, you can write PHP directly in the template files, no need to mess with the classes either.Quote:
Originally Posted by sant0ro
The link Abidas posted will work, however you may want to make the URL a little more appealing to match the rest of the URLs on your site.
For example, to display it like this (http://hotel.com/home/Jason), add the following rule into your .htaccess or equivalent:
PHP Code:RewriteRule ^home/(.*)$ index.php?url=home&user=$1
Just a quick question,
for example i have room forwards wich would be hotel.com/client?room=1
how do i then to so that it is hotel.com/room/1 instead
but only when client gets ?room=(room)
It's pretty much the same as the regular expression I gave above, except the words home and user are replaced with client and room. See here:Quote:
Originally Posted by ThomasRBang
That works all and well, however you may want to limit their input to numeric values with regex for whatever reason. To do this, you could use this:PHP Code:RewriteRule ^client/room/(.*)$ index.php?url=client&room=$1
I wouldn't really recommend that, however. Instead, I would still recommend using the first one so that you are able to handle the GET request with more control, specifically right in your CMS.PHP Code:RewriteRule ^client/room/([0-9]+)$ index.php?url=client&room=$1
Here's a basic but secure procedural implementation to give you an example of how to handle the request:
Tested and working with RevCMS. Let me know if you need any further help.PHP Code:<?php
// check if they're requesting index.php?url=client&room=####
if (isset($_GET['room'])) {
// the is_numeric function accepts decimal places too, however
// there is no need to do anything about this as it's still safe
if (is_numeric($_GET['room'])) {
// do all your safety stuff on the GET here
$room = your_filter_functions_here($_GET['room']);
$sql = mysql_query("SELECT id FROM rooms_data WHERE id = ".$room."");
// check if the room exists
if (mysql_num_rows($sql) == 1)
{
// success
}
else {
// this room doesn't exist
header("Location: http://hotel.com/client");
exit;
}
}
else {
// the GET provided is not a valid number
header("Location: http://hotel.com/client");
exit;
}
}
?>
Now i get this error,
(inside Client.php) http://prntscr.com/6p0xaw
(client.php View Source) http://prntscr.com/6p0xs6
(.htaccess) http://prntscr.com/6p0y0y
----BY THE WAY---- In Denmark "Room" is "Rum" wich is what i want it to get,
You should enable some level of error reporting so you can see what the issues you are having actually are. To enable it without copping all of the deprecated and notices that RevCMS will throw your way, simply replace your error reporting line in global.php with this:Quote:
Originally Posted by ThomasRBang
It will show all types of errors, minus deprecated and notice messages. Having error reporting disabled (partially like so at least) will be very helpful for further development.PHP Code:error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED);
I noticed your regular expression (the line in .htaccess) is requesting http://hotel.com/rum/# rather than http://hotel.com/client/rum/#. If that is how you want it to be, then leave it be, otherwise replace it with:
I noticed two reasons as to why it isn't working for you and I'll address them in order. Firstly, you didn't replace "your_filter_functions_here" with anything. This is where you would use mysql_real_escape_string, trim, stripslashes, htmlspecialchars, str/preg_replace or any other GET securing function you may have up your arsenal. The fact that you didn't replace it means that it is trying to call the function "your_filter_functions_here", which isn't actually defined. I just used it as a placeholder to show you where you should secure your GET request, to ensure that you're protected from SQL injection.PHP Code:RewriteRule ^client/rum/(.*)$ index.php?url=client&rum=$1
Replace:
with:PHP Code:$room = your_filter_functions_here($_GET['rum']);
This works exactly the same as the "secure" function in the MySQL class of RevCMS, so you can rest assured that it is safe.PHP Code:$room = mysql_real_escape_string(stripslashes(htmlspecialchars($_GET['rum'])));
The second issue is simple - you have a syntax error in your SQL query. You wrote:
when it should be:PHP Code:SELECT id FROM rooms id =
Even if you had the various filters implemented in the room variable already, the query would have still returned a boolean rather than executing correctly.PHP Code:SELECT id FROM rooms WHERE id =
Here is the updated code snippet, it should work without any need for adjustments. Tested and working in RevCMS.
Also, I changed the javascript flashvar "forward.id" from accessing the direct GET to instead using the secured room variable, as it opened the possibility of the client page successfully loading with an invalid room defined in "forward.id".PHP Code:<?php
// check if they're requesting index.php?url=client&rum=####
if (isset($_GET['rum'])) {
// the is_numeric function accepts decimal places too, however
// there is no need to do anything about this as it's still safe
if (is_numeric($_GET['rum'])) {
// do all your safety stuff on the GET here
$room = mysql_real_escape_string(stripslashes(htmlspecialchars($_GET['rum'])));
$sql = mysql_query("SELECT id FROM rooms WHERE id = ".$room."");
// check if the room exists
if (mysql_num_rows($sql) == 1)
{ ?>
"forward.id" : "<?php echo $room; ?>",
<?php }
else {
// this room doesn't exist
header("Location: http://dejligt.net/client");
exit;
}
}
else {
// the GET provided is not a valid number
header("Location: http://dejligt.net/client");
exit;
}
}
?>
The PHP things work now, but the HTACCESS redirect isnt,
http://prntscr.com/6peqxg
http://prntscr.com/6peqoq