CUTCODEDOWN
Minimalist Semantic Markup

Welcome Guest
Please Login or Register

If you have registered but not recieved your activation e-mail in a reasonable amount of time, or have issues with using the registration form, please use our Contact Form for assistance. Include both your username and the e-mail you tried to register with.

Author Topic: Module Loader  (Read 600 times)

GrumpyYoungMan

  • Hero Member
  • *****
  • Posts: 787
  • Karma: +8/-0
    • Grumpy Young Man
Module Loader
« on: 19 Dec 2021, 12:27:48 pm »
I am sure Jason will have something to say about this and I am braced for it but this seems over-complicated, any ideas on how I can simplify it, please?

Code: [Select]
function module_Loader($db) {
    $IN = array_keys($_REQUEST) ?? NULL;

    /*  NO trailing slash is required! */
    $modules = [
        'page' => ['path'=> "sources/modules", 'file' => "cms"],
    ];

    $module = $modules[(!empty($IN) ? (array_key_exists($IN[0], $modules) ? $IN[0] : "page") : "page") ?: "page"];

    require_once($module['path']."/".$module['file'].".php");
}

It shouldn't be vulnerable to injections as the path and file are pulled from an array?
(I also need to add an file_exists() check too?)

I could probably use a variable for the default "page" but isn't that a variable for nothing?
Trying to learn a new trick to prove old dogs can learn new ones...

Total Novice have-a go Amateur Programmer - not sure that is the right thing to say... but trying to learn...

Jason Knight

  • Administrator
  • Hero Member
  • *****
  • Posts: 1049
  • Karma: +188/-1
    • CutCodeDown -- Minimalist Semantic Markup
Re: Module Loader
« Reply #1 on: 20 Dec 2021, 12:35:42 am »
1) Why are you passing it $db? That doesn't seem smart.

2) What the devil is the point of $in?

3) Why bother having the two separate properties in $modules if the only time they serve a purpose is to put them together with a slash between them?

4) Could you show me a sample URI because this looks like total gibberish in terms of where you're pulling from REQUEST. Are you doing something like:

Code: [Select]
myurl.com?page
Because technically that's a malformed URI since the property has no value. PHP shouldn't even be parsing that as existing.

5) Don't use REQUEST, it's inefficient since it's an amalgam of both $_POST and $_GET, and in many cases can also be a security issue. You want what's in the URI use $_GET
We are all, we are all, we are all FRIENDS! For today we're all brothers, tonight we're all friends. Our moment of peace in a war that never ends.

GrumpyYoungMan

  • Hero Member
  • *****
  • Posts: 787
  • Karma: +8/-0
    • Grumpy Young Man
Re: Module Loader
« Reply #2 on: 20 Dec 2021, 03:31:37 am »
1) Why are you passing it $db? That doesn't seem smart.
The module loader function doesn't need the DB but other sub-functions of it do?! again I thought passing the $db via the function was safe?

2) What the devil is the point of $in?
My bad coding? I used it to get all the input keys from the $_REQUEST? although I am only interested in the first one?

3) Why bother having the two separate properties in $modules if the only time they serve a purpose is to put them together with a slash between them?
Not sure how else I can do it? as I need a default in case the $IN isn't set and then a test to make sure that $IN[0] is a valid module?

4) Could you show me a sample URI because this looks like total gibberish in terms of where you're pulling from REQUEST. Are you doing something like:

It probably is gibberish, but that's why I ask here to be educated! :) the URL will be something like:
Code: [Select]
www.grumpyyoungman.co.uk/?page=about

5) Don't use REQUEST, it's inefficient since it's an amalgam of both $_POST and $_GET, and in many cases can also be a security issue. You want what's in the URI use $_GET
my thinking was because the module we are requiring can be called either via _POST or _GET the _REQUEST made more sense? or should I just add a test/switch for the _GET/_POST?
Trying to learn a new trick to prove old dogs can learn new ones...

Total Novice have-a go Amateur Programmer - not sure that is the right thing to say... but trying to learn...

benanamen

  • Full Member
  • ***
  • Posts: 188
  • Karma: +18/-0
Re: Module Loader
« Reply #3 on: 20 Dec 2021, 01:04:08 pm »
Looks to me like you are misusing the term module and are just trying to load pages based on the URL. Check out the Squire Rethink I did. It is a VERY simple and bare minimum example of such an architecture.

https://github.com/benanamen/squire-rethink
To save time, let's just assume I am never wrong.

John_Betong

  • Full Member
  • ***
  • Posts: 218
  • Karma: +24/-1
    • The Fastest Joke Site On The Web
Re: Module Loader
« Reply #4 on: 20 Dec 2021, 06:40:18 pm »

Quote
@benanamen,
Looks to me like you are misusing the term module and are just trying to load pages based on the URL. Check out the Squire Rethink I did. It is a VERY simple and bare minimum example of such an architecture.

…and an Online Demo:

https://thisisatesttoseeifitworks.tk/jb-squire3/
« Last Edit: 20 Dec 2021, 07:35:21 pm by John_Betong »
Retired in the City of Angels where the weather suits my clothes

GrumpyYoungMan

  • Hero Member
  • *****
  • Posts: 787
  • Karma: +8/-0
    • Grumpy Young Man
Re: Module Loader
« Reply #5 on: 23 Dec 2021, 04:16:14 pm »
So, when you use mod_rewrite does it redirect to the index.php file muliple times?

index.php
Code: [Select]
buildQuery();
module_Load(empty(REQUEST[1])?'default':module_Load(REQUEST[1]));

//  +-------------------------------------------------------------------------------------------------------------------
function module_Load($module) {
    $modules = [
        'page' => "pages",
    ];
    require_once 'sources/'.(array_key_exists($module, $modules) ? $modules[$module]:'default').'.php';
    die;
}
function buildQuery() {
    // Remove Double Forward Slashes...
    $_SERVER['REQUEST_URI'] = str_replace('//', '/', $_SERVER['REQUEST_URI']);

    $path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);

    if (strpos($path, '..')) die('Hacking Attempt Detected, Aborting');
    $path = str_replace(['\\', '%5C'], '/', substr(
        $path,
        strlen(pathinfo($_SERVER['SCRIPT_NAME'], PATHINFO_DIRNAME))
    ));

    if (empty($path))
        define('REQUEST', [ 'index' ]);
    else {
        $path = explode('/', $path);
        foreach ($path as &$p) $p = urldecode($p);
        define("REQUEST", $path);
    }
}
.htaccess
Code: [Select]
RewriteEngine On
RewriteRule !(^(images|downloads))|(\.(gif|jpg|png|css|js|html|txt|ico|zip|rar|pdf|xml|mp3|mp4|mpg|flv|swf|mkv|ogg|avi|woff|woff2|svg|eot|ttf|json|webmanifest)$) index.php

The problem is that if you visit localhost/page it will load the pages.php AND the default.php unless I add the die into the module_Load function? (the only reason I can see for this behaviour is if the mod_rewrite is doing something strange?
Trying to learn a new trick to prove old dogs can learn new ones...

Total Novice have-a go Amateur Programmer - not sure that is the right thing to say... but trying to learn...

GrumpyYoungMan

  • Hero Member
  • *****
  • Posts: 787
  • Karma: +8/-0
    • Grumpy Young Man
Re: Module Loader
« Reply #6 on: 23 Dec 2021, 05:31:58 pm »
Well it was me being blind and stupid!

Fixed:
Code: [Select]
module_Load(empty(REQUEST[1])?'default':REQUEST[1], $db);

I was calling the module_Load() twice!  ::) ::) :-X
« Last Edit: 23 Dec 2021, 07:36:32 pm by GrumpyYoungMan »
Trying to learn a new trick to prove old dogs can learn new ones...

Total Novice have-a go Amateur Programmer - not sure that is the right thing to say... but trying to learn...

 

SMF spam blocked by CleanTalk

Advertisement