Is this a good practice to load controllersFramework to drive a small personal siteRouting in MVC with PHPRouting, Navigation and State in MVCVery small MVC login frameworkImplementation of MVC Bootstrap & FactoryProcedural to OOP MVC: Understanding Controllers, Models, and Service LayerMy included in every script file - follow-up -1Simple OO MVC PHP frameworkUpload and database insert php functionSimple MVC built in PHP

how to draw discrete time diagram in tikz

Sailing the cryptic seas

(Calculus) Derivative Thinking Question

What do Xenomorphs eat in the Alien series?

How to use of "the" before known matrices

Why did it take so long to abandon sail after steamships were demonstrated?

Are there verbs that are neither telic, or atelic?

Have researchers managed to "reverse time"? If so, what does that mean for physics?

Are ETF trackers fundamentally better than individual stocks?

How could a scammer know the apps on my phone / iTunes account?

Is it normal that my co-workers at a fitness company criticize my food choices?

PTIJ: Who should I vote for? (21st Knesset Edition)

It's a yearly task, alright

Is it possible to upcast ritual spells?

My adviser wants to be the first author

Employee lack of ownership

What should tie a collection of short-stories together?

Do these spellcasting foci from Xanathar's Guide to Everything have to be held in a hand?

How big is a MODIS 250m pixel in reality?

How difficult is it to simply disable/disengage the MCAS on Boeing 737 Max 8 & 9 Aircraft?

How to create the Curved texte?

What exactly is this small puffer fish doing and how did it manage to accomplish such a feat?

Is there a data structure that only stores hash codes and not the actual objects?

What are substitutions for coconut in curry?



Is this a good practice to load controllers


Framework to drive a small personal siteRouting in MVC with PHPRouting, Navigation and State in MVCVery small MVC login frameworkImplementation of MVC Bootstrap & FactoryProcedural to OOP MVC: Understanding Controllers, Models, and Service LayerMy included in every script file - follow-up -1Simple OO MVC PHP frameworkUpload and database insert php functionSimple MVC built in PHP













-1












$begingroup$


I'm new to PHP and I'm learning mostly,



Is this a good practice to load controllers in PHP? (for a small and lightweight app)



Does it have any vulnerabilities? or it's fine and I can move on to write my controllers?



<?php

// application path (outside public_html)
define('APP', '../application/');
// controllers
define('CONTROLLER', APP.'controller/');

// Default controller
$controller = 'default';

// Check if page is set (e.g. index.php?page=login)
if(isset($_GET['page']))
// Get controller name and remove possible / from the end
$controller = rtrim($_GET['page'],'/');


// Set controller path
$file = CONTROLLER."$controller.php";

// Check page
if(preg_match('/^[A-Za-z0-9_]+$/', $controller) !== 1 OR ! file_exists($file))
// Error
require_once('404.php');
die();


// Necessary stuff
require_once(APP.'system.php');

// Load the controller
require_once($file);

// Nothing more comes in index.php


P.S. This is the bare bone with some extra stuff removed



P.S.S. I'm not trying to go with MVC, just some way to load pages securely under index.php










share|improve this question









New contributor




J. Doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.







$endgroup$











  • $begingroup$
    Downvote reason please? This is "Code Review" and as a beginner I simply hoped for a professional to kindly take a look at this if possible :(
    $endgroup$
    – J. Doe
    5 hours ago










  • $begingroup$
    $path is undefined in your question's code. Which means file_exists($path) is always false in this example. And if it made it far enough this would fail too require_once($path);
    $endgroup$
    – ArtisticPhoenix
    4 hours ago











  • $begingroup$
    @ArtisticPhoenix I simplified variable/constant names for here, it was a typo, thanks for pointing that out
    $endgroup$
    – J. Doe
    4 hours ago











  • $begingroup$
    That was what I figured. - no problem. Otherwise it looks ok, you may want to name our constants something more "verbose" so they don't cause any conflicts. I would probably do this as a constant $controller = 'default'; then if(!defined('DEFAULT_CONTROLER')) define('DEFAULT_CONTROLER', 'default') That way if you assign it before including this you can override it. But thats not a big deal.
    $endgroup$
    – ArtisticPhoenix
    4 hours ago











  • $begingroup$
    P.S.S. I'm not trying to go with MVC - You don't have to go full on MVC, the benefit is that with an auto loader you can avoid touching the path at all. So there is no possiblillity for Directory Transversal ../../../config.php etc. I have this Router and AutoLoader - the router I did for a SO question, so it's less robust then the autoloader. But it loads based on the Class by instantiating instead of building a path. The autoloader has fair documentation, and its simple
    $endgroup$
    – ArtisticPhoenix
    4 hours ago
















-1












$begingroup$


I'm new to PHP and I'm learning mostly,



Is this a good practice to load controllers in PHP? (for a small and lightweight app)



Does it have any vulnerabilities? or it's fine and I can move on to write my controllers?



<?php

// application path (outside public_html)
define('APP', '../application/');
// controllers
define('CONTROLLER', APP.'controller/');

// Default controller
$controller = 'default';

// Check if page is set (e.g. index.php?page=login)
if(isset($_GET['page']))
// Get controller name and remove possible / from the end
$controller = rtrim($_GET['page'],'/');


// Set controller path
$file = CONTROLLER."$controller.php";

// Check page
if(preg_match('/^[A-Za-z0-9_]+$/', $controller) !== 1 OR ! file_exists($file))
// Error
require_once('404.php');
die();


// Necessary stuff
require_once(APP.'system.php');

// Load the controller
require_once($file);

// Nothing more comes in index.php


P.S. This is the bare bone with some extra stuff removed



P.S.S. I'm not trying to go with MVC, just some way to load pages securely under index.php










share|improve this question









New contributor




J. Doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.







$endgroup$











  • $begingroup$
    Downvote reason please? This is "Code Review" and as a beginner I simply hoped for a professional to kindly take a look at this if possible :(
    $endgroup$
    – J. Doe
    5 hours ago










  • $begingroup$
    $path is undefined in your question's code. Which means file_exists($path) is always false in this example. And if it made it far enough this would fail too require_once($path);
    $endgroup$
    – ArtisticPhoenix
    4 hours ago











  • $begingroup$
    @ArtisticPhoenix I simplified variable/constant names for here, it was a typo, thanks for pointing that out
    $endgroup$
    – J. Doe
    4 hours ago











  • $begingroup$
    That was what I figured. - no problem. Otherwise it looks ok, you may want to name our constants something more "verbose" so they don't cause any conflicts. I would probably do this as a constant $controller = 'default'; then if(!defined('DEFAULT_CONTROLER')) define('DEFAULT_CONTROLER', 'default') That way if you assign it before including this you can override it. But thats not a big deal.
    $endgroup$
    – ArtisticPhoenix
    4 hours ago











  • $begingroup$
    P.S.S. I'm not trying to go with MVC - You don't have to go full on MVC, the benefit is that with an auto loader you can avoid touching the path at all. So there is no possiblillity for Directory Transversal ../../../config.php etc. I have this Router and AutoLoader - the router I did for a SO question, so it's less robust then the autoloader. But it loads based on the Class by instantiating instead of building a path. The autoloader has fair documentation, and its simple
    $endgroup$
    – ArtisticPhoenix
    4 hours ago














-1












-1








-1





$begingroup$


I'm new to PHP and I'm learning mostly,



Is this a good practice to load controllers in PHP? (for a small and lightweight app)



Does it have any vulnerabilities? or it's fine and I can move on to write my controllers?



<?php

// application path (outside public_html)
define('APP', '../application/');
// controllers
define('CONTROLLER', APP.'controller/');

// Default controller
$controller = 'default';

// Check if page is set (e.g. index.php?page=login)
if(isset($_GET['page']))
// Get controller name and remove possible / from the end
$controller = rtrim($_GET['page'],'/');


// Set controller path
$file = CONTROLLER."$controller.php";

// Check page
if(preg_match('/^[A-Za-z0-9_]+$/', $controller) !== 1 OR ! file_exists($file))
// Error
require_once('404.php');
die();


// Necessary stuff
require_once(APP.'system.php');

// Load the controller
require_once($file);

// Nothing more comes in index.php


P.S. This is the bare bone with some extra stuff removed



P.S.S. I'm not trying to go with MVC, just some way to load pages securely under index.php










share|improve this question









New contributor




J. Doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.







$endgroup$




I'm new to PHP and I'm learning mostly,



Is this a good practice to load controllers in PHP? (for a small and lightweight app)



Does it have any vulnerabilities? or it's fine and I can move on to write my controllers?



<?php

// application path (outside public_html)
define('APP', '../application/');
// controllers
define('CONTROLLER', APP.'controller/');

// Default controller
$controller = 'default';

// Check if page is set (e.g. index.php?page=login)
if(isset($_GET['page']))
// Get controller name and remove possible / from the end
$controller = rtrim($_GET['page'],'/');


// Set controller path
$file = CONTROLLER."$controller.php";

// Check page
if(preg_match('/^[A-Za-z0-9_]+$/', $controller) !== 1 OR ! file_exists($file))
// Error
require_once('404.php');
die();


// Necessary stuff
require_once(APP.'system.php');

// Load the controller
require_once($file);

// Nothing more comes in index.php


P.S. This is the bare bone with some extra stuff removed



P.S.S. I'm not trying to go with MVC, just some way to load pages securely under index.php







php






share|improve this question









New contributor




J. Doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




J. Doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 3 hours ago







J. Doe













New contributor




J. Doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 5 hours ago









J. DoeJ. Doe

11




11




New contributor




J. Doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





J. Doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






J. Doe is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











  • $begingroup$
    Downvote reason please? This is "Code Review" and as a beginner I simply hoped for a professional to kindly take a look at this if possible :(
    $endgroup$
    – J. Doe
    5 hours ago










  • $begingroup$
    $path is undefined in your question's code. Which means file_exists($path) is always false in this example. And if it made it far enough this would fail too require_once($path);
    $endgroup$
    – ArtisticPhoenix
    4 hours ago











  • $begingroup$
    @ArtisticPhoenix I simplified variable/constant names for here, it was a typo, thanks for pointing that out
    $endgroup$
    – J. Doe
    4 hours ago











  • $begingroup$
    That was what I figured. - no problem. Otherwise it looks ok, you may want to name our constants something more "verbose" so they don't cause any conflicts. I would probably do this as a constant $controller = 'default'; then if(!defined('DEFAULT_CONTROLER')) define('DEFAULT_CONTROLER', 'default') That way if you assign it before including this you can override it. But thats not a big deal.
    $endgroup$
    – ArtisticPhoenix
    4 hours ago











  • $begingroup$
    P.S.S. I'm not trying to go with MVC - You don't have to go full on MVC, the benefit is that with an auto loader you can avoid touching the path at all. So there is no possiblillity for Directory Transversal ../../../config.php etc. I have this Router and AutoLoader - the router I did for a SO question, so it's less robust then the autoloader. But it loads based on the Class by instantiating instead of building a path. The autoloader has fair documentation, and its simple
    $endgroup$
    – ArtisticPhoenix
    4 hours ago

















  • $begingroup$
    Downvote reason please? This is "Code Review" and as a beginner I simply hoped for a professional to kindly take a look at this if possible :(
    $endgroup$
    – J. Doe
    5 hours ago










  • $begingroup$
    $path is undefined in your question's code. Which means file_exists($path) is always false in this example. And if it made it far enough this would fail too require_once($path);
    $endgroup$
    – ArtisticPhoenix
    4 hours ago











  • $begingroup$
    @ArtisticPhoenix I simplified variable/constant names for here, it was a typo, thanks for pointing that out
    $endgroup$
    – J. Doe
    4 hours ago











  • $begingroup$
    That was what I figured. - no problem. Otherwise it looks ok, you may want to name our constants something more "verbose" so they don't cause any conflicts. I would probably do this as a constant $controller = 'default'; then if(!defined('DEFAULT_CONTROLER')) define('DEFAULT_CONTROLER', 'default') That way if you assign it before including this you can override it. But thats not a big deal.
    $endgroup$
    – ArtisticPhoenix
    4 hours ago











  • $begingroup$
    P.S.S. I'm not trying to go with MVC - You don't have to go full on MVC, the benefit is that with an auto loader you can avoid touching the path at all. So there is no possiblillity for Directory Transversal ../../../config.php etc. I have this Router and AutoLoader - the router I did for a SO question, so it's less robust then the autoloader. But it loads based on the Class by instantiating instead of building a path. The autoloader has fair documentation, and its simple
    $endgroup$
    – ArtisticPhoenix
    4 hours ago
















$begingroup$
Downvote reason please? This is "Code Review" and as a beginner I simply hoped for a professional to kindly take a look at this if possible :(
$endgroup$
– J. Doe
5 hours ago




$begingroup$
Downvote reason please? This is "Code Review" and as a beginner I simply hoped for a professional to kindly take a look at this if possible :(
$endgroup$
– J. Doe
5 hours ago












$begingroup$
$path is undefined in your question's code. Which means file_exists($path) is always false in this example. And if it made it far enough this would fail too require_once($path);
$endgroup$
– ArtisticPhoenix
4 hours ago





$begingroup$
$path is undefined in your question's code. Which means file_exists($path) is always false in this example. And if it made it far enough this would fail too require_once($path);
$endgroup$
– ArtisticPhoenix
4 hours ago













$begingroup$
@ArtisticPhoenix I simplified variable/constant names for here, it was a typo, thanks for pointing that out
$endgroup$
– J. Doe
4 hours ago





$begingroup$
@ArtisticPhoenix I simplified variable/constant names for here, it was a typo, thanks for pointing that out
$endgroup$
– J. Doe
4 hours ago













$begingroup$
That was what I figured. - no problem. Otherwise it looks ok, you may want to name our constants something more "verbose" so they don't cause any conflicts. I would probably do this as a constant $controller = 'default'; then if(!defined('DEFAULT_CONTROLER')) define('DEFAULT_CONTROLER', 'default') That way if you assign it before including this you can override it. But thats not a big deal.
$endgroup$
– ArtisticPhoenix
4 hours ago





$begingroup$
That was what I figured. - no problem. Otherwise it looks ok, you may want to name our constants something more "verbose" so they don't cause any conflicts. I would probably do this as a constant $controller = 'default'; then if(!defined('DEFAULT_CONTROLER')) define('DEFAULT_CONTROLER', 'default') That way if you assign it before including this you can override it. But thats not a big deal.
$endgroup$
– ArtisticPhoenix
4 hours ago













$begingroup$
P.S.S. I'm not trying to go with MVC - You don't have to go full on MVC, the benefit is that with an auto loader you can avoid touching the path at all. So there is no possiblillity for Directory Transversal ../../../config.php etc. I have this Router and AutoLoader - the router I did for a SO question, so it's less robust then the autoloader. But it loads based on the Class by instantiating instead of building a path. The autoloader has fair documentation, and its simple
$endgroup$
– ArtisticPhoenix
4 hours ago





$begingroup$
P.S.S. I'm not trying to go with MVC - You don't have to go full on MVC, the benefit is that with an auto loader you can avoid touching the path at all. So there is no possiblillity for Directory Transversal ../../../config.php etc. I have this Router and AutoLoader - the router I did for a SO question, so it's less robust then the autoloader. But it loads based on the Class by instantiating instead of building a path. The autoloader has fair documentation, and its simple
$endgroup$
– ArtisticPhoenix
4 hours ago











0






active

oldest

votes











Your Answer





StackExchange.ifUsing("editor", function ()
return StackExchange.using("mathjaxEditing", function ()
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
);
);
, "mathjax-editing");

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "196"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);






J. Doe is a new contributor. Be nice, and check out our Code of Conduct.









draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f215528%2fis-this-a-good-practice-to-load-controllers%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes








J. Doe is a new contributor. Be nice, and check out our Code of Conduct.









draft saved

draft discarded


















J. Doe is a new contributor. Be nice, and check out our Code of Conduct.












J. Doe is a new contributor. Be nice, and check out our Code of Conduct.











J. Doe is a new contributor. Be nice, and check out our Code of Conduct.














Thanks for contributing an answer to Code Review Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

Use MathJax to format equations. MathJax reference.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f215528%2fis-this-a-good-practice-to-load-controllers%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

名間水力發電廠 目录 沿革 設施 鄰近設施 註釋 外部連結 导航菜单23°50′10″N 120°42′41″E / 23.83611°N 120.71139°E / 23.83611; 120.7113923°50′10″N 120°42′41″E / 23.83611°N 120.71139°E / 23.83611; 120.71139計畫概要原始内容臺灣第一座BOT 模式開發的水力發電廠-名間水力電廠名間水力發電廠 水利署首件BOT案原始内容《小檔案》名間電廠 首座BOT水力發電廠原始内容名間電廠BOT - 經濟部水利署中區水資源局

Prove that NP is closed under karp reduction?Space(n) not closed under Karp reductions - what about NTime(n)?Class P is closed under rotation?Prove or disprove that $NL$ is closed under polynomial many-one reductions$mathbfNC_2$ is closed under log-space reductionOn Karp reductionwhen can I know if a class (complexity) is closed under reduction (cook/karp)Check if class $PSPACE$ is closed under polyonomially space reductionIs NPSPACE also closed under polynomial-time reduction and under log-space reduction?Prove PSPACE is closed under complement?Prove PSPACE is closed under union?

Is my guitar’s action too high? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)Strings too stiff on a recently purchased acoustic guitar | Cort AD880CEIs the action of my guitar really high?Μy little finger is too weak to play guitarWith guitar, how long should I give my fingers to strengthen / callous?When playing a fret the guitar sounds mutedPlaying (Barre) chords up the guitar neckI think my guitar strings are wound too tight and I can't play barre chordsF barre chord on an SG guitarHow to find to the right strings of a barre chord by feel?High action on higher fret on my steel acoustic guitar