Create a "config" file to feed info to other files?

[Gene]

Here's what I want to do. I have a website design that contains a few dozen pages, and I provide copies of this website to my members.

I would like to have a "config.php" file that the user could edit to change several variables to store their individual information. It should include things like:

Website URL:
Account ID#:
Email Address:

etc., etc.

Here's the important part. I need for the variables entered in the config file to be able to be used on any of the website pages, in the HTML code itself as well as on the visual page. For instance, there are many places in the HTML code that have <a href="http://***URL***.com">***URL***.com</a>

The ***URL*** should be replaced in real time by the "Website URL:" entered in the config.php file.

I know this is a pretty straight-forward task, but I don't have the programming knowledge to accomplish this.

Is it a simple 1,2,3, or do I need to hire someone?

Thanks!



.

 

[nasaboy007]

it's straightforward - no use in hiring somebody for something you can do in a few minutes.

at the top of the HTML template, put this code:

<?php
include("config.php");
?>

config.php should/can be replaced with the filename of whatever file your client puts their information into.

the config file shoudl be as such:

<?php
$weburl = "http://www.theirsite.com";
$accountid = "123456";
$email = "[email protected]";
?>

basically, you are declaring variables (all variables are prepended by a dollar sign $ and the name. they can be whatever you want, just don't use the same name for multiple things - you can use numbers too, just no spaces of special characters). if/when you add more variables, don't forget the quotes or the semicolon at the end of each line. if you want to comment the code (to make it easier for your clients to read), you can do something like this on any line:

//This is a comment

Any line that has // at the start will be a comment and be ignored.



then in the actual template file, every time you want to display the url (for example) wherever, use this code:

<?php
echo $url;
?>

So basically, if you have this in your HTML template:

<a href="www.url.com">www.url.com</a>

should look like:

<a href="<?php echo $url; ?>"><?php echo $url; ?></a>

so, you can just use whatever variable that you named it in the config.php and use php's "echo" function (so, for example, use echo $accountid; in the same way that you used echo $url anywhere in your file and it should do it dynamically.

oh, make sure the files are .php files.





just a quick question (for security): are your clients hosting this on your hosting or are they using the templates themselves? (i'm basically asking if you may have malicious users having the ability to edit config.php).

 

[Gene]

nasaboy007, you're a life saver. It all makes sense to me now. I'll work on this an see how it goes.

just a quick question (for security): are your clients hosting this on your hosting or are they using the templates themselves? (i'm basically asking if you may have malicious users having the ability to edit config.php).

Right now, all sites are hosted on my dedicated server. I would like to give them the option to use the templates elsewhere though. What security measures do I need?

Thanks again... I'll shoot some NP$ over to you, as you've saved me some time!

 

[nasaboy007]

Wow, thanks so much for the NP$, that's more than generous! I see you really put the "gene" in "generous" hehe. (Bad joke X_X) Glad I could be of assistance!


If you use them on your own site, then the easiest change would be to change all the times you use the "echo" function to be like this:

<?php
echo strip_tags($url);
?>

You can still change the $url variable to whatever variable, just leave the strip_tags in there (assuming you don't want to allow them to have any HTML customization. That function will remove all HTML tags. The only reason I'd include it is to prevent any malicious user from trying to use XSS (Cross-Site Scripting)). If you trust your clients (or if they have access to editing the actual template that has the <?php echo parts in it, there really isn't much use to using that security since any hacker experienced enough to use XSS will just as easily remove that one function XD. I'm assuming that users can't edit the templates freely?

 

[Gene]

The users do have full control over the templates... they may edit anything they'd like. My only concern is whether or not an outsider could change the config file on someone's site and mess things up for them.

 

[nasaboy007]

No, an outsider can't edit the file (unless they hack the actual server itself, in which case they can do basically whatever they want, but that security flaw wouldn't be caused by this script.

 

[Gene]

Another question for you nasaboy007:

I have a PHP file that processes the email forms on my site. Inside this PHP file, there is a line to enter the email address I want the form to be sent to.

How can I make this file read the config.php file we discussed above, to extract the email address and use that?

Thanks!

 

[nasaboy007]

take out the line where you put the email and use this:

include("path/to/config.php");

The onyl thing you'd have to worry about then would be to make sure there aren't any variable names that are in the config that show up in the email processing file. also, make sure that that function is between <?php and ?> (but assuming if the whole file is php, that shouldn't be a problem)

 

[Gene]

Hmm, I'm confused. How would it know to take just the email address when there are other variables in the config.php file?

Here's a segment of the email processing PHP file:

// email for send submitted forms //////////////////////////////////////////
// if empty, use value from form ('send_to' field)
$send_to = "<[email protected]>";

Doing what you just said, it would end up like this:

// email for send submitted forms //////////////////////////////////////////
// if empty, use value from form ('send_to' field)
$send_to = "<include("path/to/config.php");>";

.



.

 

[Unknown]

I believe another method would be to do as instruced and place this at the top of your email.php file (the one sending the emails)

include("path/to/config.php");

and where it sends the email you would replace it with the $email variable so:

// email for send submitted forms ////////////////////////////////////////// 
// if empty, use value from form ('send_to' field) 
$send_to = $email;

By doing the initial

include("path/to/config.php");

you are including the variables declared in config.php to work in email.php, so w/e the $email variable is set to will be used as the email

 

[fuzzlepop]

You want

include("path/to/config.php"); at the top of your email file.

[CODE]
$send_to = $cemail;
[/CODE]

inside config.php you would have:

$cemail = 'sendtoemailhere';

 

[Gene]

Thanks Unknown and fuzzlepop! I'll experiment with this later today...

 

[nasaboy007]

When you said this, I think I must not hvae been clear, sorry:

$send_to = "<include("path/to/config.php");>";

(above is wrong)


what I meant was change this:

$send_to = "[email protected]";

into:

include("path/to/config.php");

and then inside config.php, put the original line that you deleted into it:

$send_to = "[email protected]";

essentially same thing that unknown and fuzzlepop said.