# Create php Web site using template



## peterjcs (Jan 23, 2007)

I would like to know how to create a customizable php web site that using a template. 

I did create a php web site before that using a template. The logic for the web site is like this:

1)	First, I create a web template. Example, the name is "template.php"
2)	Then I create the main page content for the web site named "main.php".
3)	Then I create an index file. File name is "index.php". 

So, It work like this. In the index.php, it will include the file main.php and template.php.


Example code for template.php

<html>

<head>

<title>New Page 1</title>
</head>

<body>

<table border="0" width="100%" height="32">
<tr>
<td width="100%" height="7">banner here</td>
</tr>
<tr>
<td width="100%" height="13"> <?php include($content); ?> </td>
</tr>
</table>

</body>

</html>


Example code for main.php

<html>

<head>

<title>main page</title>
</head>

<body>
Here is the content for main page



</body>

</html>



Example code for index.php:

<?php

$content = "main.php"; 

include("template.php");

?>


------------------------------------
This site work well if you have a few page for your site. If your page increase, we need to add php swith command to the index page. But that is 

the inefficient come, if your page content hundred of page, then need to add hundred of php switch command to check which page to load. 


So, any others way to create a customizable web site that using template?

Hope you guy can understand


----------



## Redcore (Aug 14, 2007)

You can call the content up through a variable. I do this on my website and other sites that I've made, actually.

So you can make it like this: index.php?p=contact

contact.php is pulled into the middle of the page. At the top of index.php, I put this:


```
<? if(!$p){$p='home';} 

// clean up the page variable if someone is trying to abuse it
$remove = array(
"http", "www", ".com", ".net", ".org", ".tk", ".nl", ".br", ".ru", ".tv", ".mobi", ".co.uk", ".php", ".php3", ".php4", ".php5", ".txt", ".html", ":", "/", ".", ","
);
$p = str_replace($remove, "", $p);
?>
```
Notice that clean-up process. This will keep people from abusing your variable, like doing this: index.php?p=http://www.naughtysite.com/badscript.txt"

People could do the above and basically take over your server. So that's why we clean up the variable and get rid of everything in "$remove" ... it's also a good idea to turn "allow_url_fopen" off so people can't open malicious text files through an off-site URL. Ensure that you've modified "open_basedir" as well - it should be set for your account, that way nobody can execute a script that is not on your server/account.

Okay, so where you have the include, this is what I do:

```
<? include $p.".php"; ?>
```
Notice the ".php" - it's cleaner to have the link as "index.php?p=contact" rather than "?p=contact.php" and it doesn't give anybody any ideas to try to link to their own PHP file or another file (especially malicious ones)

I hope you get what I'm throwin' at ya


----------



## peterjcs (Jan 23, 2007)

Thank redcore. I will try it.


----------

