I wrote a simple script. Location core.php
Index.php
Is this secure?
PHP:
function secure_page()
{
switch ($_GET['page'])
{
case 'showcharacter':break;
case 'error': break;
case 'news': break;
case 'home'; break;
default: echo "<br>Security Hint! Access Denied - You are not allowed to view this page."; break;
}
}
Index.php
PHP:
<?php
$page = ((isset($_GET['page']) && $_GET['page'] != '') ? $_GET['page'] : 'home');
$page=(preg_match('/(\.\.|\/)/i',$page)?'home':$page);
$page = preg_replace('/[^a-zA-Z0-9 \._-]/','',$page);
$page = (file_exists('./pages/'.$page.'.php') ? $page : 'error');
include('./pages/'.$page.'.php');
secure_page();
?>
Is this secure?