You need to make sure all requests to your website go to a single PHP
file. This is probably something in the webserver configuration. In apache
if mod_alias is available you might use an aliasmatch directive:
AliasMatch ^/mysite/(.*) /mysite/main.php
Then in eg /mysite/main.php you would use one of the $_SERVER variables
to get the request string. Probably $_SERVER['REQUEST_URI']
Finally you need to process the request string to extract the filename
you want to use.
Then you need to open the file and execute it. You can use include for
this.
Finally, be very careful about assuming anything. If you are not careful
you can easily enable a remote execution of php attack on your server
because someone sends a request like:
http://164.33.123.22/mysite/http://nasty.ip.address/path/to/nasty/file
If you assume that everything after /mysite/ is a php file to run, and
your server is configured to execute remote code, it will run nasty file
code on your server, and nasty file can do anything your code is
authorised to do, like delete files, drop tables from databases, send
emails to the whole planet pretending to be you etc.
It is much safer to create a lookup table of keyword => file (you can do
this with an array) and use that to get the filename.
If a keyword doesn't exist, treat it as an error and send an email to
whoever maintains the site.
This is a very simple example:
<?php
$bits = explode("/", trim($_SERVER['REQUEST_URI']));
if (count($bits > 2) $index = $bits[2];
$phppath = "/path/to/bingfiles/";
$lookup = array(
'jim' => $phppath.'jim.php',
'fred' => $phppath.'fred.php'
);
if (count($bits) > 2 && isset($lookup[$index])) {
include $lookup[$index];
}
else {
if (count($bits) > 2) {
// invalid url was used
}
// create default page here
}
--
Denis McMahon,
denismf...@gmail.com