php - include a page selected in URL with $_GET

232

I want to create a page who's including himself the selected page choose in URL (example :index.php?p=signin with protection. Can I secure more my page?

I don't secure the text from$_GET['p'] against injection. I just want to know if its dangerous or not with this method or not ?

$grantLevel = [
    'Banned'                => 0 ,
    'Guest'                 => 1 ,
    'Trial'                 => 2 ,
    'Normal'                => 4 ,
    'Premium'               => 8 ,
    'Moderator'             => 16 ,
    'Administrator'         => 32 ,
    'SuperAdministrator'    => 64 
] ;

$pages = [
    'ban'       => $grantLevel['Banned'] ,
    'error'     => $grantLevel['Guest'] ,
    'forbidden' => $grantLevel['Guest'] ,
    'manage'    => $grantLevel['Administrator'] ,
    'signin'    => $grantLevel['Guest'] ,
    'welcome'   => $grantLevel['Guest'] ,
];


$accountLevel = $_SESSION['accountLevel'] ;


if($accountLevel != $grantLevel['Banned']){   

    if(isset($_GET['p'])) {

        if($accountLevel >= $pages[ $_GET['p']]) { 

            $p = $_GET['p'] ;

        } else {

            $p = 'forbidden' ;
        }
    } else { 

        $p = 'error' ;
    }    
} else {

    $p = 'ban' ;
}

require( $p . '.php') ;

People are also looking for solutions to the problem: php - How to get access token using oauth_consumer_key in Magento 2?

Source

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.