This idea is about the headers and footers.

I think we should be able to include a special tag in the headers/footers, such as:

<!--INCLUDE{URL TO EXTERNAL FILE}-->

That will cause the external file to be loaded, and the output displayed.

Now, this wouldn't be much use on its own, but if you added "tags", we could use it to get (secure) user-specific content.

eg:

You want to display a message to only certain usernames, but you don't want to display the source to anyone.

You do something like this:

<!--INCLUDE{http://example.com/getMessage.php?username=[username]}-->

Where [username] would automatically be replaced by the user who is viewing the page's username.

This would be good for making PHP/JS combo codes more secure

Note: This isn't just using PHP code, the server would only fetch the OUTPUT of the external file, not execute anything itself.

So use file_get_contents on the included file?

Sounds extremely sexy, and will help out my codes a lot.

However, I think we should implement it in a way that will allow for future features to be added on. Something like this:

Code:

Select All

 

<#VF_CODE_START#>
include("http://www.site.com/script.php?user="+current_user);
include("http://www.site.com/script.php?user="+current_user+"&step=2");
<#VF_CODE_END#>

<#VF_CODE_START#> {BR}include("http://www.site.com/script.php?user="+current_user); {BR}include("http://www.site.com/script.php?user="+current_user+"&step=2"); {BR}<#VF_CODE_END#>

 

Something like that.

Just wondering, but what could this be used for? My mind seems to have gone blank and I cannot think of any codes which you wouldn't want users to see

umm it could be used to make javascripts to be called easier. well any scripting for that matter.

Anything that uses server-side that needs user-specific rules.

My lottery system, for instance. It's very hard to secure a username across domains; this way, users can't see what site is being accessed, or what it's looking for. That way, codes like this will be more secure.

Im no good with coding but i had a code on my forum that russell made twas a affiliate database which used a server yo count up hits and add them via admin panel to a database

would that of used it?

Posted By Marc on 15th Feb 08 at 9:54pm

 

Anything that uses server-side that needs user-specific rules.

My lottery system, for instance. It's very hard to secure a username across domains; this way, users can't see what site is being accessed, or what it's looking for. That way, codes like this will be more secure.

Thats what I was thinking. You could securely get content for ONE user only, and not let them switch the username in the URL for someone elses, to edit their settings or get their info.

Posted By Simie on 15th Feb 08 at 10:16pm

 

Posted By Marc on 15th Feb 08 at 9:54pm

 

Anything that uses server-side that needs user-specific rules.

My lottery system, for instance. It's very hard to secure a username across domains; this way, users can't see what site is being accessed, or what it's looking for. That way, codes like this will be more secure.

Thats what I was thinking. You could securely get content for ONE user only, and not let them switch the username in the URL for someone elses, to edit their settings or get their info.

Thus making my Points code oh so more secure! ^_^