PDA

View Full Version : will too many include() ruin my search engine plans ?

c q
10-08-2002, 06:48 PM
hii!!
I made some templates that look like this....(code below)
ythese shoewd up on google alright, but just the links with no accompanying description text like the other sites....sort of made me believe that for some reason the structure of my template is not search engine frendly.
comments ? suggestions ?????
(forget the meta tags for the moment...):p


<?php
session_start();
?>
<?php
if ( ! isset($txtSize) )
{
session_register( "txtSize" );
$txtSize = "small";
//see footer.php where users can
//choose their txt size.
//and the appropriate css is loaded.
}
?>
<html>
<head>

<!---stylesheet for colors----->
<?php
echo ("<style>");
include ("cbit_main.css");
echo ("</style>");
?>
<!---stylesheet for txt sizes--->

<?php
if ( isset ($txtSize) )
{
print ("<LINK REL=StyleSheet HREF=cbit_$txtSize.css TYPE=text/css MEDIA=screen>");
}
else { //ifff for some reason the cookie is not set
print ("<LINK REL=StyleSheet HREF=cbit_small.css TYPE=text/css MEDIA=screen>");
}
?>
</head>
<BODY>
<table width=780 cellpadding=0 cellspacing=0 border=0 align="center">
<tr>
<!---row1 col1---->
<td valign=top colspan=3>
<img src="img/cbit.gif" width="778" height="60">
</td>
</tr>
<tr>
<!---row2 col1--->
<td valign=top background="img/bg_menu.gif" width="136" style="background-repeat:repeat-y;">

<!---menu--->
<?php
include("menu.php");
?>
<br>
<img src="img/spacer.gif" width=136 height=1>
</td>
<!---row2 col2---><td valign=top width="574">
<!---main page contents--->
<br><br>
<table width=85% cellpadding=0 cellspacing=0 align=center>
<tr>
<td valign=top>
<?php
if ( file_exists( $display ) ) {
include($display);
} else
include ("note.php");
?>
</td>
</tr>
</table>
<!--end of main page contents-->
<!---row2 col3--->
<td valign="top" width="150">
<img src="img/pic_main.jpg" width="150" height="200"><br>
<!--google search---><B><span style="COLOR: #1181d8;">SEARCH</span></b><br>
<form action=http://www.google.com method=POST>
<input type=text size=12 value="Search CBIT">
<input type="image" src="img/go.gif" width=24 height=18>
<br><img src=img/google.gif width=60 height=40 align=middle ALT="Powered by Google">
</form>
<!---end google search---->
</td>
</tr>
<tr>
<!---row3 col1--->
<td colspan=3 width=100%>
<!---begin footer--->
<?php
include ("footer.php");
?>
<!----end of footer-->
</td>
</tr>
</table>
<?php
print ("<title>$pageTitle</title>");
?>
</body>
</html>


p.s ::: $pageTitle and $display will come in with the query string.
mordred
10-08-2002, 08:23 PM
Originally posted by c q


if ( file_exists( $display ) ) {
include($display);
} else
include ("note.php");



Remove that immediately from your code. Yes, do it now, and update your documents on your webserver. You are introducing a *great* security hole with this code. Just checking if a file exists is not an acceptable check for the integrity of user sent data!

This may sound harsh, but it's the reality. If you had a config.ini file lying in directory around, it could be included and presented to the malicious user because you let him do so.

You could rewrite this part in a fashion that you define an array with certain keys (like "page1", "page2" etc.) and the filenames in there. Then you can check for integrity if the passed $display value exists as a key of that array, and if so, you can safely include the defined file.

...
About google: How google is ranking your pages is not publicly known, but if it doesn't call your page with a query string, maybe it finds to few information? Anyway, what google only can do is to index the HTML output, not what you're doing as a PHP script.
Dylan Leblanc
10-09-2002, 11:26 AM
Maybe you just need plain old META tags in there.
c q
10-09-2002, 06:36 PM
actually ths what I used to think....so if I had a query string like

ok...to make it look more vivid... ths is the google search page...

http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=+site:cbit.ac.in+niharica
or you could simply go to google and type out
site:cbit.ac.in niharica
in the search box.
so links like cbit.ac.in/~niharica/cbit/cbit.php?target=aboutus
is really a html file at the output stage. actually our servers are down for sometime unfortunately I cannot show you the file as such. but take it is there...and it has the word "niharica" in footer.php. thrs no txt accompanying the site link like it usually is there in other search listings. %#*^#@(*&_Q* too much confusion here
about the file_exists part, okay....I'll like change it......:Dbut I jusss need to know if thrs something in the code that;'s causing it.