\x2f\x62\x69\x6e\x2f\x73\x68

The navs function is responsible for printing a list of products that are related to the category our website is in. So if our website has a category named “phone”, the navs function would print links to various phone hardware that we sell.

function navs(){
global $db;
global $http_host;
global $category;
global $trans;

// Start html generation
print ‘ <div id=”navLink”>’.”\n”.
‘ <div id=”navLinkListBackground”>’.”\n”.
‘ <div id=”navLinkList”>’.”\n
<ul>\n<li><a href=\”index.php\”>Home</a></li>\n”;

Find category that belongs to this website.
Don’t think this is vulnerable to an XSS, as $http_host is $_SERVER[’SERVER_NAME’];
The server name of the host that was called from the browser window.
If you don’t use the correct server name, then you will never contact the site

$q = $db->query(”SELECT categories.prod_code from categories,virtual_1 where categories.sub_cat = ‘$category’ AND virtual_1.site_id = ‘$http_host’”);

while ($row = $q->fetchRow()){
$product = $row[0];
$encoded_product = strtr($product, $trans);

// Find products that belong to the category our website claims ownership to.
$q2 = $db->query(”SELECT products.description from products where products.prod_code = ‘$product’”);
while ($row = $q2->fetchRow()){
$prod_desc = strip_tags($row[0]);

$encoded_prod_desc = strtr($prod_desc, $trans);

// Print link list
print “<li><a href=\”$prep?prod_page=$encoded_product\”>$encoded_prod_desc</a></li>\n”;

}
}

print ‘</ul>’.”\n”;
print ‘</div>’.”\n”; // End navLinkList
print ‘</div></div>’.”\n”; // End navLink
} // End nav column

The main page will most likely have a different layout than a product page, so I seperated them.
The header, and footer will remain the same, so each page should still look about the same.

function main_page(){
global $http_host;
global $comments;
navs(); // call our navs function so it gets printed on the mainpage.

print ‘<div id=”supportingText”>’.”\n”;
print ‘<div id=”benefits”>’.”\n”;
print “<p>$comments</p>\n”;
print ‘</div>
</div>’.”\n”; // end benefits div
} // End main page

Have a product page function, so I can print a product page that looks slightly different than
the main page.

function prod_page(){
global $db;
global $http_host;
global $category;
global $trans;

$query_prod_code = mysql_real_escape_string($_GET[’prod_page’]);

navs(); // print our navs again.

// Get image link for product from DB.
$q = $db->query(”SELECT big_image from links where prod_code = ‘$query_prod_code’”);
while ($row = $q->fetchRow()){
$prod_image = $row[0];
}

// Get everything else for product from DB.
$q = $db->query(”SELECT comments,description from products where prod_code = ‘$query_prod_code’”);

while ($row = $q->fetchRow()){
// strip all html markup from the item’s description
$prod_comments = strip_tags($row[0]);
$prod_desc = strip_tags($row[1]);

// encode content, so we remain xhtml compliant.
$encoded_prod_comments = strtr($prod_comments, $trans);
$encoded_prod_desc = strtr($prod_desc, $trans);
}

// strip html markup from comments for use in our image alt tag.
$img_alt_tag = strip_tags($encoded_prod_comments);

print ‘ <div id=”supportingText”>’;
print ” \n<h1>$encoded_prod_desc</h1>\n”;
print “<div id=\”supportingImg\”>\n
<img src=\”http://www.cmh.net$prod_image\” alt=\”$img_alt_tag\” />\n
</div>\n”; // end supportingImg
print ‘<div id=”benefits”>’.”\n”;
print “<p>$encoded_prod_comments</p>\n
</div>\n”; // end benefits
print ‘</div>’.”\n”; // end supportingText
} // End product page

// Error page for bad queries.
function error_page(){
print “error”;

} // End error page
?>

The header.php file is where i’m handling the initial HTML code generation. This is where the logic for printing a standard header is contained. We’re using global variables that we obtained from config.php when it was called.

// bunch of global stuff here.
global $db; // so we can call db
global $http_host; // shortcut for $_SERVER[’HTTP_HOST’]
global $stylesheet; // Cascading Stylesheet this page is going to use
global $change_title; // Page’s title
global $category; // Category site belongs to
global $preamble; // Small site description, coming from the DB
global $meta_keywords; // meta keywords
global $meta_description; // meta description

Below is where we set up some important HTML related material. I’m using all those newlines to help keep the HTML output human readable for debugging purposes. Granted, one could argue that they make the PHP code ugly, and they would probably be correct, but I always seem to run into that one HTML tag that is being opened, and never closed, or vice versa, so I like to make the output in somewhat of a tree.

$metas_and_title = ”;
$metas_and_title .= ‘<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”> ‘;
$metas_and_title .= “\n<html>\n”;

// below is our meta tags that we got from the db earlier in config.php
$metas_and_title .= “<meta name=\”keywords\” content=\”$meta_keywords\”>\n”;
$metas_and_title .= “<meta name=\”keywords\” content=\”$meta_description\”>\n”;

// our title line
$metas_and_title .= ‘<title>’.$change_title.’</title></head>’ . “\n”;

Using a Here Document below. Probably an old perl habit I developed, not sure if it’s the most efficient way of printing all this, but I feel that it’s easy to read, and should be easy to maintain.

$header = <<<HTML_HEADER
$metas_and_title
$body_tag

<div id=”container”>
<div id=”intro”>

<div id=”pageHeader”>
<h1><span>main_heading</span></h1>
</div>
<div id=”preamble”>
<h2>$preamble</h2>
</div>
</div>
HTML_HEADER;

Then finally after we create out header in the Here Document, we still need to print it below.

print $header;

As you can probably tell, config.php is where we hold the configuration information for our websites. I will sketch out basicly how i’m doing this.

First we load up the database interface module.

require ‘DB.php’;

the variables below are so I dont have to type our those strings a million times in my code.

$prep = $_SERVER[’PHP_SELF’];
$query = $_SERVER[’QUERY_STRING’];
$http_host = $_SERVER[’SERVER_NAME’];

I put this body tag in here incase I wanted to use some javascript later on.

$body_tag = ‘‘;

Ok, now for the database stuff. First I set up my variables needed to connect.

$db_host = ‘localhost’;
$db_login = ‘Multi’;
$db_pass = ‘i took out the pass you newb’;
$db_name = ‘multi’;

// no editing should be needed beyond this point

The next step is to actually make the connection to the database.

$db = DB::connect(”mysql://$db_login:$db_pass@$db_host/$db_name”);
if (DB::isError($db)){ die (”Can’t connect: ” . $db->getMessage()); }
// error handling
$db->setErrorHandling(PEAR_ERROR_DIE);

Here we contact the db, and retrieve information specific to this website. Later we will reference these as global variables. I’ve thought about a possible injection problem with my query below, but I cant see how it would be a problem, $_SERVER[’http_host’] will always be a domain. If you dont call the right domain, the query would never be executed anyway.

$t = $db->query(”SELECT category, stylesheet, page_title, comments, preamble, meta_kw, meta_desc from virtual_1 where site_id = ‘$http_host’”);
while ($row = $t->fetchRow()){
$category = $row[0]; // this is what category our site belongs to
$stylesheet = $row[1]; // this is the stylesheet we will be using
$change_title = $row[2]; // title for site
$comments = $row[3]; // site’s main page content
$preamble = $row[4]; // preamble is where I will put a quick site description.
$meta_description = $row[5]; // meta description tag content.
$meta_keywords = $row[6]; // meta keywords tag content.

}

The database I made for this script is pretty simple. It contains 8 columns. Wanted to just store basic information, as to keep things simple. What i’m doing is giving each website a category of products that CMH sells, a unique cascading style sheet, and a small amount of webpage related content, such as page title, and comments.

You may be asking asking yourself “Where does the category come into play?”.
Well, we have an existing product database. Each product belongs to a category. By defining a catagory for our website, then we should be able to pull all of the products from the existing db, and generate pages for them, with existing product content.

Preamble is a column I made to give a brief explination of what the website is about. Comments is where I will be putting the content for our front page.

mysql> show columns from virtual_1;
+————+————–+——+—–+———+——-+
| Field | Type | Null | Key | Default | Extra |
+————+————–+——+—–+———+——-+
| category | varchar(30) | | PRI | | |
| site_id | varchar(100) | YES | | NULL | |
| stylesheet | varchar(100) | YES | | NULL | |
| page_title | varchar(100) | YES | | NULL | |
| comments | text | YES | | NULL | |
| meta_desc | varchar(250) | YES | | NULL | |
| meta_kw | varchar(1000) | YES | | NULL | |
| preamble | text | YES | | NULL | |
+————+————–+——+—–+———+——-+

For this script I decided early that I wanted to keep the code clean as possible. In the past project complexity has overwhelmed my ability to write maintainable code, so I decided to break this script up into several seperate files.

File:

• config.php
• footer.php
• header.php
• html.php
• index.php

As you can probably tell, each file has a specific purpose.

The main script, which calls the other functions is of course index.php. This is the portion where we load all or required helper functions, and determine the status of any queries that were made to the site.

Config.php is where i’m keeping all those important variables which are global to my script, such as database login information. This is also where I put my code that determines what stylesheet should be used.

In header.php we start the initial page generation. This is where I will keep the top portion of any webpages that are created, including header information, and the beginning of my xhtml markup.

If index.php is the head of this monster, then surely html.php is the arms, and torso. It’s where most of the page generation takes place. The functions in here are called by index.php according to what query was provided.

Finally footer.php is where i’m keeping the bottom portion of any pages that are created.

I will go into more depth on each part of the script in future postings. Wanted to show the basic idea of what i’m trying to do with this project.

I’m working on this set of php scripts that will allow me to create multiple websites depending on the domain the client calls.
The idea is to have one directory with several vhosts aliased to it, and a stylesheet for each vhost. Having one location for maintainence should make updates easier. The data i’m using for site content is coming from an existing MySQL database used for an online catalog. I am in the process of writing the backend portion, which is where a person can add new domains to the list of pages to be generated. Trying to make it simple as possible, yet retain the ability to make each site truely unique.
Will post more when I get closer to the finish line.