Dynamic PHP Page Include (CMS / Blog)

Question

I have hunted around, but have not found an answer specific to what I am trying to do. I currently run Wordpress on my personal web server, but I am looking to move away from it. I am writing my own semi-CMS system. I have a of it already done, and am starting to do the Blog section. I have a bare-bones pages template that I use when creating a blog entry saved in a /blog_files directory. These pages just include a <section> area with formated text. From there, I have a PHP script that grabs the 5 most recent PHP files and include them into the Index.php page. This works perfectly and seems super fast.

My question/problem is that i am looking for a secure way to have visitors be able to click on the blog heading and take them to a dedicated page for that blog. I have an empty page.php page that includes header, menu, and footer, and would like to include the blog_page/file.php inside of that page. I want to do this dynamically, but also securely. I have thought about using sessions or GET/POST, but not sure which would be the best for performance ans security.

I came across this page which includes the following:

    <?php
    session_start();
    $_SESSION['regName'] = $regValue;
    ?>

    <form method="get" action="get_reg.php">
        <input type="text" name="regName" value="">
        <input type="submit">
    </form>

I thought of using this, and just passing the include page though this variable, but this is code is from 6 years ago, and I am not sure if this is still the preferred way to handle this. I am running Centos 7 with Apache 2.4 and latest PHP.

Any help would be appreciated.

Answer 1

Well, after quite a bit of digging, reading, combining, editing, re-editing, and re-re-editing (lol) I think I have found my solution.

This is what I ended up with.

This is the blog page which shows the 5 most recent blog files in the blog_files directory. It then creates creates a link with the header information which passes the filename to the blog_single page.

    <?php
        $blogs = array(); // create blog file array
        // gathers all files in blog_file folder matching *.php
        foreach (glob("blog_files/*.php", GLOB_BRACE) as $filename) {
            $blogs[$filename] = filemtime($filename);           }
        arsort($blogs);
        // return only the newest 5 files
        $newest = array_slice($blogs, 0, 5);

        // for each of the newest 5, gather meta tag info from page
        foreach($newest AS $blog => $value) {
        $tags = get_meta_tags($blog);           
        $title=$tags['title'];
        $authur=$tags['author'];

            // if page title is not empty proceed
            if (!empty($title)) {
            // strip folder and .PHP from file name or security and to use as title
            $page = basename($blog, ".php").PHP_EOL;                    
            // echo $title and link to blog_single while passing variable
            echo("<h3><a href=blog_single.php?page=$page>$title</a></h3>");
                }
        // include blog entry in page below title link
        include $blog;

        }

    ?>

From there, the blog_single page gets the file name and then include that into the page.

    <?php 
        // reconstruct include file path
        $page = "blog_files/" . $_GET["page"] . ".php";
        // I will be adding additional code to verify PHP file exists only in includes directory

        // get meta-tag information from page
        $tags = get_meta_tags($page);           
            $title=$tags['title'];
            if (!empty($title)) {
                $headline=$title ;
                }   
    ?>
    <section>
        // include blog entry in the blog_single.php page
        <?php include($page) ;?>
    </section>

I hope this helps someone in the future, and if you notice anything I should have done, please feel free to post your suggestions or comments.