SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    FBI secret agent digitman's Avatar
    Join Date
    Sep 2004
    Location
    Work
    Posts
    697
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Using templates in your script

    Hi!

    I noticed that most of the Php scripts keep all the HTML templates in a seperate directory, and then include those templates. For example, /templates/header.tpl could be a template which holds your site's header, /templates/footer.tpl could hold the footer, and then you simply include these files from your Php script.

    Thing is, if someone types the path to one of the templates directly in his web browser, (e.g www.example.com/templates/header.tpl), he could see the different variable names and other sensitive information used in the template. Is there any simple way to make sure that unless the template was included by one of the scripts in your script, its not displayed?

  2. #2
    SitePoint Zealot
    Join Date
    Dec 2005
    Posts
    171
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am thinking you need to use chmod. However I cant help on the specifics as i am unsure.

  3. #3
    SitePoint Member
    Join Date
    Dec 2004
    Location
    toronto
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Use .htaccess and remove access to the templates directory.

  4. #4
    FBI secret agent digitman's Avatar
    Join Date
    Sep 2004
    Location
    Work
    Posts
    697
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yea, I was thinking about the .htaccess option.
    Can you mention exactly what code do i put in the .htaccess which would do that?

  5. #5
    Maniacally depressed robot poncho's Avatar
    Join Date
    Dec 2004
    Location
    Belfast, N.Ireland
    Posts
    452
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Have a read at this article, I fpund it very handy when setting up a templated site. It's geared towards Smarty, but you could take away some helpful advice for other systems.

    Cheers;
    Poncho
    Perfecting the art of breaking stuff.
    Check 'em: CakePHP | TextMate

  6. #6
    SitePoint Enthusiast duckax's Avatar
    Join Date
    Aug 2005
    Posts
    94
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why don't you just rename your file .php? This way, the source will never be sent.

  7. #7
    FBI secret agent digitman's Avatar
    Join Date
    Sep 2004
    Location
    Work
    Posts
    697
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Actually the source does get sent even if the files are named .php. Because the files don't have <?php and ?> tags, and they only have HTML code. So the html is sent to the browser.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •