Prevent a file opening unless it is in a templare

I have a web site which uses a template. Nearly all the content files are intended to be opened within the template, and without it they lack DOCTYPE, title,styling and JS files etc. It’s all controlled from an index.php file in the root. Nothing unusual about that, I’d have thought, and it works perfectly well.

However recent attempts at improving SEO have led to a slew of errors in ‘Webmaster Tools’ resulting from Google attempting to open the files ‘naked’.
I’m trying to work out why this is happening now (I’ve not knowingly had it happen before).

Meanwhile I’m looking for a way to force the files to open in the template. This would also deal with a visitor typing the actual URL of the file directly into his/her browser.

Is there a recommended way of doing this ?

As an alternative, I have found a way to force reversion to the home page instead (by testing for included files), but at present it has to be tailored for each page, which is not ideal.

Sure, don’t store them in a web accessible directory, store them a level above the web accessible folder and use include, include_once, require or require_once to load them into your template.

Since they are not in a web accessible directory, they can’t be accessed directly and can only be accessed via your primary pages/scripts (that are web accessible).

Thanks cpradio. I hadn’t considered that in this context, although I’ve used it before for data files.
The files are already ‘included’ or ‘required’ as variables, so it would just be a matter of changing the paths (and moving the files, of course).

Since almost all the pages are opened in the template I could end up with most of the site content being above the root. I’ve not seen that recommended before. It’s not a large site, about 36 pages in the site map.

I use this technique a lot, as it allows me to lock down how someone accesses my files (which consequently helps with any possible injections by shortcuting to a template file without going through its controller).

Thanks again.

If I’ve understood this correctly, I couldn’t benefit from it as it’s the controller which determines the contents of the variables ‘included’ or ‘required’ in the template (so I can’t bypass the controller).

But at least I can use the ‘above the root’ technique, and I’ve already tested it out.

Right. If you research MVC or MVP patterns you will see how that comes in handy.

Yep, and that is a good start :slight_smile: