Topic awaiting preservation: Stop directly oopening PHP... (Page 1 of 1)

I want to place all of my CSS into on PHP file and simply call each style by css.php?style=whatever...

My question, is it possible to keep the file from being called directly? Meaning if they type the url into the address bar it wont display the CSS?



(Edited by Ensellitis on 06-23-2005 09:11)

Nevermind...

not easily. I mean, you can always do a referercheck - but that doesn't stop any one who's determined even the least bit (either forge referer, or just browse your own cache...)

What about something like this in the head of the file to be included:

if (!function_exists('prevent_direct_loading')) { die('Sorry, but this file can not be loaded directly.'); }

And adding the prevent_direct_loading function in the page it is to be included on?

(THis is to make a CSS file and some JS files secret, but work on the site...)



(Edited by Ensellitis on 06-23-2005 19:05)

If you are trying to hide you CSS from the user you can not do it.

The user will always have access to your CSS file if you are going to use it to do your presentation.

Dan @ Code Town

I think you overlooked that your css and php files are being included by the browser - they're being done via seperate request, and therefore won't have anything defined you do in your main php file (be it a function, a variable, or a constant).

If it's just you working on the site, have you considered passing something like
?bDevelop=true
to the php site,
and including different java scripts depending on wether bDevelop is set?

the question needs to be asked - why would you want to hide your css?

I don't or would ever want to hide MY css. My client wants his site to be "secure", whatever makes him sleep better at night.

He's in for a rude awakening.

hiding/not hiding the site's CSS has nothing whatsoever to do with the security of the site

By secure I think he meant by protecting it from being ripped. I eamiled him and still waiting for a response...

That is still not possible, you can not prevent your site from being ripped. Once you sever something to the user they have it.

Be it a flat text files like HIML or CSS, or compiled applications like Java or Flash, all of your code and images served to a user can easily be pulled back out. If you give something to the user to view they have it, and you can not protect it.

Dan @ Code Town

Even if you couldn't get the files anyone with some small talent could easily recreate any website with relative ease.



.:[ Never resist a perfect moment ]:.

here's a (mild) idea that will stop your site from easily being ripped:

Encode your css (and javascript) via javascript, using location.href as a key.
If you mumble the stuff hard enough, few people will be able to decode it in a
decent amount of time - and it simply won't run on a different domain.