Closed Thread Icon

Topic awaiting preservation: Stop directly oopening PHP... (Page 1 of 1) Pages that link to <a href="https://ozoneasylum.com/backlink?for=26092" title="Pages that link to Topic awaiting preservation: Stop directly oopening PHP... (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: Stop directly oopening PHP... <span class="small">(Page 1 of 1)</span>\

 
Ensellitis
Bipolar (III) Inmate

From: Kansas City, MO , USA
Insane since: Feb 2002

posted posted 06-23-2005 09:10

I want to place all of my CSS into on PHP file and simply call each style by css.php?style=whatever...

My question, is it possible to keep the file from being called directly? Meaning if they type the url into the address bar it wont display the CSS?



(Edited by Ensellitis on 06-23-2005 09:11)

Ensellitis
Bipolar (III) Inmate

From: Kansas City, MO , USA
Insane since: Feb 2002

posted posted 06-23-2005 09:38

Nevermind...

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 06-23-2005 13:27

not easily. I mean, you can always do a referercheck - but that doesn't stop any one who's determined even the least bit (either forge referer, or just browse your own cache...)

Ensellitis
Bipolar (III) Inmate

From: Kansas City, MO , USA
Insane since: Feb 2002

posted posted 06-23-2005 19:04

What about something like this in the head of the file to be included:

code:
if (!function_exists('prevent_direct_loading')) { die('Sorry, but this file can not be loaded directly.'); }



And adding the prevent_direct_loading function in the page it is to be included on?

(THis is to make a CSS file and some JS files secret, but work on the site...)



(Edited by Ensellitis on 06-23-2005 19:05)

WarMage
Maniac (V) Mad Scientist

From: Rochester, New York, USA
Insane since: May 2000

posted posted 06-23-2005 19:58

If you are trying to hide you CSS from the user you can not do it.

The user will always have access to your CSS file if you are going to use it to do your presentation.

Dan @ Code Town

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 06-23-2005 20:22

I think you overlooked that your css and php files are being included by the browser - they're being done via seperate request, and therefore won't have anything defined you do in your main php file (be it a function, a variable, or a constant).

If it's just you working on the site, have you considered passing something like
?bDevelop=true
to the php site,
and including different java scripts depending on wether bDevelop is set?

DL-44
Maniac (V) Inmate

From: under the bed
Insane since: Feb 2000

posted posted 06-23-2005 20:52

the question needs to be asked - why would you want to hide your css?

Ensellitis
Bipolar (III) Inmate

From: Kansas City, MO , USA
Insane since: Feb 2002

posted posted 06-23-2005 23:26

I don't or would ever want to hide MY css. My client wants his site to be "secure", whatever makes him sleep better at night.

Pugzly
Paranoid (IV) Inmate

From: 127.0.0.1
Insane since: Apr 2000

posted posted 06-24-2005 00:46

He's in for a rude awakening.

DL-44
Maniac (V) Inmate

From: under the bed
Insane since: Feb 2000

posted posted 06-24-2005 02:27

hiding/not hiding the site's CSS has nothing whatsoever to do with the security of the site

Ensellitis
Bipolar (III) Inmate

From: Kansas City, MO , USA
Insane since: Feb 2002

posted posted 06-24-2005 06:23

By secure I think he meant by protecting it from being ripped. I eamiled him and still waiting for a response...

WarMage
Maniac (V) Mad Scientist

From: Rochester, New York, USA
Insane since: May 2000

posted posted 06-24-2005 17:16

That is still not possible, you can not prevent your site from being ripped. Once you sever something to the user they have it.

Be it a flat text files like HIML or CSS, or compiled applications like Java or Flash, all of your code and images served to a user can easily be pulled back out. If you give something to the user to view they have it, and you can not protect it.

Dan @ Code Town

bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted posted 06-24-2005 18:07

Even if you couldn't get the files anyone with some small talent could easily recreate any website with relative ease.



.:[ Never resist a perfect moment ]:.

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 06-24-2005 22:55

here's a (mild) idea that will stop your site from easily being ripped:

Encode your css (and javascript) via javascript, using location.href as a key.
If you mumble the stuff hard enough, few people will be able to decode it in a
decent amount of time - and it simply won't run on a different domain.

« BackwardsOnwards »

Show Forum Drop Down Menu