Smarty Forum Index Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon.

how to avoid user from viewing my template files
Goto page Previous  1, 2
 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Tips and Tricks
View previous topic :: View next topic  
Author Message
kaotic
Smarty Rookie


Joined: 29 Jul 2005
Posts: 14

PostPosted: Wed Aug 17, 2005 2:27 am    Post subject: Reply with quote

I totally agree that #3 is useless I just poped it out there as it apears he has no other options. however i do like your 4th sugestion but again it is overkill but then again it will work even in his situation of not having access outside doc root and not being able to utalize .htaccess
_________________
//Brandon
Back to top
View user's profile Send private message
rex1982
Smarty Rookie


Joined: 24 Oct 2005
Posts: 28

PostPosted: Mon Feb 13, 2006 3:52 am    Post subject: Reply with quote

use it:
Code:

{if $non_var ==1}
<?
{/if}
Back to top
View user's profile Send private message
Hielke Hoeve
Smarty Elite


Joined: 06 Jan 2006
Posts: 406
Location: Netherlands

PostPosted: Mon Feb 13, 2006 2:18 pm    Post subject: Reply with quote

To prevent viewing folder listing (in case you can't set a .htaccess) create an index.html in that folder and keep it empty (or insert funny text).
Back to top
View user's profile Send private message
nulled
Smarty Rookie


Joined: 30 Jun 2006
Posts: 5
Location: washington

PostPosted: Fri Jun 30, 2006 4:15 am    Post subject: Reply with quote

Why so concerned with keeping your templates from being downloaded or viewed?

Thats like being paranoid about people viewing your HTML source or JavaScript Source. Smarty is for the Presentation Layer of the application and therefore exposed to the Viewer.

Unless your SELLING your templates... I suggest you use get ioncube.com and excrypt your templates.. that is the ONLY way to ensure they will not get forged... again tho.. html is meant to be exposed... smarty templates are no different.
_________________
----------------------
http://www.digipanel.com
Advanced Control Panel
Unbeatable Price
Fully Featured
Back to top
View user's profile Send private message Visit poster's website AIM Address MSN Messenger
Hielke Hoeve
Smarty Elite


Joined: 06 Jan 2006
Posts: 406
Location: Netherlands

PostPosted: Fri Jun 30, 2006 2:40 pm    Post subject: Reply with quote

nice way of bumping ooold threads Wink

5) put your templates in a database
6) if all other options fail change provider Rolling Eyes
_________________
Debug XHTML Compliance
SmartyPaginate
Smarty License Questions
---
(About Unix) The learning curve is full of aha! moments, such as that glorious day that the full beauty of grep and, later, find is revealed in all its majesty. --- Robert Uhl <ruhl@4dv.net>
Back to top
View user's profile Send private message
Pap
Smarty Regular


Joined: 21 Jun 2006
Posts: 69
Location: Denver, CO

PostPosted: Fri Jun 30, 2006 3:38 pm    Post subject: Reply with quote

You could change all your .tpl files to .php files and add this code to the top of each template:

[php:1:bbf5e00c2d]<?php
if (basename($_SERVER['PHP_SELF']) == basename ( __FILE__ ) ) {
header("HTTP/1.0 404 Not Found");
die();
}
?>[/php:1:bbf5e00c2d]

However, in your main script (or Smarty config file) you will need to make sure to change the value of $php_handling to either 'SMARTY_PHP_REMOVE' or 'SMARTY_PHP_ALLOW'
_________________
Don't be stupid, be a Smarty™.
Come and join the P-H-Party.
Back to top
View user's profile Send private message
leanweb
Smarty Rookie


Joined: 27 Oct 2004
Posts: 24
Location: Newark, DE

PostPosted: Tue Sep 26, 2006 6:58 am    Post subject: Reply with quote

listen to saerdna and others and work it out with your hosting company to either a way to control .htaccess or ability to place files outside of your document root directory.

they should actually let you do both.

all alternatives are going to cost money, aggravation and security tradeoffs. and probably wont reliable accomplish what you want anyways.
Back to top
View user's profile Send private message Visit poster's website
satya61229
Smarty Rookie


Joined: 11 Nov 2006
Posts: 8
Location: India

PostPosted: Wed Nov 22, 2006 7:32 am    Post subject: Re: how to avoid user from viewing my template files Reply with quote

hook wrote:
if some one type: http://my.url/doc/templates/index.tpl, he can directly view or download the template. can some one tell me how to avoid this kind of thing from happing.
thank u.
BTW, I can only store my templates in WWW folder.


And make sure to put an index.php/default.html file in your template dir. So that no one can browse your dir.
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
toplisek
Smarty Regular


Joined: 17 Sep 2009
Posts: 48

PostPosted: Fri Mar 25, 2011 1:28 pm    Post subject: Reply with quote

<Files ~ "\.(tpl|inc|cfg)$">
order deny,allow
deny from all
</files>

Will this work only on all subfolder and folders for these extensions?

Can be PHP also set to this?
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Tips and Tricks All times are GMT
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP