On 07-11-2008 at 09:38:13 Zbyněk Nevrlý <[EMAIL PROTECTED]> wrote:

I am using PHPTAL for seperate business logic from presentation. So there
are controllers, model classes and views (HTML templates). Problem is there views/*.html are accessible from direct calling through URL (I need to have views in public_html for Javascript and Ajax dependencies).

This shouldn't matter. Filesystem paths of template files are unrelated to URLs - you can put PHPTAL templates anywhere you want, even if templates use Javascript and other files from public_html.

Is there any common practices to protect those *.html from unauthorized users?

You should move template files outside document root or configure web server to deny direct access to these files (browsers *never* need to download template files).

<?php session_start(); if (!$auth->isAuthorized) { redirect to login form here} ?>

Is possible to do that way?

It sort-of is, but that's a wrong problem to solve :)

regards, Kornel

PHPTAL mailing list

Reply via email to