2008/11/7 Zbyněk Nevrlý <[EMAIL PROTECTED]>:
> Hi,
> I am using PHPTAL for seperate business logic from presentation. So there
> are controllers, model classes and views (HTML templates). Problem is there
> views/*.html are accessible from direct calling through URL (I need to have
> views in public_html for Javascript and Ajax dependencies). Is there any
> common practices to protect those *.html from unauthorized users? Maybe
> parsing this templates like php and at the beginning of each files have
> something like that:
> <?php session_start(); if (!$auth->isAuthorized) { redirect to login form
> here} ?>
> Is possible to do that way?
> thanks a lot.

First of all, you can put those files in a directory which is not
accessible from the net, for example outside of the server root.

Second, these are XML files, so you could try "<?php exit; ?>" in them
- it should be interpreted by PHPTAL as a valid processing instruction
and thus ignored as it only looks for tags. The only drawback is that
they will be propably outputted with the rest of the page content -
but I think "<tal:block omit-tag=""><?php exit; ?></tal:block>" will
work too.
PHPTAL mailing list

Reply via email to