2008/11/7 Zbyněk Nevrlý <[EMAIL PROTECTED]>: > Hi, > I am using PHPTAL for seperate business logic from presentation. So there > are controllers, model classes and views (HTML templates). Problem is there > views/*.html are accessible from direct calling through URL (I need to have > views in public_html for Javascript and Ajax dependencies). Is there any > common practices to protect those *.html from unauthorized users? Maybe > parsing this templates like php and at the beginning of each files have > something like that: > <?php session_start(); if (!$auth->isAuthorized) { redirect to login form > here} ?> > > Is possible to do that way? > > thanks a lot.
First of all, you can put those files in a directory which is not accessible from the net, for example outside of the server root. Second, these are XML files, so you could try "<?php exit; ?>" in them - it should be interpreted by PHPTAL as a valid processing instruction and thus ignored as it only looks for tags. The only drawback is that they will be propably outputted with the rest of the page content - but I think "<tal:block omit-tag=""><?php exit; ?></tal:block>" will work too.
_______________________________________________ PHPTAL mailing list PHPTAL@lists.motion-twin.com http://lists.motion-twin.com/mailman/listinfo/phptal