2008/11/7 Zbyněk Nevrlý <[EMAIL PROTECTED]>:
> Hi,
> I am using PHPTAL for seperate business logic from presentation. So there
> are controllers, model classes and views (HTML templates). Problem is there
> views/*.html are accessible from direct calling through URL (I need to have
> views in public_html for Javascript and Ajax dependencies). Is there any
> common practices to protect those *.html from unauthorized users? Maybe
> parsing this templates like php and at the beginning of each files have
> something like that:
> <?php session_start(); if (!$auth->isAuthorized) { redirect to login form
> here} ?>
>
> Is possible to do that way?
>
> thanks a lot.First of all, you can put those files in a directory which is not accessible from the net, for example outside of the server root. Second, these are XML files, so you could try "<?php exit; ?>" in them - it should be interpreted by PHPTAL as a valid processing instruction and thus ignored as it only looks for tags. The only drawback is that they will be propably outputted with the rest of the page content - but I think "<tal:block omit-tag=""><?php exit; ?></tal:block>" will work too.
_______________________________________________ PHPTAL mailing list PHPTAL@lists.motion-twin.com http://lists.motion-twin.com/mailman/listinfo/phptal
