hi to everyone im a bit new here and yes i need help on protecting my .css file with php... my question is if there is a way on doing this i know the css file gets downloaded to the user etc... but i want to protect it from the view source when some one see's the file directly: i found a way on doing this and it goes something like this::
the thing is that it works well on 000webhost i think they use linux but the code doesn't work on my real site that uses Unix hosting ... is there another way on doing this that will work on unix... php preferred ... thanks in advanced
Are you sure this protects against any way to view source? There are many ways to see the source, especially CSS. Obviously you can use view source, but there's also firebug and the web inspector in Safari and Chrome. I'm thinking it's going to be pretty hard to block these methods.
well if you look directly to the css http://pahkkak.vacau.com/css.php it says "protected page" that's basically wat i want i know i could view the source with developer tools on chrome firebug etc... but the code doesn't work on unix is there any other methods on achieving the same or better?
If you want my opinion on this I wouldn't bother, blocking the css is fairly inefficient because of add ons like fire bug, you can block them in view source but that's a static text file, the add-ons however don't pull from that text file the pull on what's actually being applied to the page.
However, I'm sure there is a way to block it out there, I just think it is an unnecessary procedure as css isn't really something you need to hide. Also I'm pretty sure there was a article about it on nettuts but it had the same problems as I had pointed out.
I guess the real question is this, is there a specific reason you want to protect your css? Are you trying to hide the url's of original images? That's really the only reason I can think of to protect it, but there are other ways to protect images from being downloaded.
Thats what is in your CSS file. But seriously as soon as people download stuff onto their PC they have it. HTML and CSS is meant to work this way otherwise your browser would not be able to access it. I can't see any benifit in stopping people navigating to your CSS file other than if you are worried people are going to steal your code - in which case they can do anyway, as you put it on the web lol
I found this code which uses MYSQL and it hides the source etc but the thing is that i dont know how to implement it... :) they say it Require a Table, like
Table -> style (must be called style unless you want to change it or etc...
this hides the code and the page still displays good... but all i want is to prevent people from navigating directly to it for some good reasons.!
<? /* This goes at the top of the page Settings - Edit this... */ $server = array("server"=>"localhost","username"=>"root","password"=>"root","database"=>"table");
mysql_connect ($server['server'], $server['username'], $server['password']); mysql_select_db($server['database']) or die('Cannot select database');
$filename = 'style.css'; //This is where we write the style to! $rewrite = "Oh no sorry, not going to reveal my source for the CSS!"; $table = 'site';
if ($style=mysql_fetch_array(mysql_query("SELECT style FROM ".$table))) { if (!is_writable($filename)) { die("Can't write to $filename"); }else { if (!$handle = fopen($filename, 'w')) { die("Cannot open file ($filename)"); } if (fwrite($handle, $style['style']) === FALSE) { die("Cannot write to file ($filename)"); } fclose($handle); } } /* thats it, it, then in the header tag just add <link rel="stylesheet" href="style.css" type="text/css"> and whola */ ?> <head> <link rel="stylesheet" href="style.css" type="text/css"> </head> YOUR HTML GOES HERE
<? if (!is_writable($filename)) { die("Can't write to $filename"); }else { if (!$handle = fopen($filename, 'w')) { die("Cannot open file ($filename)"); } if (fwrite($handle, $rewrite) === FALSE) { die("Cannot write to file ($filename)"); } fclose($handle); } ?>
If you could give us a reason it might make more sense - but like I said above, as soon as your browser renders the code it gets the file anyway, then anyone can see what is in it...
You made it so people couldn't navigate to it above fine, but what difference is someone navigating to it and someone looking via firebug etc?
@Robskiwarrior Yeah thats true... well one of the reasons was that one of my beta designs was ripped and this design was used by me for commercial purposes and when i said it was stolen i mean everything css jquery background image buttons and they didn't even renamed it they left it how it was... i did a DMCA and it got resolved but i takes to much of my time doing this and i pretty much dont like doing that... but i could do something like wat i mention it will prevent some users who dont know how to design images and coding from using mine... i don't mind if they use some images but come on not all of them...and the css jquery i mean thats part of wat makes my design butt wee all learn from looking at the source code, but wee dont learn by copying the same code an not even naming it something else... having that all said i know pretty much there isn't a way to protect css 100% but it could i guess... but how can i make a .htaccess file that if someone navigate's directly to the file they will get an error. this will also help on some other stuff im not a .htaccess savvy or it could be done with php...?
@TheDoc Alright thank you for reminding me on something that i already know... but if i could get a code like the one im saying ill appreciated it alot...
@TheDoc i dont want to Encrypt and that applies for compression to... and the n1studios one the .htaccess file is messed up so i couldn't apply it long time ago... anything else...? not trying to be rude or something but wat i really want is " if someone navigate's directly to the file they will get an error"... either with .htaccess or php is all i need. thanks in advance. ;)
I think the thing we are failing to understand is why it matters - the problem is that if you make it so people can not go directly to your CSS file, they can just pull it straight from something else, like firebug - copy and paste. There is no way to hide the contents of that file, so why try? it's like worrying about plugging the small hole in your boat and ignoring the iceberg that just ripped the side of your hull open :)
You just had to kill it huh! lol alright i guess i just gonna have to live with it even tho i found a way to do it but it could be view with fire bug etc... Thanks @All of you for your time... an no code
People are just trying to say you should be spending your time building an awesome website rather than spending it trying to lock things down. It's paranoid behavior and counter productive. If you really want to lock your design down, make your whole website a giant watermarked graphic. Or just put a phone number up people can call and you can describe to them what the website looks like.
You could make your website partially rely on javascript. Then have the javascript check if the url contains something unique to your url (not based on the exact url because a noob could see that he/she should replace that url with their url). If so then the javascript adds/removes certain elements. Or set the display of the body to none and have javascript change it to 'display: block' based on the url.
Cons: This 'solution' could be easily bypassed by someone who knows anything about javascript. Your website won't function properly if javascript is disabled.
I just wanted to point out a reason I had to secure my CSS files.
Basically, in a nutshell I had a group in Egypt which created a phishing site of one of my client's sites. They were dumb enough or simply too lazy to copy and paste my CSS styles, so in stead they linked directly to my CSS files.
So I simply changed the path of my application to look at a new path and changed the styles they were using to have:
body:before {
content: 'This website is a scam!';
}
body {
display: none;
}
Then to stop them from doing it again, I used PHP to generate my styles and used the $_SERVER['HTTP_REFERER'] against a static array of domains I setup in the file.
Notice at the bottom I mention firebug and javascript.
Just as most of the guys on here say, it's really not a major thing, however in my case I had to do something about it and quick! I was just lucky they were trying to access my CSS directly.
this is the index called index.php
and this is the css called css.php
here is a fully working demo http://pahkkak.vacau.com/
the thing is that it works well on 000webhost i think they use linux but the code doesn't work on my real site that uses Unix hosting ... is there another way on doing this that will work on unix... php preferred ... thanks in advanced
However, I'm sure there is a way to block it out there, I just think it is an unnecessary procedure as css isn't really something you need to hide. Also I'm pretty sure there was a article about it on nettuts but it had the same problems as I had pointed out.
Thats what is in your CSS file. But seriously as soon as people download stuff onto their PC they have it. HTML and CSS is meant to work this way otherwise your browser would not be able to access it. I can't see any benifit in stopping people navigating to your CSS file other than if you are worried people are going to steal your code - in which case they can do anyway, as you put it on the web lol
Why bother? :|
If someone is interested will get it using addons like firebug...
Are you worried about people stealing your source code for some reason? It's not like the average user would want to view it.
And if a developer really wanted to view it they could always use a tool like Firebug.
Require a Table, like
Table -> style (must be called style unless you want to change it or etc...
this hides the code and the page still displays good... but all i want is to prevent people from navigating directly to it for some good reasons.!
You made it so people couldn't navigate to it above fine, but what difference is someone navigating to it and someone looking via firebug etc?
http://www.iwebtool.com/html_encrypter
http://www.catswhocode.com/blog/3-ways-to-compress-css-files-using-php
http://refresh-sf.com/yui/
Another link:
http://www.n1studios.net/tutorials/php/css-file-protection.html
You could make your website partially rely on javascript. Then have the javascript check if the url contains something unique to your url (not based on the exact url because a noob could see that he/she should replace that url with their url). If so then the javascript adds/removes certain elements.
Or set the display of the body to none and have javascript change it to 'display: block' based on the url.
Cons:
This 'solution' could be easily bypassed by someone who knows anything about javascript.
Your website won't function properly if javascript is disabled.
Sorry for making a comment on a very old thread.
I just wanted to point out a reason I had to secure my CSS files.
Basically, in a nutshell I had a group in Egypt which created a phishing site of one of my client's sites. They were dumb enough or simply too lazy to copy and paste my CSS styles, so in stead they linked directly to my CSS files.
So I simply changed the path of my application to look at a new path and changed the styles they were using to have:
body:before { content: 'This website is a scam!'; } body { display: none; }Then to stop them from doing it again, I used PHP to generate my styles and used the $_SERVER['HTTP_REFERER'] against a static array of domains I setup in the file.
You can see the rest of the article and code here: http://www.thecodify.com/php/how-to-secure-and-block-others-from-using-and-viewing-your-css-styles/
Notice at the bottom I mention firebug and javascript.
Just as most of the guys on here say, it's really not a major thing, however in my case I had to do something about it and quick! I was just lucky they were trying to access my CSS directly.