Grow your CSS skills. Land your dream job.

[Solved] Protect css file with PHP

  • # September 6, 2010 at 12:14 am

    hi to everyone im a bit new here and yes i need help on protecting my .css file with php… my question is if there is a way on doing this i know the css file gets downloaded to the user etc… but i want to protect it from the view source when some one see’s the file directly: i found a way on doing this and it goes something like this::

    this is the index called index.php

    < ?php
    session_start();
    header("Cache-Control: no-cache, must-revalidate");
    header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
    $_SESSION="key";
    ?>

    and this is the css called css.php

    < ?php
    session_start();
    header("Cache-Control: no-cache, must-revalidate");
    header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
    $key=$_SESSION;
    if($key!='key')
    {

    die('Protected Page');

    }

    session_destroy();

    ?>

    body
    {
    color:white;
    background:black;
    }

    here is a fully working demo http://pahkkak.vacau.com/

    the thing is that it works well on 000webhost i think they use linux but the code doesn’t work on my real site that uses Unix hosting … is there another way on doing this that will work on unix… php preferred … thanks in advanced

    # September 6, 2010 at 12:17 am

    Are you sure this protects against any way to view source? There are many ways to see the source, especially CSS. Obviously you can use view source, but there’s also firebug and the web inspector in Safari and Chrome. I’m thinking it’s going to be pretty hard to block these methods.

    # September 6, 2010 at 12:30 am

    well if you look directly to the css http://pahkkak.vacau.com/css.php it says “protected page” that’s basically wat i want i know i could view the source with developer tools on chrome firebug etc… but the code doesn’t work on unix is there any other methods on achieving the same or better?

    # September 6, 2010 at 1:06 am

    I think the most common way to see the CSS (apart from firebug, etc) is not via url, but via view source, and your method doesn’t block that.

    # September 6, 2010 at 9:03 pm

    is there a way on doing this with .htaccess when someone is navigating directly to the css file.?

    # September 6, 2010 at 11:50 pm

    If you want my opinion on this I wouldn’t bother, blocking the css is fairly inefficient because of add ons like fire bug, you can block them in view source but that’s a static text file, the add-ons however don’t pull from that text file the pull on what’s actually being applied to the page.

    However, I’m sure there is a way to block it out there, I just think it is an unnecessary procedure as css isn’t really something you need to hide. Also I’m pretty sure there was a article about it on nettuts but it had the same problems as I had pointed out.

    # September 7, 2010 at 2:29 am

    I guess the real question is this, is there a specific reason you want to protect your css? Are you trying to hide the url’s of original images? That’s really the only reason I can think of to protect it, but there are other ways to protect images from being downloaded.

    # September 7, 2010 at 3:27 am

    well i just want to protect it preventing people navigating directly to the file.!

    Rob
    # September 7, 2010 at 8:28 am

    But why? lol

    body

    {

    color:white;

    background:black;

    }








    Thats what is in your CSS file. But seriously as soon as people download stuff onto their PC they have it. HTML and CSS is meant to work this way otherwise your browser would not be able to access it. I can’t see any benifit in stopping people navigating to your CSS file other than if you are worried people are going to steal your code – in which case they can do anyway, as you put it on the web lol

    # September 7, 2010 at 8:42 am

    Dude… Really? Protect CSS? :|
    Why bother? :|
    If someone is interested will get it using addons like firebug…

    # September 7, 2010 at 9:36 am

    The people wouldn’t be able to view your CSS are the people you shouldn’t be worried about :D

    # September 7, 2010 at 9:55 am

    What is your reasoning for “protecting” your CSS?

    Are you worried about people stealing your source code for some reason? It’s not like the average user would want to view it.

    And if a developer really wanted to view it they could always use a tool like Firebug.

    # September 7, 2010 at 4:40 pm

    I found this code which uses MYSQL and it hides the source etc but the thing is that i dont know how to implement it… :) they say it
    Require a Table, like

    Table -> style (must be called style unless you want to change it or etc…

    this hides the code and the page still displays good… but all i want is to prevent people from navigating directly to it for some good reasons.!

    < ?
    /*
    This goes at the top of the page
    Settings - Edit this...
    */
    $server = array("server"=>"localhost","username"=>"root","password"=>"root","database"=>"table");

    mysql_connect ($server, $server, $server);
    mysql_select_db($server) or die('Cannot select database');

    $filename = 'style.css'; //This is where we write the style to!
    $rewrite = "Oh no sorry, not going to reveal my source for the CSS!";
    $table = 'site';

    if ($style=mysql_fetch_array(mysql_query("SELECT style FROM ".$table))) {
    if (!is_writable($filename)) { die("Can't write to $filename"); }else {
    if (!$handle = fopen($filename, 'w')) { die("Cannot open file ($filename)"); }
    if (fwrite($handle, $style) === FALSE) { die("Cannot write to file ($filename)"); }
    fclose($handle);
    }
    }
    /*
    thats it, it, then in the header tag just add

    and whola
    */
    ?>



    YOUR HTML GOES HERE

    < ?
    if (!is_writable($filename)) { die("Can't write to $filename"); }else {
    if (!$handle = fopen($filename, 'w')) { die("Cannot open file ($filename)"); }
    if (fwrite($handle, $rewrite) === FALSE) { die("Cannot write to file ($filename)"); }
    fclose($handle);
    }
    ?>
    Rob
    # September 8, 2010 at 5:34 am

    If you could give us a reason it might make more sense – but like I said above, as soon as your browser renders the code it gets the file anyway, then anyone can see what is in it…

    You made it so people couldn’t navigate to it above fine, but what difference is someone navigating to it and someone looking via firebug etc?

    # September 9, 2010 at 3:23 am

    @Robskiwarrior Yeah thats true… well one of the reasons was that one of my beta designs was ripped and this design was used by me for commercial purposes and when i said it was stolen i mean everything css jquery background image buttons and they didn’t even renamed it they left it how it was… i did a DMCA and it got resolved but i takes to much of my time doing this and i pretty much dont like doing that… but i could do something like wat i mention it will prevent some users who dont know how to design images and coding from using mine… i don’t mind if they use some images but come on not all of them…and the css jquery i mean thats part of wat makes my design butt wee all learn from looking at the source code, but wee dont learn by copying the same code an not even naming it something else… having that all said i know pretty much there isn’t a way to protect css 100% but it could i guess… but how can i make a .htaccess file that if someone navigate’s directly to the file they will get an error. this will also help on some other stuff im not a .htaccess savvy or it could be done with php…?

Viewing 15 posts - 1 through 15 (of 25 total)

You must be logged in to reply to this topic.

*May or may not contain any actual "CSS" or "Tricks".