CSS PHP Script - Please help! - PHPBuilder Forums

CSS PHP Script - Please help!

Teach

Hiya.
I've been trying various ways for a personal 'project' (not to use in production) to hide CSS from browsers.
I've seen some others that have worked effectively, however when IE is set to open CSS with say, Frontpage, the CSS is still loaded. I utterly understand there isn't a way to 100% hide it - and I agree about keeping it available for reasons of getting people from tables->CSS, but this is a personal project and as mentioned not to use in production.

This script below is 50% working...
The problem I'm experiencing is relating to these two lines:

    /**
     * The name of the X/HTML file that will acces the CSS.
     **/
    $callingFile = 'index.php';

/**
 * The path to the file defined in $callingFile, above.
 **/
$callingPath = 'http://koobi-studio.com/downloads/php/snippets/hideCss/';

On my server, I have files all within directories. For example, Terms of Service would be /terms/tos.php and so on and a contact form could be /contact/form.php. It would seem that if I put $callingPath to:

$callingPath = 'http://www.domain.com/';

only files directly on / will work, for example /index.php /sitemap.php and so on, not ones within directories (for example the /contact/form.php)

How can I get it accept up to three directories deep?
Also, as our website can also be accessed without www* through http://domain.com how can I also integrate this?

The entire script is:

<?php
/************************************************************\
* @author            Housni Yakoob <baneATkoobi-studioDOTcom>
* @date            2005-January-21
* @version            1.1.1
\************************************************************/

/************************************\
* Begin editing from here onwards. *
\************************************/
    /**
     * Allowed user agents.
     * Every type of browser has a special ID called a user agent 
     * and all browsers that have the user agents within the array 
     * below can access the CSS.
     *
     * The user agent entered below is that of the CSS validator.
     *    see: [url]http://jigsaw.w3.org/css-validator/[/url]
     **/
    $allowAgent = array('Jigsaw/2.2.3 W3C_CSS_Validator_JFouffa/2.0');

/**
 * The name of the X/HTML file that will acces the CSS.
 **/
$callingFile = 'index.php';

/**
 * The path to the file defined in $callingFile, above.
 **/
$callingPath = 'http://koobi-studio.com/downloads/php/snippets/hideCss/';

/**
 * The message to display when unauthorzed users attempt to 
 * view your CSS.
 * You can use X/HTML tags here since the MIME type of the 
 * file is HTML (text/html)
 **/
$errorMsg = 
'Restricted page.';
/***********************************\
* Stop editing from here onwards. *
\***********************************/

$callingPath = (substr($callingPath, -1) === '/') ? $callingPath : $callingPath . '/';
$prePend = reset(explode('/', end(explode('http://', $_SERVER['HTTP_REFERER']))));
$refUri = reset(explode('?', $_SERVER['HTTP_REFERER']));
if( (($callingPath === $refUri) || ($callingPath . $callingFile === $refUri)) || (in_array($_SERVER['HTTP_USER_AGENT'], $allowAgent)) )
{
    header('Content-type: text/css');
}
else
{
    header('Content-type: text/html');
/**
* Instead of using:
*        die($errorMsg);
* you can simply replace that line with this:
*        include 'myRestrictedPage.php';
*        die();
**/
        die($errorMsg);
    }
?>
CSS goes here.

Many thanks in advance.

Regards,

rehfeld

why not just


if (0 === strpos($_SERVER['HTTP_REFERER'], $callingPath)) {
    // referrer string begins with calling path
}

some thing you should be aware of

the referer header is OPTIONAL. browsers are NOT required to send it, and some dont. w/ your current code, if the browser doesnt send it, they get no css. thats bad.

Teach

Hi there, thank you for your reply.

Where would you put that in the script sorry, I assume that replaces part of it but which?
I am aware of the header part - thanks for pointing it out though!

Much appreciated.

Teach

Any further thoughts on this please?

Many thanks.
Regards,

rehfeld

<?php

$callingPath = 'http://koobi-studio.com/downloads/php/snippets/hideCss/';

if (empty($_SERVER['HTTP_REFERER'])) {
    // browser didnt send one. let it get the css because referer is optional header
    $allow_css = true;
} elseif (0 === strpos($_SERVER['HTTP_REFERER'], $callingPath)) {
    // the referer url began with $callingPath
    $allow_css = true;
} elseif (in_array($_SERVER['HTTP_USER_AGENT'], $allowAgent)) {
    $allow_css = true;
} else {
    $allow_css = false;
}


?>

Teach

Hi there rehfeld, many thanks for that.

I do have one more query though please. I've been working on a new script that seems to be working a lot better.

<?php
$q=$_GET["q"];
if (strpos($_SERVER['HTTP_REFERER'], "http://www.domain.com/") === false) {
	echo "/* Sorry, this is a restricted file. */";
} else {
	switch ($q) {
		case "css":
			header ("Content-type: text/css");
			readfile("68563.css");
			break;
		case "js":
			header ("Content-type: text/javascript");
			readfile("script.js");
                // and even more cases if desired : )
	}
}
?>

Basically what I want to ask is, if say Internet Explorer is setup to open CSS files with Frontpage, the CSS actually opens in Frontpage. Is there a way to prevent this?

Also, something I don't understand about HTTP_REFERER is let's say someone visits the site from a fresh browser, and goes to http://www.domain.com/terms.php, the CSS still loads (which is brilliant, I want it to do that), but isn't the REFERER blank on this if it's fresh and nothing has refered to it?

If you can help with these couple of queries it'd be greatly appreciated, and many thanks for the code above. This one seems to be working a little more reliably though.

regards,