Every now and then we see post’s cropping up titled “Someone Stole My Custom Pligg Template”. The user more often than not indicates that they have picked up a strange referrer in their web stats? upon visiting the referrer they are astonished to see an identical copy of their pligg template that they sweat and bled over creating.
Since a lot of pliggers use free or multi license templates this really isn’t reported that often as many users will have the same design with small subtle edits or color changes, If however you have had a custom template developed you could have spent upwards of $1000 for a quality XHTML design or alternatively you may have developed your own custom template and would like to protect your work.
If your reading this and are using a free or multi license template the article should still prove useful.
Firstly lets begin with a short overview of how Pligg Template’s run using the Smarty Template Engine.
Smarty Explained
One of Smartys primary design goals is to facilitate the separation of application code from presentation. Typically, the application code contains the business logic of your application, written and maintained in PHP code. This code is maintained by programmers. The presentation is the way your content is presented to the end user, which is written and maintained in template files. The templates are maintained by template designers.
At its most basic function, the application code collects content, assigns it to the template engine and displays it. The content might be something like the headline, tag-line, author and body of a newspaper article. The application code has no concern how this content will be presented in the template. The template designer is responsible for the presentation. They edit the template files, adding markup and bringing it to completion. This typically involves things like HTML tags, cascading style sheets and other tools provided by the template engine.
So Smarty’s Engine basically separates the Design Code from the web application code or in pliggs case not! although i am 100% sure the next beta after v9.9.0 will have total separation when sidebar_comments.php is updated. Smarty files always have the extension .tpl and can be found in your pligg /templates folder.
Note that pligg use’s Template Lite a cut down bersion of Smarty.
Basic .tpl Protection With .htaccess
When you install Pligg inside the /template folder you will see a file titled htaccess.default, rename this file to .htaccess to protect your templates directory from being browsed. I would also advise that you copy this file to all your template directories for example if you are using yget as your template place a copy of the .htaccess file within every folder of the yget template.
This method will return a 403 Forbidden error for anyone that tries to browse your templates folders or open one of your .tpl files directly.
.htaccess Redirection Method
Another method you can use that will protect .tpl files is by way of using .htacces Rewrite Rules. The code below when added to pligg’s root directory .htaccess file will redirect any visitors to your homepage who try to open a forbidden file directly in their browser. This is a nice added layer to the 403.
Copy the code below to your .htaccess file replacing the domain.com with your own url.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://domain.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.domain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.domain.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|swf|tpl|css)$ http://domain.com [R,NC]
Professional Template Protection With Ioncube PHP Encoder
If you have a complete custom template that your really want to protect ioncube php encoder, The ionCube PHP Encoder system now supports the powerful ability to encrypt ANY files such as Smarty template files or XML documents!.
In addition to bytecode PHP code protection, the Encoder now offers key-based encryption of arbitrary files. This feature provides an ideal solution for protecting files such as templates and XML documents. New routines in the Loader API offer decryption and encryption, and you can download the simple patch to the Smarty system to add encrypted template support to the popular Smarty system!
Conclusion
The first two methods we have shown with .htaccess are applicable to any webmaster that owns a pligg site, ioncube however we would only recommend if you have a complete custom solution that include’s php modules and you also have $200 to spare.
Popularity: 29% [?]
If you enjoyed this post, make sure you subscribe to our RSS feed!
This post was written by:
Lincoln - who has written 182 posts on Social CMS Buzz.
Founder of Social CMS Buzz and a fan of all things open source, social and design related.
Another great article. You guys are the bomb!