Make your design YOURS

[Jordan]

I know that a lot of you take your time to customize your WHMCS to make it your own. You've spent a lot of time on it, and you don't want anyone to take credit for it, or hell, use it on their own (unless you give them permission.)

 

Anyway, recently I noticed a few people using my template, but I wasn't sure how they were able to get it right down to the smarty coding I used. Especially with how quickly it was up. But then I realized that if you directly accessed a .tpl file via a URL, you could see it's contents.

 

Bear posted perfect and easy solution to prevent from other people taking your hard work.

 

All you have to do is create an .htaccess file and add the following:

<Files "*.tpl">
Order Allow,Deny
Deny from All
</Files>

 

I'm posting this here because a lot of you visit this subforum. Even so, if an admin feels it deserves to be elsewhere, that's fine by me! I just figured that since those who have been targeted thus far have showcased their design, it would be best to go ahead and have it in here, so they could see it when they post here.

[amnesia]

its a shame that some people have no morals. How did you notice others using your work? Did they post it on whmcs forums?

[Chrisw]

If WHMCS allowed us to configure the path to the templates, we could put them outside the public directories - hint hint

[fwebs]

This should be there as standard realy.

 

took a look at your site, nice templates by the way

[chickendippers]

Ah cunning, implemented

 

I think plagiarists would have a hard time if your skin was in a custom directory eg: /templates/mycompany/, but as you can't do something similar for the orderform templates this makes sense.

[Jordan]

^cihickendippers, it's easy to find out what directory you're using if you have a stylesheet being linked in your header, or even images that are directly in the template directory. Just like I know yours is using part of your hosting name in the directory . Which is how I'm guessing they were able to snag mine.

 

You can also use different directories for the orderforms too But again, the best solution is just using the .TPL+.htaccess so it won't ever happen again. Just like I'm able to see that in your directory, just your CSS and JS files are available now.

[JasonO]

This is a great idea. The concept of stealing each of the tpl files and images is easy. Just set up a whmcs account, get a php file to check the contents of a template directory then just find that file using an external URL, download and write each to a file. Template = Stolen.

 

This solution is good, thanks Bear (and of course Jordan for making it stand out ).

[generic]

do you put that htaccess file in the templates directory or in the root directory

[MACscr]

i just added it to my normal root .htaccess

[JasonO]

Put it anywhere above the templates directory. It will apply to the folder it's in and any sub directories in that.

[brianoz]

Or you could protect the whole server from these creeps with mod_security.

[MACscr]

Or you could protect the whole server from these creeps with mod_security.

 

Its a very good mod and i recommend it to everyone, but that wouldnt protect the templates at all. Jordans/bears idea is a good one.

[brianoz]

Its a very good mod and i recommend it to everyone, but that wouldnt protect the templates at all. Jordans/bears idea is a good one.

Of course it would protect them.

 

SecFilterSelective THE_REQUEST "\.tpl"

(Don't anchor at the end as that can be easily defeated with ?arg syntax)

 

Having said that, Jordan/bear's method is probably the best.

[XN-Matt]

The other way is to block all .tpl files via httpd.conf using;

 

<FilesMatch "\.tpl">

Order allow,deny

Deny from all

 

Satisfy All

</FilesMatch>

[brianoz]

... as described in the first post in this thread

[JasonO]

Well putting it in the httpd.conf would apply it for all directories. The original one was just .htaccess in the directories you need protecting.

[Jordan]

There are a good portion of people that might not have access to an httpd.conf file, so honestly, the easiest (and obviously only) way for them is to use the .htaccess method.

[jnet]

thanks a bunch

[Tech Entrance]

Can we do the same with .css files ? no ?

[JasonO]

Yeh, just change the .tpl stuff to .css

 

It's another type of file that isn't directly viewed in the browser normally.

[AndyW]

You could just rename the customised orderform directory and the customised template directory and select the renamed versions from admin area.

[JasonO]

To find the template directory you just need to view the page source and see images and stylesheet being loaded from there.

 

All the templates made for WHMCS would be based around one of the two templates provided with the software, so the filenames would be the same.

[Jordan]

Andy, that isn't going to do anything. If you have stylesheets or images used in in the coding, then someone can easily view the source and see what directory is being used for the template.

 

Just go to mywhmcs linked in my signature, and view source. You'll be able to see what directory my stylesheet is in. And then all you have to do is plug in the tpl filename into the url, and it would bring it up [if you didn't have anything set to protect them from public view.]

 

Even so, I already used a different directory name than the default, singlepage, and portal when this had happened to me before.

 

edit: JasonO beat me to the punch

[sparky]

Sorry to bring up an old thread

If you don't want anyone to access your templates you can simply create a index.php file with the bellow code in it and copy it to each of your template directory's

<?php

 

header("Location: ../../index.php");

 

?>

as well as using the .htaccess from the first post in this thread to guard against direct access to a template.

[twhiting9275]

If you don't want anyone to access your templates you can simply create a index.php file with the bellow code in it and copy it to each of your template directory's

Or just turn off Indexes, not that bad of an idea actually.

 

Yeh, just change the .tpl stuff to .css

Not going to work, because that specific type of file DOES need to be accessed via the internet. CSS files must be accessible to the world, unfortunately, or browsers won't be able to read them, and the design is shot.

 

This simple bit of code will expand this a bit , however, denying access to all .tpl and .inc files . .inc is used quite commonly as an include for php files. Place this in httpd.conf somewhere before the first VirtualHost, restart http and you're set

 

<Directory "/">
<Files *.tpl>
Order allow,deny
Deny from all
Satisfy All
</Files>
</Directory>
<Directory "/">
<Files *.inc>
Order allow,deny
Deny from all
Satisfy All
</Files>
</Directory>