Jordan Posted February 6, 2008 Share Posted February 6, 2008 I know that a lot of you take your time to customize your WHMCS to make it your own. You've spent a lot of time on it, and you don't want anyone to take credit for it, or hell, use it on their own (unless you give them permission.) Anyway, recently I noticed a few people using my template, but I wasn't sure how they were able to get it right down to the smarty coding I used. Especially with how quickly it was up. But then I realized that if you directly accessed a .tpl file via a URL, you could see it's contents. Bear posted perfect and easy solution to prevent from other people taking your hard work. All you have to do is create an .htaccess file and add the following: <Files "*.tpl"> Order Allow,Deny Deny from All </Files> I'm posting this here because a lot of you visit this subforum. Even so, if an admin feels it deserves to be elsewhere, that's fine by me! I just figured that since those who have been targeted thus far have showcased their design, it would be best to go ahead and have it in here, so they could see it when they post here. 0 Quote Link to comment Share on other sites More sharing options...
amnesia Posted February 6, 2008 Share Posted February 6, 2008 its a shame that some people have no morals. How did you notice others using your work? Did they post it on whmcs forums? 0 Quote Link to comment Share on other sites More sharing options...
Chrisw Posted February 6, 2008 Share Posted February 6, 2008 If WHMCS allowed us to configure the path to the templates, we could put them outside the public directories - hint hint 0 Quote Link to comment Share on other sites More sharing options...
fwebs Posted February 6, 2008 Share Posted February 6, 2008 This should be there as standard realy. took a look at your site, nice templates by the way 0 Quote Link to comment Share on other sites More sharing options...
chickendippers Posted February 6, 2008 Share Posted February 6, 2008 Ah cunning, implemented I think plagiarists would have a hard time if your skin was in a custom directory eg: /templates/mycompany/, but as you can't do something similar for the orderform templates this makes sense. 0 Quote Link to comment Share on other sites More sharing options...
Jordan Posted February 6, 2008 Author Share Posted February 6, 2008 ^cihickendippers, it's easy to find out what directory you're using if you have a stylesheet being linked in your header, or even images that are directly in the template directory. Just like I know yours is using part of your hosting name in the directory . Which is how I'm guessing they were able to snag mine. You can also use different directories for the orderforms too But again, the best solution is just using the .TPL+.htaccess so it won't ever happen again. Just like I'm able to see that in your directory, just your CSS and JS files are available now. 0 Quote Link to comment Share on other sites More sharing options...
JasonO Posted February 6, 2008 Share Posted February 6, 2008 This is a great idea. The concept of stealing each of the tpl files and images is easy. Just set up a whmcs account, get a php file to check the contents of a template directory then just find that file using an external URL, download and write each to a file. Template = Stolen. This solution is good, thanks Bear (and of course Jordan for making it stand out ). 0 Quote Link to comment Share on other sites More sharing options...
generic Posted February 7, 2008 Share Posted February 7, 2008 do you put that htaccess file in the templates directory or in the root directory 0 Quote Link to comment Share on other sites More sharing options...
MACscr Posted February 7, 2008 Share Posted February 7, 2008 i just added it to my normal root .htaccess 0 Quote Link to comment Share on other sites More sharing options...
JasonO Posted February 7, 2008 Share Posted February 7, 2008 Put it anywhere above the templates directory. It will apply to the folder it's in and any sub directories in that. 0 Quote Link to comment Share on other sites More sharing options...
brianoz Posted February 9, 2008 Share Posted February 9, 2008 Or you could protect the whole server from these creeps with mod_security. 0 Quote Link to comment Share on other sites More sharing options...
MACscr Posted February 9, 2008 Share Posted February 9, 2008 Or you could protect the whole server from these creeps with mod_security. Its a very good mod and i recommend it to everyone, but that wouldnt protect the templates at all. Jordans/bears idea is a good one. 0 Quote Link to comment Share on other sites More sharing options...
brianoz Posted February 9, 2008 Share Posted February 9, 2008 Its a very good mod and i recommend it to everyone, but that wouldnt protect the templates at all. Jordans/bears idea is a good one.Of course it would protect them. SecFilterSelective THE_REQUEST "\.tpl" (Don't anchor at the end as that can be easily defeated with ?arg syntax) Having said that, Jordan/bear's method is probably the best. 0 Quote Link to comment Share on other sites More sharing options...
XN-Matt Posted February 14, 2008 Share Posted February 14, 2008 The other way is to block all .tpl files via httpd.conf using; <FilesMatch "\.tpl"> Order allow,deny Deny from all Satisfy All </FilesMatch> 0 Quote Link to comment Share on other sites More sharing options...
brianoz Posted February 14, 2008 Share Posted February 14, 2008 ... as described in the first post in this thread 0 Quote Link to comment Share on other sites More sharing options...
JasonO Posted February 14, 2008 Share Posted February 14, 2008 Well putting it in the httpd.conf would apply it for all directories. The original one was just .htaccess in the directories you need protecting. 0 Quote Link to comment Share on other sites More sharing options...
Jordan Posted February 14, 2008 Author Share Posted February 14, 2008 There are a good portion of people that might not have access to an httpd.conf file, so honestly, the easiest (and obviously only) way for them is to use the .htaccess method. 0 Quote Link to comment Share on other sites More sharing options...
jnet Posted February 14, 2008 Share Posted February 14, 2008 thanks a bunch 0 Quote Link to comment Share on other sites More sharing options...
Tech Entrance Posted February 14, 2008 Share Posted February 14, 2008 Can we do the same with .css files ? no ? 0 Quote Link to comment Share on other sites More sharing options...
JasonO Posted February 14, 2008 Share Posted February 14, 2008 Yeh, just change the .tpl stuff to .css It's another type of file that isn't directly viewed in the browser normally. 0 Quote Link to comment Share on other sites More sharing options...
AndyW Posted February 14, 2008 Share Posted February 14, 2008 You could just rename the customised orderform directory and the customised template directory and select the renamed versions from admin area. 0 Quote Link to comment Share on other sites More sharing options...
JasonO Posted February 14, 2008 Share Posted February 14, 2008 To find the template directory you just need to view the page source and see images and stylesheet being loaded from there. All the templates made for WHMCS would be based around one of the two templates provided with the software, so the filenames would be the same. 0 Quote Link to comment Share on other sites More sharing options...
Jordan Posted February 14, 2008 Author Share Posted February 14, 2008 Andy, that isn't going to do anything. If you have stylesheets or images used in in the coding, then someone can easily view the source and see what directory is being used for the template. Just go to mywhmcs linked in my signature, and view source. You'll be able to see what directory my stylesheet is in. And then all you have to do is plug in the tpl filename into the url, and it would bring it up [if you didn't have anything set to protect them from public view.] Even so, I already used a different directory name than the default, singlepage, and portal when this had happened to me before. edit: JasonO beat me to the punch 0 Quote Link to comment Share on other sites More sharing options...
sparky Posted August 20, 2008 Share Posted August 20, 2008 Sorry to bring up an old thread If you don't want anyone to access your templates you can simply create a index.php file with the bellow code in it and copy it to each of your template directory's <?php header("Location: ../../index.php"); ?> as well as using the .htaccess from the first post in this thread to guard against direct access to a template. 0 Quote Link to comment Share on other sites More sharing options...
twhiting9275 Posted August 20, 2008 Share Posted August 20, 2008 If you don't want anyone to access your templates you can simply create a index.php file with the bellow code in it and copy it to each of your template directory's Or just turn off Indexes, not that bad of an idea actually. Yeh, just change the .tpl stuff to .css Not going to work, because that specific type of file DOES need to be accessed via the internet. CSS files must be accessible to the world, unfortunately, or browsers won't be able to read them, and the design is shot. This simple bit of code will expand this a bit , however, denying access to all .tpl and .inc files . .inc is used quite commonly as an include for php files. Place this in httpd.conf somewhere before the first VirtualHost, restart http and you're set <Directory "/"> <Files *.tpl> Order allow,deny Deny from all Satisfy All </Files> </Directory> <Directory "/"> <Files *.inc> Order allow,deny Deny from all Satisfy All </Files> </Directory> 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.