Hide your CSS Source

By F*U*R*B*Y* on Jan 10, 2008

It hides your CSS Source

Require a Table, like

Table -> style (must be called style unless you want to change it

<?
/*
This goes at the top of the page
Settings - Edit this...
*/
$server = array("server"=>"localhost","username"=>"root","password"=>"root","database"=>"table");

mysql_connect ($server['server'], $server['username'], $server['password']);
mysql_select_db($server['database']) or die('Cannot select database');

$filename = 'style.css'; //This is where we write the style to!
$rewrite = "Oh no sorry, not going to reveal my source for the CSS!";
$table = 'site';

if ($style=mysql_fetch_array(mysql_query("SELECT style FROM ".$table))) {
    if (!is_writable($filename)) { die("Can't write to $filename"); }else {
        if (!$handle = fopen($filename, 'w')) { die("Cannot open file ($filename)"); }
        if (fwrite($handle, $style['style']) === FALSE) { die("Cannot write to file ($filename)"); }
        fclose($handle);
    }
}
/*
thats it, it, then in the header tag just add
<link rel="stylesheet" href="style.css" type="text/css">
and whola
*/
?>
<head>
<link rel="stylesheet" href="style.css" type="text/css">
</head>
YOUR HTML GOES HERE

<?
if (!is_writable($filename)) { die("Can't write to $filename"); }else {
    if (!$handle = fopen($filename, 'w')) { die("Cannot open file ($filename)"); }
    if (fwrite($handle, $rewrite) === FALSE) { die("Cannot write to file ($filename)"); }
    fclose($handle);
}
?>

F*U*R*B*Y*

Like Page Follow Author

Comments

Sign in to comment.
sean   -  Dec 08, 2010

To avoid Hawkee's condition, you could use an adaptive stylesheet filename possibly derived from the a piece of client information to provide some lair of dynamics.

To simplify this process, you could always have a "real" stylesheet which this snippet would make a replica. This way, not only do you limit the unneeded overhead of SQL queries but, you can edit your CSS "naturally" without needing to escape it prior to inserting it into your database. Alternatively, You could also rig up a session based stylesheet that would prevent the user from regaining access once the page has been displayed.

The biggest flaw to this type of hiding, is that most browsers (especially Firefox) typically render a cache'd version of CSS or JS when called upon by viewing source. This means once the user has essentially downloaded a copy by visiting your site, they would still be able to see the source. Unfortunately, that pretty much leaves this snippet useless.

Overall, I agree with Hawkee, "CSS is meant to be public and should stay that way.".

 Respond  
Noutrious   -  Jan 15, 2008

I have done this 100% secure and working way before, but i cant find the source now - that was pretty easy though.

 Respond  
Hawkee   -  Jan 10, 2008

This is a bit pointless and error prone. If you\'ve got 5 users trying to access a page at the same time you\'ll run into problems where one may delete the stylesheet just after another creates it, thus displaying a page without it. CSS is meant to be public and should stay that way.

 Respond  
Are you sure you want to unfollow this person?
Are you sure you want to delete this?
Click "Unsubscribe" to stop receiving notices pertaining to this post.
Click "Subscribe" to resume notices pertaining to this post.