CSS File Protection

In this tutorial I will try to teach you an experimental method for hiding CSS files I came up with a while ago.

We're going to use .htaccess and PHP for this.

This is what we are going to do:
In the index file, before we include the CSS file, we're setting a key (using sessions) and in the CSS file, we check if the key is set and if it's not, we make it stop executing the code so it wont output any CSS. And if the key is set, we output the CSS code and change the key to something else.

So basicly, the CSS file won't work without the index file, because that's where the key is set.

Still don't get it?
Don't worry, you'll understand when we're done coding it.

Let's start by creating a file called index.php with this code inside:

<?php session_start(); $_SESSION['csskey'] = "hello"; ?> <html> <head> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body> Hello World </body> </html>

It's very important that you don't use session_start(); before any output is sendt back to the visitor. So we're putting it at the top.
$_SESSION['csskey'] = "hello"; -That's our key. We store the key in a session called csskey.

Now it's time for the CSS file, but since we're going to check if the session is set, we need to use PHP, so we'll have to call the file style.php NOT style.css.

<?php session_start(); header("Content-type: text/css"); if ($_SESSION["csskey"] != "hello") { die("Protected"); } $_SESSION["csskey"] = "somethingelse"; ?> body { background-color: #000; color: #fff; }

We use session_start(); here too, and then we set the content-type to text/css so the browser will interpet it as a CSS file (not really necessary)
Then we check if the csskey is NOT set to "Hello" and if it isn't we call die() wich stops the script and outputs "Protected".
If the key is set and is correct, we set the csskey to "somethingelse" so that it can't be used again without beeing called from index.php

And for the final step, create a file called .htaccess with this inside:

RewriteEngine on RewriteRule style.css style.php

This will make style.php "look like" style.css.
So when someone tries to open style.css they will get the contents of style.php.

Try uploading these three files and run it.
If it works, index.php will output "Hello World" with white text and black background.
Also, try looking at style.css from your browser, all it should say is "Protected".

This method is far from bulletproof but it's better then nothing if you want to protect your CSS from rippers.



Want to get in touch? Got some feedback for me? or a couple of requests? Follow me at twitter:
@ThomasPedersen

Need a reliable webhost? Take my word for it and go with Hostgator Green Web Hosting by HostGator



Warning: fread(): Length parameter must be greater than 0 in /customers/f/2/7/n1studios.net/httpd.www/minicounter.php on line 17