[maplab-users] MapLab beginnings

Daniel Morissette
Sun, 23 Jun 2002 13:55:04 -0400
Vinko Vrsalovic wrote:
> Hi, i was wondering why you use two extensions for the php files. That's
> causing me a lot of headaches in getting the system to work, because I
> have three PHP versions on my server and I distinguish them through the
> file extension. 

There is a logic behind the two extensions that we use it in all our
applications (not just maplab).  Of course there are exceptions, but
in general the rule is:

.phtml is used for "callable pages", or in other words, PHP files that
can be called directly via a web browser and will return a valid HTML
output.  In general those files also contain all the HTML template
stuff, and that's the only files your web designer should be allowed to
touch if he/she has to customize the look of your website.

we use .php for "libraries of functions", that is php files that should
be included by one or more .phtml pages.  A .php file doesn't produce
any output and hence is never intended to be accessed directly by a web
browser (except in some exceptional cases), it's really just a library
of functions that are called by the application's main .phtml pages.

I know that .phtml is not the official extension any more with PHP4, but
it was in PHP3, and our convention dates from the PHP3 days.

Now, about your server running multiple copies of PHP, if you run Apache
then you may want to consider setting up VirtualHosts (based on hostname
or port number), or using <Location> directives to use a different PHP
version for different document roots.

> Besides, the register_globals is rather insecure, and
> I'd like to not have it setted on.
> Are this issues going to be solved in the rc2 version? :-)

Agreed, and I believe this has been filed as a bug.  I'm not sure what
the priority is on it right now and can't tell if it will be fixed for
rc2... I'll let one of the maplab developers respond on that.

Note that MapLab is an administration tool with a bunch of features
(like file browsers, etc.) that make it unsecure and it should always be
used on a password-protected site... the register_globals issue is minor
compared to all the other features that it offers in its standard

 Daniel Morissette     
 DM Solutions Group    
  Don't put for tomorrow what you can do today, because if 
      you enjoy it today you can do it again tomorrow.

This archive was generated by Pipermail.