Security Update to SimpleSite 07/08

I have had a concern brought to me that using .inc files is a security issue, people can access the file directly and read the full file contents.

While I agree, this can be fixed with a rule in your .htaccess file that will send a 403 Forbidden response to all requests .inc files. I personally like using .inc file extensions for include files rather than .php as there files do not and should not be run directly. To use .php over .inc this section explains what to change.

Download an update from the main SimpleSite post ~

Modifying your .htaccess file

Add these lines in your .htaccess file in your root html directory were SimpleSite is installed

# Block Reading of *.inc files

order allow,deny
deny from all

To Customise your 403 Forbidden page you can use this in your .htaccess file

# Set Error Documents.
ErrorDocument 403 /forbidden.html
ErrorDocument 404 /notFound.html
ErrorDocument 500 /serverError.html

Another Security Idea would be to make sure that your server will not allow directory listings, this will happen on some servers where there is no default file in the directory, e.g. no ‘index.html|.htm|.php|.shtml’etc..

#  Block Dir Listing
Options All -Indexes

Using .php file Extensions over .inc

If you would rather use a .php file extension (or for that matter any file extension ) in your included files. rename the .inc files to your chosen ext and then open the


file and edit your $config array to look for your new file ext.

"fileExt"     => ".php",
	function config() {
		$config = array(
			"siteName"    => "Dynamic File Based Site",           // 'siteName'    -> TITLE OF THE SITE,  USED FOR COSMETIC PURPOSES MOSTLY.
			"httpHost"    => "http://{$_SERVER['HTTP_HOST']}/",   // 'httpHost'    -> HTTP PATH ''
			"docRoot"     => "{$_SERVER['DOCUMENT_ROOT']}/",      // 'docRoot'     -> FULL DOCUMENT ROOT PATH.
			"filePath"    => "pages/",                            // 'filePath'    -> DIRECTORY OF PAGE FILES.
			"fileExt"     => ".php",                              // 'fileExt'     -> INCLUDES FILE EXT.
			"request"     => "page",                              // 'request'     -> USED IN $_GET[],  IF USING MOD REWRITE,  ALTER RULE TO MATCH.
			"newLine"     => "\n",                                // 'newLine'     -> FORMATING NEW LINE, OPTIONS: (empty), "\n",  "\r\n"
			"styleSheet"  => "styles/format.css",                 // 'styleSheet   -> PATH TO STYLESHEET,  USED WITH 'httpHost'
			"defaultPage" => "home",                              // 'defaultPage' -> DEFAULT FILE WITH NO PAHT OR EXTENSION TO BE INCLUDED.
			"modReWrite"  => "off"                                // 'modReWrite'  -> IF YOU WANT TO USE MOD REWRITE TO HAVE 'PRETTY URLS',  SET THIS TO ON,
			);                                                    // CREATE YOUR '.htaccess' AND ADD THE RULES FROM THE 'help-file' PAGE.
		return $config;                                           // THE NAVIGATION WILL AUTOMATICALLY WRITE THE CORRECT URLS DEPENDING ON YOUR SELECTION.

Building a Completely Dynamic site using text files, PHP and no mySQL.

I spent a fair amount of time trying to help people on PHP forums such as : Sheldon and one thing I see on a regular basis is over complex systems for basic site structures with people who at this stage don’t have enough knowledge of PHP to build a secure structure.

Now don’t get me wrong, their not stupid, and I’m for sure not the greatest !

So, tonight, a sunday evening, nothing on the tele, and less of a social life lately it seams. I have spent 2 hours building a completely dynamic flat file web structure.

I built this for a couple of reasons, I have never built a system using a complete class that I have written from line 1. I have worked with classes, and extended classes, but never started from scratch. It was something to do, and.. It could be helpful to others, and that how I roll, I like to help out.

  • Flat file pages
  • Small footprint < 12k
  • No mySQL/ database needed
  • Simple integration
  • Customisable template design
  • Runs on Apache and IIS Severs
  • Supports Apache Mod ReWrite URLs
  • Secure againsts including ‘Bad Files’


1:Drop it in the directory you wish to run the system.

2:Customise the ‘index.php’ file with your own HTML, making sure you keep the PHP.

3:Open ./includes/’, find the function ‘config()’ and check that all of the ‘$config[]’ array values are correct. They should be 99% dynamic.

This uses a class to construct the functions, so required a late version of PHP 4, but PHP 5 is better If your current web host doesnt offer up to date software contact me via my web design & hosting business Inbox Design

This is offered as is, I am happy to help out with installing and custimizing the design, If you have any bugs or feature requests, just ask :)

Free Download: [download#2] -> (Update v0.2)

Free Download: [download#1] ->