digg

Facebook Connect Join Digg About

Defining CSS Constants Using PHP

tylerhall.ws Tyler Hall has come up with a clever way to streamline edits for CSS constants (same styles repeated in different ids and classes) using PHP.

Who dugg this? Made popular Dec 9, 2005

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

86 Comments

show profanity settings
expand all
  • instabil, on 10/12/2007, -0/+4Is this convincing enough?

    http://www.tylerhall.ws/blog/2005/12/dangerous+script
  • MalDON, on 10/12/2007, -0/+4God, Every day on just about every post. Why must people say "This is retarded and dumb." That is such an ignorant, claim. By saying that you probably didn't take the time to read his tutorial thing. He said he if he wanted to update all the colors, he didn't want to go through and update them all. Also, by saying its retarded and dumb is very stupid because many sites use this way of including css to allow for a more custom application, just look at the customized yahoo page.
  • instabil, on 10/12/2007, -0/+4I just got an email from him, so I guess it's safe to explain now:

    There are two obvious security issues with this script:
    1. Deleting "http://" from strings won't stop XSS-attacks because php
    also uses https, ftp and ftps.
    2. If a hacker wanted he could for example go to the page:
    http://tylerhall.ws/css.php?file=blog/wp-config.php
    and read the php-code. Not very nice.

    Solutions:
    1. set the allow_url_fopen to false using the ini_set function before
    executing the script
    2. a little trickier but this would be a solution.
    example:
    css.php?file=wp-admin
    and in the php:
    $cssFile = $_GET['file'] . ".css";
  • jdunck, on 10/12/2007, -0/+3Already done, and better:
    http://meyerweb.com/eric/thoughts/2005/08/31/the-constants-gardener/

    http://www.shauninman.com/plete/2005/08/css-ssc-quickie
  • instabil, on 10/12/2007, -0/+2Well.. it works.. and if it doesn't why don't you just point out why? There are always many ways to solve programming problems and they all have pros and cons.
  • montydigg, on 10/12/2007, -0/+2Hmm... This is kind of going around your elbow to get to your nose. The whole point of CSS is so that you don't have to repeat anything, right? A good rule of thumb when building CSS is that you should never have the same line twice. Your CSS should be attribute-centric, not tag-centric:

    .myStyle,
    .anotherStyle
    {
    color: #346FB7;
    background-color: #F33500;
    }

    .anotherStyle {
    float: right;
    }

    .myStyle {
    float: left;
    }
  • deadkenny, on 10/12/2007, -0/+2Why not just design your CSS correctly in a cascading manner in the first place and then you should never need to resort to hacks like this? ;-)
  • Xopl, on 10/12/2007, -0/+2With some Apache mod-rewrite work you could hide your little "css.php?file=main" crap and just include your .css file straight up as main.css or whatever. In your .htaccess file, use the following:

    RewriteEngine on
    RewriteRule ^(.*).css /css.php?file=$1

    Note, this still would have the injection attack problem that user "instabil" found. However, people wouldn't even be aware that you were preparsing your css using this method.

    Remember kids, mod-rewrite. Learn it. Love it.
  • a1programmer, on 10/12/2007, -0/+1Yes, this will prevent the css from being cached. css.php will be the most downloaded file on his server! haha.
  • indiefan, on 10/12/2007, -0/+1You should only be using constants in your style sheets. The logic should be separate from the presentation as well as the semantic markup, that's the whole point of this standards craze.
  • bonzooznob, on 10/12/2007, -0/+1Read about it before, but a sweet idea, for sure.
  • wilhelm, on 10/12/2007, -0/+1The method suggested in the article is not particularly useful. Just group your classes like this:

    .myStyle, .anotherstyle {
    color: rgb(13,37,42);
    }
  • indiefan, on 10/12/2007, -0/+1CSS Server Side Constants. A better way to do this, albeit a little more complicated, is Shaun Inman's Server Side Constants. Basically you modify .htaccess so that you can add variables into plain ol' .css files instead of loading a php file as your style. Check it out, Shaun Inman is the man.

    http://www.shauninman.com/plete/2005/08/css-constants
  • tylerhall, on 10/12/2007, -0/+1New version is available. Let's you do nested css imports.
  • instabil, on 10/12/2007, -0/+1It's also very dangerous. Don't use it!
  • buckaroo, on 10/12/2007, -0/+1Oh my gawd ... never take the user's client-side word for what explicit file to include ... Work off of a unique value that they pass in. If it maps to a "known good" key in a server-side array, THEN use the value in that array to find the file ...
  • shockingbird, on 10/12/2007, -0/+1Super dig.

    Maldon said:
    God, Every day on just about every post. Why must people say "This is retarded and dumb."

    I totally agree. There's always room for innovation and if you're always ignoring it, you won't succeed.
  • instabil, on 10/12/2007, -0/+1But it's really annoying that you need to preprocess the CSS files. I totally agree with Meyer. There should be a way to declare constants in CSS.
  • instabil, on 10/12/2007, -0/+1Well. I just don't want anyone to get in trouble because of this script. :P
  • blueice03, on 10/12/2007, -0/+1I also did something like this once but that doesn't make his method dump or stupid. And just because you and I have done it before doesn't mean everyone has. For those that have never considered these possibilities this could open whole new options for them which is why I'm glad this is getting some coverage.

    I swear, I left the slashdot crowd because of some of the elitist attitudes like, "Well, I've did this years ago; this is nothing new; this is dumb and retarded; this is basic php; etc, etc, etc,". Didn't your mommas ever tell you, "If you can't say something nice, don't say anything at all?"
  • jimd, on 10/12/2007, -0/+1Somebody tell me why you don't just keep a "source" css file and run a php script over it ONCE to "generate" the actual css file you provide for your site. If you want to make a change, you change the source file and run your "converter" again.

    Of course, I'm very ignorant of this whole area, but I can't see yet why the "real" css file needs to be regenerated every time someone wants a copy.
  • Greg-J, on 10/12/2007, -0/+0Hello... Is this thing on...?

    Hey there Tyler Hall. Wtf???

    Have you no idea what the C in CSS stands for? I'm sure you do, but I'll help you out for a moment here. Cascading... As in, cascading... Your method is completely null and void of any usefulness not found within the rules and guidelines of plain old CSS, and is cumbersome at best.

    It gets tiring seeing a bunch of nooblings with "This IS really cool". Jackasses. Complete jackasses.
  • cmw72, on 10/12/2007, -0/+0Very interesting. I've done this in the past. At least now I'm aware of the security risk.
  • isitaboat, on 10/12/2007, -1/+1Lame.
  • Xopl, on 10/12/2007, -0/+0Best point yet, jimd! Why the hell should *CONSTANTS* have to be dynamically generated each time?

    That's probably an excellent argument for not having CSS constants in the first place.
  • instabil, on 10/12/2007, -0/+0It sure would still have the same problem - but who would know? =) Nice idea xopl.
  • Xopl, on 10/12/2007, -0/+0"Ever hear of AddType application/x-httpd-php .css ???? I guess not."

    That's even better.
  • jimd, on 10/12/2007, -0/+0I see what you mean, lumpy, and I agree. I was hoping for a way to declare constants in a css file. That shouldn't be the overhead a php process would be. Without that, the php "solution" makes it easy to declare but unjustly burdens the system. I work on very low-use servers, so I will probable use this technique while playing with color schemes, and then I'll change them to literal strings when I'm satisfied and ready to "release."

    Thanks
  • instabil, on 10/12/2007, -0/+0sxtxixtxcxh: It's always dangerous to copy other peoples code. =)
  • m94mni, on 10/12/2007, -0/+0Better way:

    http://www.barelyfitz.com/projects/csscolor/
  • jimd, on 10/12/2007, -0/+0I can see having constants defined, because I'd like to lay out all of my collors at the top for use throughout my site. That would be far better than having to "process" them each time, though. In a way, declaring an a:link color is making it a constant for each occurance in the html code, so a no-constant purist should even want to avoid css altogether -- maybe a wooden stake through each css file he finds, or something like that. [Sorry, I couldn't help myself. :)]
  • instabil, on 10/12/2007, -0/+0m94mni: Yeah. That's a nice way.
  • AKX1, on 10/12/2007, -0/+0I have made something like that some time ago...

    http://www.devever.net/pegercer/akx/cssext/
  • sxtxixtxcxh, on 10/12/2007, -0/+0instabil: totally understand what you're saying.

    i think his script is overly complicated, and clearly you can see why that's bad.. :P
  • avfguy, on 10/12/2007, -0/+0brilliantly simple and very useful - thanks!
  • Iriel, on 10/12/2007, -1/+1I didn't dig this because of how the script works for css actually (because it actually go against a lot of what css tries to accomplish). I just dugg it because of Andre's valuable lesson in PHP security practices. If anyone knows of some good resources on that in plain english, please post them.
  • jkearney, on 10/12/2007, -0/+0this is retarded and pointless.
  • personman, on 10/12/2007, -0/+0How is this easier than just using search and replace when you need to make changes?
  • tylerhall, on 10/12/2007, -0/+0"Yes, this will prevent the css from being cached. css.php will be the most downloaded file on his server! haha."

    No, it won't. Before the script sends the css to the browser it sends a header telling the browser to cache the file just like it normally would :)
  • dashifen, on 10/12/2007, -0/+0You could also simply send all .css files through the PHP interpreter thus allowing all forms of PHP code (loops, variables, classes, etc) to be embedded within .css files. Can increase server load because it has to parse all .php and .css pages, but it boils down to a "require_once()" call for .css files. Anyway, good idea, just many ways to do it.
  • cecil_t, on 10/12/2007, -0/+0Why do you pass a style sheet with pseudo-code into a PHP page, why not just make the style sheet itself a PHP page? I've been doing that for years. Just put your header statement at the top of the PHP page and then you can do much more than just variable replacement, you can use logic. I use this technique to change the display across different browsers, etc.
  • saintwanker, on 10/12/2007, -0/+0old news.
    no digg.
    still interesting though
  • CoconutBoy, on 10/12/2007, -0/+0Ach... I meant <?= $blue ?>
  • cprior, on 10/12/2007, -0/+0These are not constants but variables.
    http://www.php.net/constants
  • CoconutBoy, on 10/12/2007, -0/+0That is really all far to overly complicated. Here's what I do:
    <?php
    header("Content-Type: text/css");
    $fgcolor = "#006600";
    $bgcolor = "#88BB88";
    ?>

    And then in the CSS:

    body {color: $lt;?= $fgcolor ?>; background-color: $lt;?= $bgcolor ?>;}

    Is there anything wrong with that? I've been using that technique since I learned php.
  • moiety, on 10/12/2007, -0/+0One would hope this would be a no-brainer for anyone who's done any PHP parsing on CSS files. Good tip for new comers, I suppose.
  • CoconutBoy, on 10/12/2007, -0/+0Why isn't there an edit post function? the CSS should read:

    body {color: <?= $fgcolor ?>; background-color: <?= $bgcolor ?>;}
  • jimd, on 10/12/2007, -0/+0Greg-J: How are you saying a single #FF0000 should be Cascaded rather than respecified again and again? I understand you think we're jackasses, but you need to give me your better way.
  • lumpy, on 10/12/2007, -0/+0Ok so you want a better way to do it eh?

    His example was he had an orange color that he wanted to use it is type color background colors and so on. I define classes that do that I create a class for an orange background and text color and rule. When the designer comes ot me and says change it from hex 1 to hex 2 I DO FIND AND REPLACE AND CHANGE THE HEX in my text editor. No when my style is called the only server load is my css text file and not all this php overhead. Like I said before it's an interesting code. I just dont see the benefit of it. On a busy server this is the kind of thing that gets developers fired. PHP can do this but it ws not designed to do this this is a case of not following the golden rule: "keep it simple stupid"
  • guitarromantic, on 10/12/2007, -0/+0See, my issue here is the fact that changing say 5 references to #COLOR isn't actually that big a deal. If it ain't broke etc..

  • Fetching more discussions...
    Show 51 - 86 of 86 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.