Templates - hints

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Llaik
Forum Newbie
Posts: 3
Joined: Fri May 26, 2006 9:38 am

Templates - hints

Post by Llaik »

Hi, i'm looling around for some new interesting template engine.
Exists anything more interesting than Smarty or Teng (..or php :))?
Can you recommend something for me? And tell me "why this one"?
Citizen
Forum Contributor
Posts: 300
Joined: Wed Jul 20, 2005 10:23 am

Post by Citizen »

This doesnt really belong in the php code forums...

but what do you mean by a template engine? Like a code processor?

Macromedia products do quite well for beginners. I prefer notepad myself :)
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Re: Templates - hints

Post by Roja »

Llaik wrote:Hi, i'm looling around for some new interesting template engine.
Exists anything more interesting than Smarty or Teng (..or php :))?
Since you are rejecting two major choices, explain why you've rejected them, and what you think "more interesting" means.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Template Lite, AKA Panama Jacks baby. It is an off-shoot of Smarty, without all the bloat. It works fast, is easy to use, actually allows the developer to minimize coding within the app and places presentation logic within the template. It is amazing how easy it is to get set up and use.

I moved to it from the phpBB template class, which also worked well for me, but was not nearly as flexible or estensible as Template Lite.
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

Interesting...

Never heard of teng until now...

Obviously there are huge differences in Smarty and Teng...so I am not sure how/why you ruled them out...

Smarty is pure PHP and Teng is a C++ API with PHP extensions to allow it's use in PHP

For that reason...Teng is likely a helluva lot faster but Smarty has the advantage of being done in PHP so it'll be most compatible with hosting companies...

Smarty is also the king of template engines in PHP...no other template IMHO holds a candle...not to say it's best it just most popular...therefore:

1) Tons of support
2) Tons of jobs
3) Tons of tutorials
4) Well tested and peer reviewed

Smarty is a good choice if you plan on developing commercial software as you won't limit your consumer base to those who can install PHP extensions...

Teng might be a better choice if yoy are on a dedicated host and need pure speed because you are designing a inhouse application - so you don't need Smarty portability...

In saying that...you likley want to stick with somehting native in PHP, like Smarty...

Here is an article which advocates my own feelings on the use of Smatry:
http://www.massassi.com/php/articles/template_engines/

I've used the PHP bTemplate appraoch ever since...

It's pure PHP so it's faster than Smarty and likewise more powerful, but much easier to follow bad practice, such as calling SQL funcitons inside your template...which defeats the purpose...but I consider myself a disciplined programmer so I make the choice to use bTemplate approach...

bTemplate (at least the code I use) doesn't support Caching, etc...but it could be easily added...

Here is a list of existing template engines:
http://www.sitepoint.com/forums/showthr ... did=123769

Honestly...they all pretty much do the same thing...and really your choice will likely come down to which syntax you use...

Personally I like Yapter: http://yapter.sourceforge.net/?action=syntax

I just find it's syntax cleaner I guess...

The questions you need to ask should sounds something like this:
1) Do I need break neck speed? Teng
2) Do I need portability? Native PHP engines
3) How much control (logic) do I need in my templates? bTemplate vs Smarty
4) Do I need code candy, such as extensions like Smarty supports.
5) Do you need a template engine which builds it's output using a DOM or simple variable interpolation?

There are tons of options...I've used many...but your question is to vague...it almost warrants an article not a thread response... :)

Cheers :)
Llaik
Forum Newbie
Posts: 3
Joined: Fri May 26, 2006 9:38 am

Post by Llaik »

Thanks for links - my question wasn't: "I don't want to use Smarty/Teng, but something else", but it was: "i'm ready to use smarty, but: it's there more choices?"

Template like seems interesting,... thanks.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

If I were to choose between Smarty and Template Lite, I would go with Template Lite. It is a lighter, cleaner alternative and it is easier to use in my opinion.
User avatar
AKA Panama Jack
Forum Regular
Posts: 878
Joined: Mon Nov 14, 2005 4:21 pm

Post by AKA Panama Jack »

Everah wrote:If I were to choose between Smarty and Template Lite, I would go with Template Lite. It is a lighter, cleaner alternative and it is easier to use in my opinion.
Thanks :D

We are constantly upgrading Template Lite and adding new plugins. Plus we are constantly looking for new plugins developed by the users to be included with each new release.

We have had quite a bit of praise for the package and it is very secure without all of the needless overhead. :D
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

AKA Panama Jack wrote:
Everah wrote:If I were to choose between Smarty and Template Lite, I would go with Template Lite. It is a lighter, cleaner alternative and it is easier to use in my opinion.
Thanks :D

We are constantly upgrading Template Lite and adding new plugins. Plus we are constantly looking for new plugins developed by the users to be included with each new release.

We have had quite a bit of praise for the package and it is very secure without all of the needless overhead. :D
<hijack>

Do you say Template-Lite is as secure as Smarty? The reason I ask is Rojas blog states there was some security issues.

</hijack>
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

But he never said what the issue was. Anyone care to expand on 'the issue'?
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

Jcart wrote:Do you say Template-Lite is as secure as Smarty? The reason I ask is Rojas blog states there was some security issues.
I'm a bit guilty here, in that I didn't give any substantial explanation yet. You can't expect PJ to defend his application against general statements on a blog.

The reason I didn't give substantial detail yet is half good, half lame. The lame part is that I'm insanely busy right now with personal issues, and a Memorial Golf Tournament that is taking over my town. (I do mean that entirely literally - a 7 minute drive is now over 45 minutes long).

The good reason is that I wanted to be as detailed as possible, and while I know for a fact that there is sufficient reason for MY concern, I don't have sufficient detail and testing completed to fairly document if there is sufficient reason for OTHER people to be concerned.

Stay tuned. I hope to update with further information 'soon'.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Cool, I was just curious and am looking forward to any tests or explanation as I am a big fan of Template-Lite. :wink:
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

Roja wrote:
Jcart wrote:Do you say Template-Lite is as secure as Smarty? The reason I ask is Rojas blog states there was some security issues.
I'm a bit guilty here, in that I didn't give any substantial explanation yet. You can't expect PJ to defend his application against general statements on a blog.

The reason I didn't give substantial detail yet is half good, half lame. The lame part is that I'm insanely busy right now with personal issues, and a Memorial Golf Tournament that is taking over my town. (I do mean that entirely literally - a 7 minute drive is now over 45 minutes long).

The good reason is that I wanted to be as detailed as possible, and while I know for a fact that there is sufficient reason for MY concern, I don't have sufficient detail and testing completed to fairly document if there is sufficient reason for OTHER people to be concerned.

Stay tuned. I hope to update with further information 'soon'.
Can you offer a quick explanation why it's a security risk? Even for you own purposes?

Cheers :)
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Jcart wrote:Cool, I was just curious and am looking forward to any tests or explanation as I am a big fan of Template-Lite. :wink:
My thoughts exactly!

EDIT | My first post just sounded stupid...
User avatar
AKA Panama Jack
Forum Regular
Posts: 878
Joined: Mon Nov 14, 2005 4:21 pm

Post by AKA Panama Jack »

Hockey wrote:Can you offer a quick explanation why it's a security risk? Even for you own purposes?

Cheers :)
Yep, I am very curious myself. :)

Template Lite doesn't have any of the directory security features of Smarty (IE: limiting the template engines access to certain directories inside the web sites directory.).

Though there is one one thing that was accidentally set to enabled in Template Lite that SHOULD have been set to a default of OFF. This is the variable php_extract_vars. You can disable this after you create the template object

Code: Select all

$template_object = new Template_Lite;
$template_object->php_extract_vars = false;
or just edit the class.template.php file and change

Code: Select all

var $php_extract_vars		=	true;	// Set this to true if you want the $this->_tpl variables to be extracted for use by PHP code inside the template.
to

Code: Select all

var $php_extract_vars		=	false;	// Set this to true if you want the $this->_tpl variables to be extracted for use by PHP code inside the template.
I forgot to mention this variable in the documentation. The only time you would even want to set this to true is if you need to execute any PHP code and wish to use straight PHP variables instead of referencing them through the object variable. This could pose a security risk with PHP variables being overwritten that you do not want overwritten.

Other than that mistake I cannot think of anything that could be a security risk.

I have been very busy on a number of projects, plus a 7 day Memorial vacation away from everything ;) , and haven't released the updated version of Template Lite yet. There are a fixes for some NOTICE errors and a new plugin called in_array.

Code: Select all

in_array

Description
	Will search an array for a matching value and return the set return value if a match is found. 

Arguments
	array - The array to search for the match. 
	match - The value to match inside the array 
	returnvalue - This is the value to be returned if a match is found. 

Example
	TEMPLATE
	=============================
	<input type="checkbox" name="test" value="1" { in_array array=$atribname[$i] match=$atrib returnvalue="CHECKED" }>

	OUTPUT
	=============================
	<input type="checkbox" name="test" value="1" CHECKED>
SO, if there are any security issues I would like to know about them so they can be addressed before I make the next release.
Post Reply