Page 1 of 5

Templates - hints

Posted: Fri May 26, 2006 9:58 am
by Llaik
Hi, i'm looling around for some new interesting template engine.
Exists anything more interesting than Smarty or Teng (..or php :))?
Can you recommend something for me? And tell me "why this one"?

Posted: Fri May 26, 2006 10:52 am
by Citizen
This doesnt really belong in the php code forums...

but what do you mean by a template engine? Like a code processor?

Macromedia products do quite well for beginners. I prefer notepad myself :)

Re: Templates - hints

Posted: Fri May 26, 2006 2:38 pm
by Roja
Llaik wrote:Hi, i'm looling around for some new interesting template engine.
Exists anything more interesting than Smarty or Teng (..or php :))?
Since you are rejecting two major choices, explain why you've rejected them, and what you think "more interesting" means.

Posted: Fri May 26, 2006 2:44 pm
by RobertGonzalez
Template Lite, AKA Panama Jacks baby. It is an off-shoot of Smarty, without all the bloat. It works fast, is easy to use, actually allows the developer to minimize coding within the app and places presentation logic within the template. It is amazing how easy it is to get set up and use.

I moved to it from the phpBB template class, which also worked well for me, but was not nearly as flexible or estensible as Template Lite.

Posted: Fri May 26, 2006 3:19 pm
by alex.barylski
Interesting...

Never heard of teng until now...

Obviously there are huge differences in Smarty and Teng...so I am not sure how/why you ruled them out...

Smarty is pure PHP and Teng is a C++ API with PHP extensions to allow it's use in PHP

For that reason...Teng is likely a helluva lot faster but Smarty has the advantage of being done in PHP so it'll be most compatible with hosting companies...

Smarty is also the king of template engines in PHP...no other template IMHO holds a candle...not to say it's best it just most popular...therefore:

1) Tons of support
2) Tons of jobs
3) Tons of tutorials
4) Well tested and peer reviewed

Smarty is a good choice if you plan on developing commercial software as you won't limit your consumer base to those who can install PHP extensions...

Teng might be a better choice if yoy are on a dedicated host and need pure speed because you are designing a inhouse application - so you don't need Smarty portability...

In saying that...you likley want to stick with somehting native in PHP, like Smarty...

Here is an article which advocates my own feelings on the use of Smatry:
http://www.massassi.com/php/articles/template_engines/

I've used the PHP bTemplate appraoch ever since...

It's pure PHP so it's faster than Smarty and likewise more powerful, but much easier to follow bad practice, such as calling SQL funcitons inside your template...which defeats the purpose...but I consider myself a disciplined programmer so I make the choice to use bTemplate approach...

bTemplate (at least the code I use) doesn't support Caching, etc...but it could be easily added...

Here is a list of existing template engines:
http://www.sitepoint.com/forums/showthr ... did=123769

Honestly...they all pretty much do the same thing...and really your choice will likely come down to which syntax you use...

Personally I like Yapter: http://yapter.sourceforge.net/?action=syntax

I just find it's syntax cleaner I guess...

The questions you need to ask should sounds something like this:
1) Do I need break neck speed? Teng
2) Do I need portability? Native PHP engines
3) How much control (logic) do I need in my templates? bTemplate vs Smarty
4) Do I need code candy, such as extensions like Smarty supports.
5) Do you need a template engine which builds it's output using a DOM or simple variable interpolation?

There are tons of options...I've used many...but your question is to vague...it almost warrants an article not a thread response... :)

Cheers :)

Posted: Mon May 29, 2006 2:26 am
by Llaik
Thanks for links - my question wasn't: "I don't want to use Smarty/Teng, but something else", but it was: "i'm ready to use smarty, but: it's there more choices?"

Template like seems interesting,... thanks.

Posted: Mon May 29, 2006 8:57 am
by RobertGonzalez
If I were to choose between Smarty and Template Lite, I would go with Template Lite. It is a lighter, cleaner alternative and it is easier to use in my opinion.

Posted: Thu Jun 01, 2006 11:14 pm
by AKA Panama Jack
Everah wrote:If I were to choose between Smarty and Template Lite, I would go with Template Lite. It is a lighter, cleaner alternative and it is easier to use in my opinion.
Thanks :D

We are constantly upgrading Template Lite and adding new plugins. Plus we are constantly looking for new plugins developed by the users to be included with each new release.

We have had quite a bit of praise for the package and it is very secure without all of the needless overhead. :D

Posted: Fri Jun 02, 2006 12:48 pm
by John Cartwright
AKA Panama Jack wrote:
Everah wrote:If I were to choose between Smarty and Template Lite, I would go with Template Lite. It is a lighter, cleaner alternative and it is easier to use in my opinion.
Thanks :D

We are constantly upgrading Template Lite and adding new plugins. Plus we are constantly looking for new plugins developed by the users to be included with each new release.

We have had quite a bit of praise for the package and it is very secure without all of the needless overhead. :D
<hijack>

Do you say Template-Lite is as secure as Smarty? The reason I ask is Rojas blog states there was some security issues.

</hijack>

Posted: Fri Jun 02, 2006 1:15 pm
by RobertGonzalez
But he never said what the issue was. Anyone care to expand on 'the issue'?

Posted: Fri Jun 02, 2006 1:18 pm
by Roja
Jcart wrote:Do you say Template-Lite is as secure as Smarty? The reason I ask is Rojas blog states there was some security issues.
I'm a bit guilty here, in that I didn't give any substantial explanation yet. You can't expect PJ to defend his application against general statements on a blog.

The reason I didn't give substantial detail yet is half good, half lame. The lame part is that I'm insanely busy right now with personal issues, and a Memorial Golf Tournament that is taking over my town. (I do mean that entirely literally - a 7 minute drive is now over 45 minutes long).

The good reason is that I wanted to be as detailed as possible, and while I know for a fact that there is sufficient reason for MY concern, I don't have sufficient detail and testing completed to fairly document if there is sufficient reason for OTHER people to be concerned.

Stay tuned. I hope to update with further information 'soon'.

Posted: Fri Jun 02, 2006 2:28 pm
by John Cartwright
Cool, I was just curious and am looking forward to any tests or explanation as I am a big fan of Template-Lite. :wink:

Posted: Fri Jun 02, 2006 3:07 pm
by alex.barylski
Roja wrote:
Jcart wrote:Do you say Template-Lite is as secure as Smarty? The reason I ask is Rojas blog states there was some security issues.
I'm a bit guilty here, in that I didn't give any substantial explanation yet. You can't expect PJ to defend his application against general statements on a blog.

The reason I didn't give substantial detail yet is half good, half lame. The lame part is that I'm insanely busy right now with personal issues, and a Memorial Golf Tournament that is taking over my town. (I do mean that entirely literally - a 7 minute drive is now over 45 minutes long).

The good reason is that I wanted to be as detailed as possible, and while I know for a fact that there is sufficient reason for MY concern, I don't have sufficient detail and testing completed to fairly document if there is sufficient reason for OTHER people to be concerned.

Stay tuned. I hope to update with further information 'soon'.
Can you offer a quick explanation why it's a security risk? Even for you own purposes?

Cheers :)

Posted: Fri Jun 02, 2006 3:25 pm
by RobertGonzalez
Jcart wrote:Cool, I was just curious and am looking forward to any tests or explanation as I am a big fan of Template-Lite. :wink:
My thoughts exactly!

EDIT | My first post just sounded stupid...

Posted: Fri Jun 02, 2006 7:28 pm
by AKA Panama Jack
Hockey wrote:Can you offer a quick explanation why it's a security risk? Even for you own purposes?

Cheers :)
Yep, I am very curious myself. :)

Template Lite doesn't have any of the directory security features of Smarty (IE: limiting the template engines access to certain directories inside the web sites directory.).

Though there is one one thing that was accidentally set to enabled in Template Lite that SHOULD have been set to a default of OFF. This is the variable php_extract_vars. You can disable this after you create the template object

Code: Select all

$template_object = new Template_Lite;
$template_object->php_extract_vars = false;
or just edit the class.template.php file and change

Code: Select all

var $php_extract_vars		=	true;	// Set this to true if you want the $this->_tpl variables to be extracted for use by PHP code inside the template.
to

Code: Select all

var $php_extract_vars		=	false;	// Set this to true if you want the $this->_tpl variables to be extracted for use by PHP code inside the template.
I forgot to mention this variable in the documentation. The only time you would even want to set this to true is if you need to execute any PHP code and wish to use straight PHP variables instead of referencing them through the object variable. This could pose a security risk with PHP variables being overwritten that you do not want overwritten.

Other than that mistake I cannot think of anything that could be a security risk.

I have been very busy on a number of projects, plus a 7 day Memorial vacation away from everything ;) , and haven't released the updated version of Template Lite yet. There are a fixes for some NOTICE errors and a new plugin called in_array.

Code: Select all

in_array

Description
	Will search an array for a matching value and return the set return value if a match is found. 

Arguments
	array - The array to search for the match. 
	match - The value to match inside the array 
	returnvalue - This is the value to be returned if a match is found. 

Example
	TEMPLATE
	=============================
	<input type="checkbox" name="test" value="1" { in_array array=$atribname[$i] match=$atrib returnvalue="CHECKED" }>

	OUTPUT
	=============================
	<input type="checkbox" name="test" value="1" CHECKED>
SO, if there are any security issues I would like to know about them so they can be addressed before I make the next release.