I'm working on a PHP project to develop a template engine for another programmers. The idea is simple: there will be a template folder with a template and a pages folder with the pages, php goes and get the template and insert the page inside of it using the current url. I've done this project without object orientation some years ago, but now I'm trying to do with having an object oriented focus.

The problem I'm facing is about configurations. In the original system, I had a PHP file with configurations hardcoded (the names of the folders containing includes, javascript, pages and so on). On the new one I was thinking on storing this data with XML, but the problem is that searching here on Stackexchange I've found this question and if I understood correctly, if I use the rewrite solution, it won't be accessible even by the PHP script and so I don't have a way to protect the configuration file from being read directly in the browser.

How should I work with this? Is there a better solution than using XML? I'm also avoiding the use of databases, since this is too simple to involve mysql connections and so on. I'm pretty sure that there is a way to allow the XML to be readable only from inside the server, but I'm not sure if that's the best solution.

Can someone tell me on how to procede in that case?

Thanks very much in advance!

The simplest solution is to place the xml file in a directory higher up the tree than the /htdocs/ or /www/ directory. This will still be accessible by PHP but not by HTTP connections.

If you wish to make the file accessible to some external HTTP requests, you could secure the directory using a .htaccess file, but I don't recommend that as an enterprise-level solution. Alternatively or perhaps additionally, you might be able to chmod the file to 66(4) (not 5.. sorry), which should limit file access sufficiently.