Creating config file for Maintenance Mode

Hi, I want to call a dynamically construction page during differents updates or upgraded, I have this simple php code in main index.php

if($mantenimiento == 1) {
  include 'mantenimiento.php';
} else {
  include 'login.php';

Now the config.php file only have these simple lines, protect file externally and a variable to make the condition above to works.

    if ( $_SERVER['REQUEST_METHOD']=='GET' && realpath(__FILE__) == realpath( $_SERVER['SCRIPT_FILENAME'] ) ) {        

        header( 'HTTP/1.0 403 Forbidden', TRUE, 403 );
        die( header( 'location: /' ) );

But I want a way to change this variable $mantenimiento into wappler using dynamic binding, for example I have a backend and I would like to change this value of $mantenimiento=1; to $mantenimiento=0; maybe using a form with checkbox or changing with text input storing this value in a table in database to call it dynamically.

I means something like:


Of course it doesn’t works,

I’m trying with _SESSION using globals and then call it into the var, something like:


It works, but half, I mean, this method it’s perfect if where not in the main index, that’s because the _session needs to be store firts before using it (I don’t know if I’m doing something wrong but this is my case), so, been the index the main file it need a second refresh to get the store _session and the conditions start working.


Please, maybe someone can help, any idea would be useful.

In Wappler, you don’t have to code that all in PHP.

We have ready to go components and features to make all this easy possible.

Just check the docs:

Thanks George,
I know, in fact I’m was testing with simple condition region, but the idea to do it with php code is that it keep it hidden from source code and I’m really concern about security, I mean, wappler condition regions hide content from being executing from DOM that’s great, but it’s still loading all content inside conditions and visible in source code(Ctrl+U), so I really do not know how safe is using conditions with admin query that are visible on source code.

I would appreciate it you can help me to understand how much safe is to use condition region, can someone else maybe hacking the visible conditions and executing with changed value, I don’t know.
Sorry for my dumb question but for me do not exist dumb questions, if not, dumb people that not ask.

Please take me off this ignorance.

If the user at the client should not see something, don’t send it. Don’t rely on show/hide or conditional regions.

As for maintenance page, I would use something in your web server config to control this. I’ve implemented this on a node site for when the node service is down, restarting, etc. Apache serves up the maintenance page under the directed conditions.

You can google up some solutions for php. If you are manually controlling the maintenance, then something like if maint.html exists, then direct everything to that. Then just rename to maint.bak for normal operations.

Thanks, but, can you be a bit more specific why it’s better to don’t rely on show/hide or conditional regions? Maybe because this is vulnerable to hack, or not? I would really appreciate it.

Yes, if it is sent to the client/browser it is always subject to somebody being able to see it. Securing things is always done using server components.

Ok, at this point I believe that condition regions are not as usefull in terms of security for differents stuff, for example, in a form, if I make a conditional region depending of user rol for a user page how to redirect that user with your propper information, because, the use of conditional region in same page but only showing to the correct user rols, it always be visible to source code for all rol, so I thnk is not a good practice, do with php include file inside a condition will be the same, it render all in source code but not executable. How to deal with that?