Using PHP to Hide Javascript Source

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
tastywheat
Forum Newbie
Posts: 3
Joined: Thu Nov 20, 2003 12:02 am
Location: Texas

Using PHP to Hide Javascript Source

Post by tastywheat »

I want to use javascript on my site for navigation, but I don't want anyone to see the code. I could store my javascript in a .js file but they can still download it right? I know that I can put a php file as my source and it can generate the javascript code. Well, the problem is that they can still download this php file. What I'm getting at is, is there any kind of code I can add to a php file so it will produce a certain output only when downloaded?
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

Nothing that PHP can do i think.

What i would do is, put the Javascript in a .js file, then remove ALL formatting so that it is all on one line, change variable names so they do make sense to anyone apart from you.

Or

You can get programs that will encrypt the Javascript so that it still works but is unreadable.

Mark
maniac9
Forum Commoner
Posts: 55
Joined: Fri Aug 01, 2003 12:27 am
Location: Arkansas, USA
Contact:

Post by maniac9 »

Even encryption will not work. The problem with JavaScript is that its source must be available so the browser can read it clearly and execute the code. Any kind of encryption would require the browser to decrypt the code in order to execute it, which to my knowledge, is not readily available. This, sadly, is one of the downfalls of JavaScript.
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

PHP sure can hide it if you don't want anyone to see it, if it's not being displayed of course.

But when you want to display and use the javascript file, then php needs to echo/print the source to the browser eventually so users will be able to freely view it just like html.
User avatar
DuFF
Forum Contributor
Posts: 495
Joined: Tue Jun 24, 2003 7:49 pm
Location: USA

Post by DuFF »

Well you could put it in a .js file and then either put the file outside the web root or just add a .htaccess to it. Would this work? I don't know much about javascript so I can't help you much there.
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

maniac9 wrote:Even encryption will not work. The problem with JavaScript is that its source must be available so the browser can read it clearly and execute the code. Any kind of encryption would require the browser to decrypt the code in order to execute it, which to my knowledge, is not readily available. This, sadly, is one of the downfalls of JavaScript.
I've actually seen some javascript that was encrypted, it worked fine too. It was supose to be this new script that no popup blocker could block the popup that it would launch. Maybe it was a java applet, but I don't know since I only read a breif description and It was encrypted of course. ;)

This site is worth taking a look at, they claim to be able to encrypt HTML and JavaScript...

http://www.protware.com/default.htm
# Flexible encryption options:

* Encrypt html files, asp files, external script files(.js or .vbs), php and shtml files, framesets and style sheets (.css) files. You can also encrypt HTML-formatted email.
* Protect your images with Image Guardian - enhanced image protection.
* Encrypt only desired parts of html files.
* Two different methods of encryption
* - files encrypted with the default method work in all javascript-enabled browsers. You can also use the alternative, more fast and secure method for Internet Explorer 5.0 or higher only. Disable right mouse button.
* Disable showing link targets in status bar.
* Disable text selection.
* Prohibit offline use
* - your files will work fine when someone is browsing your site, but they will not work if they are saved and run from a local hard drive. Password protect your pages using either a basic or Ultra-Strong password protection.
* Prohibit linking your pages from other sites.
* Prohibit printing of protected files.
* Disable Clipboard & Print Screen ( for IE 5+ only ).
* Option only to compress HTML code(without encryption).
User avatar
tastywheat
Forum Newbie
Posts: 3
Joined: Thu Nov 20, 2003 12:02 am
Location: Texas

Post by tastywheat »

I tried that HTML Guardian thing before and it does a really good job of encrypting .js files. However, in my experience, it encrypts them so well that they don't work anymore. The html encryption works just fine, but the unregistered version adds a banner into the code. No, I won't buy the software either. I'd sooner resort to using flash for my website. I tried something using session variables but I kept getting errors. Or maybe I thought this could be done using the HTTP_REFERER value, but that all depends on the browser. I'm no expert with php, but isn't there some way you can tell if a file is being downloaded instead of just read? Or isn't there something I can do using .htaccess files? A friend of mine said that there's a way you can let files be read and not downloaded. We couldn't figure out how though.
maniac9
Forum Commoner
Posts: 55
Joined: Fri Aug 01, 2003 12:27 am
Location: Arkansas, USA
Contact:

Post by maniac9 »

Well, the problem with all of this lies in the fact that JavaScript has to be freely available for the browser to see, which in turn means that the user can see it too.
blind487
Forum Newbie
Posts: 5
Joined: Sun Nov 23, 2003 9:26 am

Post by blind487 »

you could always just make it REALLY REALLY hard, and use all of the above:

have a php file write the javascript code, and mask all the variables and put the code on one line so it is very very hard to read. then you can chmod the file so it can be executed but not viewed or downloaded. thats about the best you can get i think. also a nice little trick that i've seen is to add 'phantom code'. basically extra javascript commands that don't use time to execute, but just confuse those who are looking at it. i.e.

(this isn't javascript... but you'll get the idea)

Code: Select all

if ($useless)
  if (!($useless2))
    $useless2 = true;
       if($useless)
          $useless = false;
        else
       if (!(useless3))
          $useless = true;
i'm not sure what that does... and i just wrote it. so you get the idea
Post Reply