Javascript/PHP

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Javascript/PHP

Post by tecktalkcm0391 »

Is there a way to send a value on a page in PHP into an included javascript in the html in the form of

Code: Select all

<script src="..."></script>
Example:

Code: Select all

<?php

$name = 'Chris';

?>

Code: Select all

<script src="displayname.js"></script>
User avatar
xinnex
Forum Commoner
Posts: 33
Joined: Sun Jan 07, 2007 7:38 pm
Location: Copenhagen, Denmark

Post by xinnex »

Just request the php-file as if it was a normal javascript-file.

Code: Select all

<script type="text/javascript" src="name.php"></script>
name.php:

Code: Select all

<?php
$name = 'Chris';
?>
window.alert('<?php echo $name?>');
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Post by tecktalkcm0391 »

That's not exactly what I was looking at doing. I wanted to make it so that the variable on page1.php was passed to page2js.php somehow... and then then javascript output was used
User avatar
xinnex
Forum Commoner
Posts: 33
Joined: Sun Jan 07, 2007 7:38 pm
Location: Copenhagen, Denmark

Post by xinnex »

I'm not quite sure I follow that..
Why would you want to send the variable to a second page?
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Post by tecktalkcm0391 »

I was trying to get it there so that I can use it to protect the Javascript, but I got it.... to work.... I've figured out the fool proof [to me atleast] to protecting javascript files.
nickvd
DevNet Resident
Posts: 1027
Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:

Post by nickvd »

No you didnt :)

It's not possible to secure any scripted language, as the browser (or server) needs to read the un-obsfucated source code to run the script. What you did is make it (a little bit) tougher to get the source.

Think of it like car alarms. They won't stop your car from being stolen, but they will reduce the chances a little. Ultimately if they want your car, they will take it, nothing can stop someone who is determined enough.
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Post by tecktalkcm0391 »

Well what I did allows the browser to read the code... and as soon as it does block the user from going to the location of the javascript code... and the code isn't cached so it no were to be found. Can users really still get the code?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Absolutely possible.
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Post by tecktalkcm0391 »

May I ask how? And if anyone wants to try... I posted a test here... http://tecktalkcm0391-testingphp.awards ... y_test.php
All the javascript code does it alert("PASSED"); to show that the code has been run, but I have a line that has /* the code is ... */ and if someone can find out the line, can you please let me know, cause I can't figure out how, meaning that I think the javascript might actually be "secured" to some length.
User avatar
boba
Forum Newbie
Posts: 15
Joined: Sun Feb 04, 2007 2:46 pm
Location: Kharkov, Ukraine
Contact:

Nothing can stop someone to view you javascript code

Post by boba »

Hey, tecktalkcm0391

The most easy way to view JS source - FireFug plugin for FireFox :)
I've just spent 15 secs to view your JS source.
nickvd was right, browser has to receive valid JS, and if it does then smart man can view it without any problems :)

Code: Select all

alert("PASSED");
/* This is the code: z3nacrEsp7 */
Everything you can do - obfuscate your JS code, it will be hard to read it but it doesn't mean that nobody can!
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Yeah "z3nacrEsp7" was easy to pull out. Web developer plugin has "view Javascript" which will show you the Javascript for the page. :) Even obfuscation wouldn't be much of a barrier.

If the browser can read it so can the user without too much trouble.
User avatar
boba
Forum Newbie
Posts: 15
Joined: Sun Feb 04, 2007 2:46 pm
Location: Kharkov, Ukraine
Contact:

Post by boba »

One more question, tecktalkcm0391. What for are you going to hide your JS? :)
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

The best thing you can to protect your JS source would be to obfuscate and store everything in a single monolithic function...most people would give up and just try and re-implement...

At least I would - unless you had some wicked algorithm or technique which I couldn't figure out...

Honestly though, most of what you can do in PHP or JavaScript can easily be replicated by any mediocre developer...there is little use in trying to protect such code...if it's that unique, apply for a patent - thats your best form of IP protection...

Just my 2 cents :)
Post Reply