Honesty Rocks! truth rules.

Protect Pages HOW?

HOME      >>       Programming

alex1985

I create certain pages for my web-site, and I would like to protect them that no one can hack or see their source codes. So, if everybody knows how to do it, please post a reply over here. List of the best ways, I can do it.Thanks.


sonesay

Any one who has access to the web server will have access to your files you store there. Once downloaded or viewed without being parsed by PHP the source code is viewable so there is no way to encrypt your source doe from that.


rvalkass

Any server-side scripting (such as PHP) will never be seen by visitors to your site as long as PHP is running on the server. The HTML output, however, is obviously visible, and there is very little you can do to protect that. All the code must be able to be understood by the browser, and therefore there will be an easy way for a visitor to see the plain HTML source code.As long as your PHP is well written (clean any user input, sanitise database inputs, etc.) then you should have nothing to worry about.


alex1985

All right! But some web-sites has pages like "dsjdsb" or some another symbols at the end of web address. That's looks good. Because, I link my pages like in HTML. For instance, if you wanna go to the home page, you click on the link "Back", and when you actually pressed it, the user can see the file: "index.php". In other words, I wanna avoid this problem, and that's why I am asking for some protection of the pages. Just list the choices what can be done about it.


truefusion

Because, I link my pages like in HTML. For instance, if you wanna go to the home page, you click on the link "Back", and when you actually pressed it, the user can see the file: "index.php". In other words, I wanna avoid this problem, and that's why I am asking for some protection of the pages. Just list the choices what can be done about it.

Hmm? You mean you don't want them to see what kind of server-side script you're running? You might want to look into mod_rewrite for the Apache server. With this, you can make your URLs appear like if the browser is accessing an HTML file, when really it's accessing a PHP or ASP or JSP, etc, script. Either that or give your HTML pages the ability to process PHP scripts.

alex1985

SO? How you do it?


rvalkass

Try searching for "mod _rewrite" for a tutorial:
search:mod_rewrite
search:mod_rewrite tutorial

Also try these links for some help:
http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
http://forums.xisto.com/no_longer_exists/


alex1985

So, that pages might help me? What the "mod_rewrite" exactly do or for what is used?


jlhaslip

Try searching for "mod _rewrite" for a tutorial:

search:mod_rewrite

search:mod_rewrite tutorial

 

Also try these links for some help:

http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html

http://forums.xisto.com/no_longer_exists/

Have you read these links/tutorials yet?

alex1985

Sorry, I will read them now, thanks for reply?!


ewcreators

you can do it with javascript. Just create code for no right clicks.but on the topic of php,use $_SERVER[HTTP_ADDRESS](i am not sure if its this) to verify the ip adress. If its yours, then allow editing..etc, if its not, only allow displaying.


alex1985

you can do it with javascript. Just create code for no right clicks.but on the topic of php,
use $_SERVER[HTTP_ADDRESS](i am not sure if its this) to verify the ip adress. If its yours, then allow editing..etc, if its not, only allow displaying.


Can you rewrite it in more details? I did not get it! Sorry, I am beginner.

galexcd

you can do it with javascript. Just create code for no right clicks.but on the topic of php,
use $_SERVER[HTTP_ADDRESS](i am not sure if its this) to verify the ip adress. If its yours, then allow editing..etc, if its not, only allow displaying.


Thats a terrible solution. Not only do you make people not want to go to your website, but you don't protect anything. If you are talking about protecting your html code, that is impossible. When you load a website in your browser the server is actually sending that html code to the browser and the browser can read it. Just because there is some annoying script that blocks right clicks doesn't mean your computer still doesn't see it. Even if there was a way to use javascript to block the view source option under the view menu, you could technically still see it, you're only blocking the computer "noobs" if you will from seeing it. The source is still sent and if you are somewhat decent in programming you can still get it. NOW the reason you don't see php code in the source is because it is NEVER sent to the browser. It is compiled at the server and the OUTPUT is sent to the browser.

Now alex, I never have any idea what you want in your posts because they are never clear, and they are usually stupid and pointless questions, but I will try to explain this to you the best that I can. When you say some pages have "dsjdsb" at the end I assume you're talking about the get variable that is passed to them? It could also be an anchor but that doesn't change anything anyway. PHP has a very easy way of getting these variables with the $_GET array. It automatically fills this array for you, where the index is the variable name passed in the url and the value is, well, the value. Now there is no point in hiding the index.php that shows up, because it doesn't even look bad. I don't go to a website and say "OH THE WEBSITE URL HAS INDEX.PHP IN IT!!! OH MY GOD I BETTER GET OUT OF HERE". No I say "WOW THIS FREAKING WEBSITE HAS SOME KIND OF LAME JAVASCRIPT THAT PREVENTS ME FROM RIGHT CLICKING!!!! OH MY GOT I BETTER GET OUT OF HERE". So yes If you read the mod rewrite tutorials you may be able to do it. I'm not entirely sure but I think some browsers add the index.html or whatever when you navigate to a directory and don't put in the end slash. Example, point the browser to yoursite.com/images/ not yoursite.com/images

alex1985

you can do it with javascript. Just create code for no right clicks.but on the topic of php,
use $_SERVER[HTTP_ADDRESS](i am not sure if its this) to verify the ip adress. If its yours, then allow editing..etc, if its not, only allow displaying.


Who knows the exact code for it?

roooss

you can also try obfuscating your code and make it unreadable to everyone except yourself....


alex1985

you can also try obfuscating your code and make it unreadable to everyone except yourself....

So, how can I do it?!

roooss

take a look at something like this

https://www.raizlabs.com/contact/support/

if youre gonna do it i advise you read up a bit about it first because otehrwise see youre code obfuscation might give you a heart attack! lol

Here is a sample of what obfuscated code looks like...
function FC7321B391B6EF18F0711B835402E91D1($RE91192A00FF990477EE414AD5D708F08) { global $db_prefix; global $R695CD54D1F9CB31C11C71AF5EF74FDDB; $R9E9F3EDB7A84E99A0567F313F4EAC1BA = $RE91192A00FF990477EE414AD5D708F08; $R37A721F3B04CA577A7730084048F2BE3 = array_keys($R695CD54D1F9CB31C11C71AF5EF74FDDB); foreach($R37A721F3B04CA577A7730084048F2BE3 as $R90E8291866BD6CB7ED5089CE7E833D11) { $R9E9F3EDB7A84E99A0567F313F4EAC1BA = str_replace($R90E8291866BD6CB7ED5089CE7E833D11, $db_prefix . $R90E8291866BD6CB7ED5089CE7E833D11 , $R9E9F3EDB7A84E99A0567F313F4EAC1BA); } return $R9E9F3EDB7A84E99A0567F313F4EAC1BA;}.

heres another kewl tutorial to hide the fact that your using php altogether! take a peek

https://forums.phpfreaks.com/index.php/c,186675.0.html


alex1985

Thanks. That should help me a lot!!!


roooss

no problem glad i can help ^_^ if u employ both php hiding and obfuscation not only do you get unreadable code but unreadle code with no sign of what language it is either! making it very very difficult for a would be script thief


Galahad

But again, what's the point of obfuscating hos code, if no one can see his PHP source? As Al3x said, PHP is processed by the php parser, and it;s output is sent to a web browser... Internet is kind of a "open source", and it's contents are available to anyone who wants to see them... Even thsi forum can't protect it;s contents, only it's source code, that makes it work... And there's nothing you can do to protect your output, and I actually don't see any reason to... JavaScript protection scripts are stupid and pointless, and only annoy people...I figure you want to hide your URL page addresses, so people don't see domain.com/page1.php, domain.com/page2.php etc., but only to show domain.com for every page...As people upstairs suggested, look at Apaches mod_rewrite, and the use of .htaccess file...Oh, and another thing... Try to write longer posts, with a bit more detail what you want done, because it's hard for us to guess what you want done... People here take time to help you, the leas you can do is put some time into writing your posts, to help them help you, and anyone else having the same or similar problem...



Pages :-

Page 1Page 2