Here's A Nice And Interesting Way To Make Comments In your php files

We all know that when we make websites, sometimes, we just don't want a code to be there... for now. What I'm saying is, for example:

Your name is Bob. Yes it's Bob. Bob made a website and added lots of content. He gets a lot of traffic. He signs up for Google Adsense! Yay! He is happy. He makes thousands of dollars a month. He is famous.

And that is the exact reason why your enemy, Angela, is trying to make your google adsense account bad.

Guess what? Angela is your sister. Yes she is your sister.

What does that mean? She uses the same IP address as you. We all know, that google will penalize anyone for clicking on their own ads, so if Angela clicked on your ads in your home, you're pretty much bankrupt.... there goes another 5 digit number income.

Bob Finds out!!!! AHHH! He needs to remove the Google Ads so that his sister doesn't invite friends over to have a "who can click the fastest" game. So Bob uses the HTML commenting skills he has learned in HTML Land, called "using <!-- and -->" and hides the Google ads, so that he can put it back later without trouble, when he finishes his plan to blackmail his sister! Problem solved! Yay!...

The next day he is banned from Google.

Lets step back for a few seconds. What did he do wrong?

Oh yes, he forgot that Angela was the one who taught him HTML and also knows some tricks herself.

Viewing the source, Angela retrieved the publisher ID from the comment tags, and even if the webpage doesn't display the ad, she will still be able to see the code. She goes to freewebs or geocities, creates a small website with only the Google Adsense code, and invites her friends Jack and Jill, over for the "I bet I can click faster than you because I play piano" game. Now the only thing that Bob can say is "wtf" over and over to Google until he finally loses his searching priveledges too.

What is the solution?

Use php to comment out the code you want to keep. Yes it's that simple. Here's an example:

Before

<!-- <a href="my-secret-webpage-with-all-my-passwords.html">Google.com</a> -->

After

<?php /*<a href="my-secret-webpage-with-all-my-passwords.html">Google.com</a>*/ ?>

What is this useful?

You can conviniently keep all the stuff you want to temporarily removed on your page, so you don't forget it! I do that all the time when I test out some new features that I might add to my site, and for example, when I'm trying to find conflicts between scripts. I also use this method to hide registration forms when I disable registration on my site.

NOTE: For all those who think that you can't register for a "commented" web form when you have <!-- --> protecting the script, you are wrong. First of all, a hacker can use a remote file and copy and paste this script, including the form destination (which would have been hidden), and still register for your site, possibly bypassing some "htmlspecialchar('');" or javascript restrictions you have put, allowing a hacker to inject mysql tables, creating new accounts and changing or corrupting information etc.

Even if you have a domain restriction to prevent remote registrations, simple software such as Ad Muncher can easily remove the HTML comments (<!-- -->) with the "Replace HTML" feature. This means, that anyone can change the way your website displays things on their computer, allowing the possibility of executing any HTML (not php) scripts on your domain. Also, changing the referer is very easy, so a javascript or even a .htaccess file won't be able to protect ANY php file from detecting unauthorized domains.

That's why, it's best to comment out a file with php, hiding it from view of ALL public viewers, and STILL have the capability to recall that code with a simple edit!

Bob has learnt a lesson, will you?

tis a verry useful trick this is..ill probably never have google ads on my site so i wont need to worry about it, but poor bob, i wonder did he ever get his privledges back from google?

And the file extension for the file must be ".php, .php3, or .phtml" for this to work I would imagine. If this is tried on a regular ".html" file, would the line be output onto your display?

And the file extension for the file must be ".php, .php3, or .phtml" for this to work I would imagine.  If this is tried on a regular ".html" file, would the line be output onto your display?

222930[/snapback]

Actually, the extension doesn't really have to be .php, .php3, or .phtml. It can still be .htm or .html. Just add this line to your .htaccess file:

 

AddType application/x-httpd-php .html .htm

Now your .htm or .html files will execute as php.

 

Dooga, did you really have to make a story for that?

Nice trick! I will remember this, if I sign up for Google Adsense. Why? Because I have a sister who knows basic HTML and may try the same stunt that Bob's sister did. Great example! It will save many Bob's around the world.

Hey I didn't know that you could use

AddType application/x-httpd-php .html .htm

to make .html files into php files... hehe I can finally hide my programming language too

hey thanks this is just what i am looking for...........protects my adsense better now thanlks dude

now, let me understand this...cuz i have gotten confused a little, what i was taught is that in order for any php scripts to work the page you are putting it on has to be a .php file...but from reading this i have gotten a bit confused, so the file does not have to be .php ?? it could still be a .html file and the php script would still work? for example a PHP include code

<?php include("menus/left.html"); ?>

such as that would still work on a .html file?

Ugh. Excuse my impatience, but it... gets to me... when the same questions come up time and time again.

 

You can add PHP code to any file with any extension - jpeg, gif, exe, html, php - whatever. But unless the webserver knows to pass the file along to the PHP engine, the code isn't going to be processed, and will simply be sent as output. The AddType handler instructs Apache to treat the specified file extensions as the specified file type (in this case, application/x-httpd-php - ie. give this to the PHP engine). You can also use ForceType in conjunction with the Files directive, and probably a number of other options.

 

<Files script.jpg>ForceType application/x-httpd-php</Files>

Dooga, did you really have to make a story for that?

I enjoyed the story. Usually when you tell people straight out why to do it and how to do it, they don't seem to grasp the consept like other people may. At least reading it in a story form makes it interesting instead of feeling you're reading it out of a manual.


Oh, and thanks for telling me how to make .html and .htm files run php. I have forgotten how to do this.