SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    AdCaliber Magic2K2's Avatar
    Join Date
    Nov 2001
    Location
    Northern Virginia
    Posts
    496
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Allow sites to run my PHP file as javascript, but not view it?

    Hey guys,

    I have this script I'm going to be distributing to other websites. It is a PHP file that runs as a javascript so they include it on their site like:

    PHP Code:
    <script type="text/javascript" src="http://www.mydomain.com/blahblah.php"></script> 
    Now, everything works fine, but I want to prevent any curious onlookers from doing something like:

    PHP Code:
    file_get_contents("http://www.mydomain.com/blahblah.php"); 
    Is there any way to set up this type of security without restricting the javascript from running?

    Thanks.

  2. #2
    SitePoint Evangelist klik's Avatar
    Join Date
    Jan 2005
    Location
    Scotland, UK
    Posts
    547
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think it may be acheivable by using Mod re-write. Try using the Apache forum to learn if this is possible.

  3. #3
    SitePoint Addict
    Join Date
    Jan 2005
    Location
    Ireland
    Posts
    349
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't get you, but I think my answer is no. I am assuming the script is simply a JavaScript with a wrong extension (.php), and is not intepetated as a PHP script. There is no way to do this AND have the JavaScript still work. If the user can't see it, the browser can't see it.

    But maybe I have misunderstood the question.

  4. #4
    AdCaliber Magic2K2's Avatar
    Join Date
    Nov 2001
    Location
    Northern Virginia
    Posts
    496
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Ryan Wray
    I don't get you, but I think my answer is no. I am assuming the script is simply a JavaScript with a wrong extension (.php), and is not intepetated as a PHP script. There is no way to do this AND have the JavaScript still work. If the user can't see it, the browser can't see it.

    But maybe I have misunderstood the question.
    The file is a PHP file, but it outputs javascript. The script works fine. I'm just wondering if there's a way to restrict access so sites can only use the script in the intended way.

  5. #5
    SitePoint Enthusiast
    Join Date
    Sep 2004
    Posts
    67
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Magic2K2
    Now, everything works fine, but I want to prevent any curious onlookers from doing something like:
    PHP Code:
    file_get_contents("http://www.mydomain.com/blahblah.php"); 
    Someone correct me if I'm wrong, but I don't think this would do anything anyway. If they were to use this command on their own computer or on their own server, your file blahblah.php would still be parsed through the server and it would only return what you have written in the script to return.

    If your file echo's out some javascript and they include it, it will always run the php script through the server and only return the javascript to the client.

    So, if I'm correct, only if the people you are distributing your script to have access to upload to your server (or run scripts on your server) would they ever have access to the underlying code of your scripts. Otherwise, they will only ever see what you output in the php script.
    - Fotinakis

  6. #6
    SitePoint Addict
    Join Date
    Jan 2005
    Location
    Ireland
    Posts
    349
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Fotinakis
    Someone correct me if I'm wrong, but I don't think this would do anything anyway. If they were to use this command on their own computer or on their own server, your file blahblah.php would still be parsed through the server and it would only return what you have written in the script to return.

    If your file echo's out some javascript and they include it, it will always run the php script through the server and only return the javascript to the client.

    So, if I'm correct, only if the people you are distributing your script to have access to upload to your server (or run scripts on your server) would they ever have access to the underlying code of your scripts. Otherwise, they will only ever see what you output in the php script.
    Yes, that is true. file_get_contents() is the equivalent of going to the script in you're webpage.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •