ok i need a java code that hides all my code on my page for security reasons, can anyone help me?

Nope. No way to do that. There are many types of tricks that may delay a user by a few seconds. Though these tricks create accessibility problems and are incredibly annoying to all your legitimate users.

Hey firebomb....you told me you knew how to do that already...and you said you had the code to do it...hmm

the code turned out to be whack so it didn't work i reied it on my site but no dice:confused:

is impossible....muhahahah, not really i know some tricks to keep average users off your code, but hackers, hmmm, now thats another topic. co

is impossible...not reallyYes, really.i know some tricks to keep average users off your codeThe average user doesn't even care to see your code. They're just there to browse the Web. But, when they find all their browser features disabled, you can bet they won't be browsing back to your site ever again.

...and those who might care to see you code are going to know how to get it.

The average user doesn't even care to see your code. They're just there to browse the Web. But, when they find all their browser features disabled, you can bet they won't be browsing back to your site ever again.
---------------------------------------------------------------------
Not true, I never disable right click on main pages, only on apps, because I dont have to disable the right click on the main page, due to the fact that I add right click menus, takes care of that. Plus I never take away the users location, tool, andnavigation bars, only on Apps. So that way the user still has complete control over the site, plus a few editions, but can not see my source. Though like pyro stated, if someone was determined enough, to see it, then we all know how he can. But there are methods of hiding jscript, which is helpful, but not hacker proof, of course. But as far as html is concerned at this point in time, NO, you can't truly hide it.

are you happy now...lol

Code One

You missed the point. Whether it is on your main pages or on your apps (whatever it is you mean by that), the only people you will be able to keep out are the ones not trying to get in. It is a complete waste of time.

so basically i can't do crap right? is there something? what if i put it in a like a crazy font and encrypted it would the code still work?


ps whats the code to take away the right mouse click? listen fellas i'm not sayin i want it FULLY hacker proof just good enough that to where every joe can still my stuff, ya know?

You can block user's right click by means of corresponding java event to prohibit "view source" or simply fill the beginning of your HTML-document with empty lines to confuse hacker :D

As for the code blocking right mouse click, here it is:


<script>
function menu(){
if(event.button==2 || event.button==3){
alert('Not permitted!');
} return true;
}
window.document.onmousedown=menu;
window.document.onmouseup=menu;
</script>

Originally posted by firebomb™
so basically i can't do crap right? is there something? what if i put it in a like a crazy font and encrypted it would the code still work?


ps whats the code to take away the right mouse click? listen fellas i'm not sayin i want it FULLY hacker proof just good enough that to where every joe can still my stuff, ya know?

As stated before, the Every Joe does not want to see your code. Anyone who wants to look at your code, can. There is nothing you can do to keep him out.

ps whats the code to take away the right mouse click? listen fellas i'm not sayin i want it FULLY hacker proof just good enough that to where every joe can still my stuff, ya know?There is of course in the toolbar View->Source. Anyone computer illiterate enough to not know how to use that has most likely never heard the term HTML before in their life.

though I constantly try to prove them wrong, their right, all one has to do, is use view source, but you can always open your page with a poup and turn off the location bar, nav, etc. and the popuped window wont have any of that crap, and then insert a right click button, to keep people totally out, but still all they gotta do is turn of javascript and bamb their inside snaking your script. If your that worried about your scripts keep em off your page and just reference them.

hope this helps,

code one

Besides the fact that those who want it will get it, there is one more thing to consider: what you are trying to hide is most probably not worth being hidden.

Originally posted by Code One
...but still all they gotta do is turn of javascript and bamb their inside snaking your script...

You don't even need to do that...it's much simpler.

You can save the code you want to hide as a .js file. Don't embedd it in HTML or put 'script' tags in the .js file. Now in your actual page put the following:

<script language="JavaScript" src="whatever.js">
</script>

P.S. where it says 'whatever.js' it doesn't mean literally. Put the name of the .js file there. If anything doesn't work then make sure your the .js file is in the same folder as the actual page. If it isn't then you have to put the exact path of the .js file. You might want to make sure that your FTP is not acessable by people who don't have a password and anonymous logins aren't aloud or they will find your script.
your unknown buddy

Originally posted by Code One
, but you can always open your page with a poup and turn off the location bar,
code one

You've got to be joking,
I seriously don't see any reason prolonging this thread.
The work around you suggested above is worthless if I had my JavaScript disabled. Any other script base solution is worthless..
You can not hide your code on the internet in HTML browsers.
I don't see any reason for which this thread should continue.Please don't make me close it.

You might want to make sure that your FTP is not acessableWhat makes you think anyone would even bother with ftp? When it is perfectly accessible from HTTP. In fact, the moment the user browses the page your precious JS file is already on the user's machine.

P.S., why?... why must there always be some newbie that comes along thinking they've found the perfect solution?

Originally posted by Jeff Mott
P.S., why?... why must there always be some newbie that comes along thinking they've found the perfect solution? I hear you there... Also, why do they never accept "no" as an answer from those who know far more than they?

thanx i did accept it man, thanx for the help.

And, it is extremely easy to view the code in an external js file... I can definitely see this thread going in circles....

i did accept it manIn fact, I think you are the very first one in the history of this board to do so. :)

And, it is extremely easy to view the code in an external js file... I can definitely see this thread going in circles....

How, how?

Typing the url for the .js file into your location bar would be one good way.

ok, first you make vbs server side script that loads, when the page loads, and this code will go into the users system and delete their notepad. And at the same time, it will delete their browser and install a browser that you have already tweaked, by changing it's reg. info, making view source obsolete. This all wil happen at the speed of light. If all goes as according to plan, the user will have no notepad to view source in, and no way to view source at all, and if you want, you can even add a pretty little flower picture, as your icon.

Code One

What now gurus??? :)

Originally posted by Code One
If all goes as according to planAll will not go according to plan. ;)

Give me a break! I am only 10 years old and it's even a start knowing any languages!

:(

10years old god :eek: i wish i had started at 10 think of the stuff id know now nearly 9years later :D

Thanks for the links. I'll check them out!

:D

ok cool sounds good, top two are still work in progress so remember that b4 u comment lol :D

Thanx

:)

What is RT designs about?

:confused:

Disclaimer:

BEFORE YOU READ THIS PLEASE NOTE THAT I AM NOT SUGGESTING A PRACTICAL IDEA, JUST AN EXPERIMENT!


I read the idea of forcing your users to use the browser of your choice. Obviously that isn't possible, bu if you really care so much, I suppose you could write a Java Applet/flash movie that reads encrypted source code from another page and interprets it just like the browser would. It would still be possible to get your code, but you could then CHMOD your encrypted source code file or use PHP to check that the request has come from the page. That way, I don't think it would be possible to get your code.

What's your verdict? Would it work? If you think it would, I might just make it and find out!

Probably be easier just to let people get your code, though.

Originally posted by hodgesj312
Give me a break! I am only 10 years old and it's even a start knowing any languages!

:(

Wow...and I thought I was half-way special; being 15 and all...:(

ive been doing this since i was two. ehhmmm Bullshhhhiiittt, it would be a sad thing if that were true since, I still struggle, with arays. LOL

code one

I think it's actually good to share your code, or atleast be able to sneek peaks at someones code, because I know for me thats how I learn, I look at their codes, snippit, figure out why it's working, and try to replicate it in diffferent ways, really helps you learn. So Mr.Hodges, even if you did what the gentlemen told you about java, I still think someone will find their way into your script, people could FTP your site, crack the user name and pass, quite easily I must say, and gank your stuff by force, if you somehow built a script or program, that kept everyone out of your stuff, then you would become thetarget of many hackers, and one of them evil genious's would finally get in, and when they do they are going to let you know they were there.
So I suggest you focus more on learning code, than hiding it, for now.

Code One

Originally posted by Code One
...and gank your stuff by force...



Code One

I've never heard that expression used before, and it cracked me up when I saw it...

Ganked Lmao. :)

rt designs is gonna be a web design company once i get everything sorted and finsihed :cool:

spammer...spammer...spammer....woo, woo, woo, LOL JK ;)

whose a spammer?? we know zachzach is :p

There is a progam called TagsLockPro 'n' there is a option to hide the source code of your html document and there is a javascript to scramble the source code source code encripter (http://www.dynamicdrive.com/dynamicindex9/encrypter.htm) is not 100% foolprof but works.

well THIS tool really rocks!

didn't believe that something like that is possible.

saint

yeah thats good but if like we say if some1 knows what youve done then they can get the code back :D

Here's the decrypter, if anyone's interested :rolleyes:

<script type="text/javascript">
code = "%3Cb%3Etest%3C/b%3E";
document.write("<textarea rows=\"5\" cols=\"50\">"+unescape(code)+"</textarea");
</script>

hey, if you can't hide the code, you can always try and distract people who do view it...
check out the source to this site: http://www.ths.nu/

and that distracts us how????!, its the same as any sites code

Originally posted by Code One
So Mr.Hodges, even if you did what the gentlemen told you about java, I still think someone will find their way into your script, people could FTP your site, crack the user name and pass, quite easily I must say, and gank your stuff by force, if you somehow built a script or program, that kept everyone out of your stuff, then you would become thetarget of many hackers, and one of them evil genious's would finally get in, and when they do they are going to let you know they were there.
So I suggest you focus more on learning code, than hiding it, for now.

Code One

If you went through everything I was talking about, I don't think you could get round it, because there would be no way to get the unencrypted source code.

If your FTP password is that easy to crack, then you're stupid. Mine requires secure login, only works from a selected set of computers and the password is 25 letters long, all random. Hard to remember, but very secure.

'Evil geniuses' would be more likely to DOS your site to knock it off the web.

And if you are worried enough about your code to go to those extremes the risks of exposing your code must be pretty extreme, so it would be worth it.

Thanks for the tip!:cool:

The only thing I can think of would be an external script... or you could use asp or XML or one of those new things I know absolutely nothing about to hide ur code... I think if a hacker wants in, hes ganna get in!

asp: Active Server Pages :
A server side scripting language that allows pages to be dynamically created by the server. However, they still have to use HTML or XML like normal, so no help here.

XML: eXtensible Markup Language :
The big brother of HTML, and many other languages. Wouldn't help, because XML is no more powerful, with regard to scripting languages, than HTML.

The only way to hide the code is to stop the view source command, by controlling the broser yourself. For example by displaying the page in an applet, or writing a view source killing plug in - although I can't see people liking that one!

You can use this code to stop right clicking:

<script language="JavaScript">
function right(e) {
if (navigator.appName == 'Netscape' &&
(e.which == 3 || e.which == 2))
return false;
else if (navigator.appName == 'Microsoft Internet Explorer' &&
(event.button == 2 || event.button == 3)) {
alert("Ooops! Wrong Click");
return false;
}
return true;
}

document.onmousedown=right;
document.onmouseup=right;
if (document.layers) window.captureEvents(Event.MOUSEDOWN);
if (document.layers) window.captureEvents(Event.MOUSEUP);
window.onmousedown=right;
window.onmouseup=right;
</script>

But you can still use the view button across the top and then go to source.

Originally posted by hodgesj312
...But you can still use the view button across the top and then go to source. Which makes it useless, and an annoyance to visitors. Why, oh why do people use them?

Ok, ok give me a break it was just a suggestion!

:mad:

If you went through everything I was talking about, I don't think you could get round it, because there would be no way to get the unencrypted source code.

If your FTP password is that easy to crack, then you're stupid. Mine requires secure login, only works from a selected set of computers and the password is 25 letters long, all random. Hard to remember, but very secure.

'Evil geniuses' would be more likely to DOS your site to knock it off the web.

And if you are worried enough about your code to go to those extremes the risks of exposing your code must be pretty extreme, so it would be worth it.


__________________
Your the only person I know that has a 25 letter password, for anything. I bet I could get into your FTP....lol. By the way if you had a code that blocked people from getting it, I guaruntee it wouldnt stay safe for very long, I guaruntee that there is no possible way to ever hide code, if a man broke out of alcatraz, then a man can break into one.

Code One

Ok, ok give me a break it was just a suggestion!Conduct some actual research on the subject rather than throwing out random and ill-conceived ideas, then we will give you a break. Otherwise you're just wasting our time.

Same with Kîñg øf ÐëåЧ10. If you had researched the encoder you linked to you might have noted that it is nothing more than JavaScript's escape() function. Thus the reverse is nothing more than unescape(), as Pyro had demonstrated.

If you went through everything I was talking about, I don't think you could get round it, because there would be no way to get the unencrypted source code.What is this you are referring to? Actually, nevermind. I don't even need to see it to know it won't work. Unless some extreme change is made for how the World Wide Web works, there is no way to hide your source. That's it. There is no grey area. You simply can't do it. Accept it and get on with life.

Alright ladies in gentlemen, Code One has just made a legendary webdevelopment discovery, how to hide code from everyone. I made a page, because I figured I outta stop talkin about it, and just do it, this example is exsclusive to you, because I love you. Please go here:

http://home.insightbb.com/~kingx2003/ST/index.htm


Now I inputted a comment in my script, with a phrase for you to post back here if you manage to get into my code, so remember if you do, post it here, and prove me wrong, if I prove you wrong, bring your admittance here as well, and I will teach you how I did it, if you want to know.

Code One

P.s. also posted in general

<!--if you get to here, congrats you proved me wrong, and to actually prove to me you were here, say the magic words, (Hocus Pocus)-->



Took me all of about... 5 seconds.

And...:D




I'm not nearly a Web Guru. ;)

did you do that, I've been provin wrong, good job, please share.

Code One ;)

ok i just need a scrpit to get rid of teh rite click stuff, i had one but i dont wnat it and i delted teh script from my pages but it is still there and i need to know how to get rid of it

www.modfreaks.host.sk

do you mean you added a no right click script to your page and tried to delete it and it is still there? If so, then try deleting the file from your FTP and reupload the revised version. Other than that I have no I idea what your talkin about.

sorry

Code One

so i can delte that page and then redo it? cus i dont wnat to have to make my site over and i saw somewere a script to remove the no rite click

dont worry about it, just open your FTP program, locate the bad file(s) and delete them, and then just re-upload their revised versions, just keep in mind that you maintain the exact same file names, so you don't have a problem with your links and crap. Think of it is an interchangeable part like in an engine, a piston goes bad, just remove and replace, no need to replace the whole motor. ;)

Like the analogy?

Code One

thnkyou i will try that

Originally posted by Code One
did you do that, I've been provin wrong, good job, please share.

Code One ;)

It was quite easy, you can do it in any browser. I did it in Moz, because I cannot view the source of ANY website no matter what I do in IE6. If I right-click, and then select "View Source" nothing happens. The button to view it on the browser is always disabled, and if I select "View>> Source," still, nothing happens. I'm very angered. Back to the point...


Look at your keyboard, man. Check out the right Ctrl button. Hop one button to the left, and check out that button. You hit it... displays the li'l menu that you get when you right-click. You hit V (View Source shortcut), and baddabing. It's what I use to get around annoying right-click scripts.

o i know that i wnat ti off ym site thought cus it annoys me and ppl

www.modfreaks.host.sk i ahve delketed the javascript from all my pages but nope it is still there i just wnat it gone

It appears you have not deleted it off your site, because I nabbed this off the page you linked to in your post.


<script language="JavaScript">
<!--
function right(evnt) {
if (navigator.appName.toUpperCase().match(/NETSCAPE/) != null) {
if (evnt.which >= 2){
alert("Darkcrystal.net OWNS YOU!!!.");
return false;
}
}
else
if (event.button>=2)
alert("Darkcrystal.net OWNS YOU!!!.");
}
document.onmousedown=right;
if (document.layers) window.captureEvents(Event.MOUSEDOWN);
window.onmousedown=right;
//-->

</script>

i saw that but when i open up the index with my FTP it dont show any of that. but when i push teh veiw source it shows it what do i do do u got AIM or MSN?

I don't have any experience with FTP, so I'm not sure if I could help you there... I just never got the reason to use an FTP program... :confused:


Yes, I have both AIM and MSN.

what is it i want to talk to u on aim

AIM: SchizophrenicSTD

(STD==Super Terrific Dude)

i think the code could be hidden because my friend it and so i dont know how but he is a computer wiz(i would ask him but i dont knwo his msn) but i think he might have hidden it? i unno

my aim supermod03

listen it isnt hard to do.

Step by step guide to FTPing:

1. Load your FTP Program.
2. Log into your server.
3. Look threw your ROOT, locate bad files.
4. Right click file, and select delete.
5. Move over to your C: drive side, and dbl click the new version of the file you just deleted.
6. The program should do the rest, it configures the binary and all that boring crap.
7. Wait for the files to upload, you will know they have when they are showing once again in the server side of the program.

What I mean by server side and C: drive side of the program is that the program should basically have three windows, or really frames. The top one should tell you whats happen with log in and upload, delete, any kind of action taken place on your FTP site. Then there are two more below and side by side, the left side is your C: drive, and the right side is your server side. After all is done, log out and go to your page and check the source and see if it worked.

I recommend you get CuteFTP for a FTP program, it isnt very powerful, but it is highly user friendly, compared to others. Plus it's free!!!!

One other way to upload files to your FTP is to use your browser. Just go to your Ftp location, actually type in the address in your address bar. Something like:

ftp://YourUsername:YourPassword@YourServer.com/

Once your loged in you should see all your files just right click the files you want to change and delete them, then open "My Documents" or whatever folder you think is fastest route to your website files, once there, drag and drop each revised file into your ftp window, it will upload it for you, I think it only works with IE, so use that to do this way.

I really cannot explain this any better, just go get CuteFTP and use that, or use your browser, it's real simple, once you do it a couple times you'll be like, 'man...what was I worrying about.'

Good Luck!

Code One

this post went from how to hide code to how to reveal it...puzzling indeed...lol



Code One

The circle is now complete! Muwahahahahaha!!! My Evil Genius Web Designer Plan for taking over the internet is moments away from being complete! Muwahahahahahaha!

'cos if that guy wants to get rid of that right click it doesnt mean he cant keep people from gankin his mod pics, all he's got to do is put a alpha opacity pic layer over each and when someone goes to right click and steal, they will simply be stealing a picture which is certainly not what they wanted. So there...LOL!!!

Code One


P.s. but if you do take over the net act like I never said that, I wanna be the vice president and spy on people while they are in *****Peer programs and chat rooms, and eventually directly into their homes via satellite, you know like the CIA!!!

I need to know how to get rid of it it is dumb and anoying i hate it i dont care if ppl takje my pics

Originally posted by Paul Jr
...in IE6. If I right-click, and then select "View Source" nothing happens. The button to view it on the browser is always disabled, and if I select "View>> Source," still, nothing happens.
The fix: http://forums.webdeveloper.com/showthread.php?s=&threadid=14779#post78188

Yeh, but you can still go to the img by just typing in the address of the site and then /img.gif

hey

when i view teh wource on my ewb site ti shows the rite click blocker. but when i open up the index in my FTP prgram it will not show any javascript? cus i know the right vclick is still there it jus doenst show it?

on your server side of the window? If you did it should show you a menu and within that menu should be edit, click that and it will show you the entire source. If it doesnt then that is very strange. Did you try deleting the file and reuploading the new version? If not do that.


regards

Code one

hodgesj312
Member

Registered: Nov 2003
Location:
Posts: 9
Yeh, but you can still go to the img by just typing in the address of the site and then /img.gif


You can chop the image in blocks and positin them together on the page, throw a clear layer over them, and make it all that much harder to steal, so there!!! LOL

Code one

Print Screen would work well.... ;)

you smarty pants, lol...alright then I would add some dang text to them as well, all over it, ...well actually that wouldnt be good either, cause then your pictures would be hard to see.

Dang you pyro, jk, lol

code one

code one

i am using cute ftp and when i right click the file it shows edit, view delete ect........ but now when i click edit it just open it but it doenst show the right clcik down java script

Look at your keyboard, man. Check out the right Ctrl button. Hop one button to the left, and check out that button. You hit it... displays the li'l menu that you get when you right-click.

Is there any way to block this button? That would probably make code1's little script more secure.

Neil

You can always just type view-source:url to view the source of the url without the page being loaded.

Originally posted by pyro
The fix: http://forums.webdeveloper.com/showthread.php?s=&threadid=14779#post78188


I think I accidentally already did that... 'cause a few days ago, it seemed to fix itself after I had screwed around with the Internet Options.

Wow, this thread just won't die!

Another way to look at the javascript code that will get around pretty much all the trickes suggested here is to debug the browser with something like InterDev and IE. At some point, the javascript needs to be held in the browser in a non-encrypted form so that it can be executed. At this point a debugger can display it in all its glory.

As with anything in the security business, there's no such thing as perfect security. But there is 'enough' security - i.e. just enough to make it not worth the effort. Judging just how much worth there is and how much effort is needed is the fun part.

My question: Can you "hide" a key somewhere in the code and scramble what the
viewer would see if he did use either the mouse right click or the ICON VIEW/SOURCE?
The code scramble would be initiated by any of the "view source" commands. A "legitimate" entry
by the WEB page designer would be by some other unique command.

Instead of expected code he would see )(*&&^^%^%!_*!*!&, etc. The plot -- make it difficult to see the code
and only a few would take the time to root it out.

I'm new at this and should know better to enter in this dialog.
ZING ME and I'll go back to reading and learning.

Newathis

Unless you plan on requiring the user to enter a password to view the page, no. If the page must unscramble (decrypt) itself in a automatic process then that means everything any user would need to to decrypt the source made available to them.

Originally posted by cijori
You can always just type view-source:url to view the source of the url without the page being loaded.

That doesn't always get you everything you want. Here's a page done by Adam Brill as an example.

view-source:http://www.code4ever.com/try3/index.php

You won't find "This code is HIDDEN!!! You might as well not even try to view it... ;)" anywhere in the source.

Note: There is NO WAY to <EDIT> allow a page to render and simultaneously </EDIT> prevent viewing the source of a web page without some form of "Trustworthy Computing" being forced on the client side at both the software AND hardware levels (and even then, with sufficient resources, it should be obtainable). Everyone currently selling software that will allegedly prevent viewing of the page source code is either an outright fraud or an idiot.

I didn't bother to read the 7+ pages of responses, but, did you know Mozilla can get through any script like that in seconds. it has a script that prevents the right-click hiding, and just by going up to a menu you can see the html printed by javascript--after it is unscrambled by the browser(it's called inspect XML). Yes, the key-combo to open it cannot be blocked. other related fratures is disabling "window.status" that hides the destination of the links when you roll over them.

http://www.vortex-webdesign.com/help/hidesource.htm - a way to really hide your page source, do please ignore the junk I just posted up above.

Lol... number 9 is very true... :p

Re: Adam Brill's http://www.code4ever.com/try3/index.php
You won't find "This code is HIDDEN!!! You might as well not even try to view it... " anywhere in the source.
That's not quite true, it's right next to the comment that says<!-- This is the comment to find. Good Job. :) -->
Nice try though:D

Plus it doesn't always quite seem to work... Mozilla doesn't like it.

Probably because of the bit of code that says this:if (navigator.appName.indexOf("Microsoft") >= 0){document.location="code.php";}

Originally posted by LittleRed
hey, if you can't hide the code, you can always try and distract people who do view it...
check out the source to this site: http://www.ths.nu/

hahahaha thats a good one, I should have that one in my source as well.

know any others?

Gollum, how about telling us all how you broke it? I'm trying to fix every problem that I can as I go here... ;)

BTW, I still know several ways of breaking it, and never claimed that it was unbreakable... I just want to make sure everyone knows that. :D

If I typed in this code for the style:

<!--
.FormObjectStyle {
background-color: #00FF00;
border-color: #0099FF;
border-style: solid;
border-width: 2;
color: #000000;
font-size: 10pt;
font-family: Comic Sans MS;
}
-->

and instead of a background colour for the object I want a background image. How would I do that??

Thanks.

:confused:

hi,
i got some code that might be bit bigger but seems to work out fine in several browsers, even with it in a seperate source file:

function click(e) {
var message="Sorry, that function is disabled!";

if (document.all) {
if (event.button == 2) {
alert(message);
return false;
}
}

if (document.layers) {
if (e.which == 3) {
alert(message);
return false;
}
}
}
if (document.layers) {
document.captureEvents(Event.MOUSEDOWN);
}
document.onmousedown=click;

just check it and let me know if it works like i think it does.
having the source in a seperate file and/or working in frames makes it a bit more confusing to get to the source code,
and there are some html compressors that do a nice job in hiding source.

No, it does not work like you think it does... Anyone can simple hit view->source to get around it.

well, that's where the use of frames comes in, or, you can hide the code in a encrypted file somewhere else on youre site.

How about disabling JS? I don't care how good of a script you get, if JS is disabled I can still right-click, right? So then how can a no right-click script possibly help? All anyone has to do is turn off JS and that script is completely useless...

Maybe you should just take our word for it that no right-click scripts are useless. ;)

BTW, take a look at the link that CardboardHammer posted(http://www.code4ever.com/try3/index.php). I created this just to see how close I could get to hiding the source. It is the closest I've ever seen to actually getting it done, but as you will see, right-clicking works fine. I realized that no right-click scripts are completely useless, so I didn't even put it in...

If you read my post properly you would of seen it told you about that con.

Adam,

I broke it by first starting IE on a blank page and selecting "Script Debugger --> Break at next Statement". Then I typed in the URL and it stopped at the first line of Javascript. Very similar in a way to disabling Javascript except you get to step through it.

Then it was a case of stepping in and in until I reached the real code in code.php

Nice one though. I like the way it covers all its tracks by wiping the reference to its source page at the last minute :D

Originally posted by hodgesj312
If you read my post properly you would of seen it told you about that con. If your talking to me, I have no idea what your talking about... I was commenting on anaw007's post, not yours...

Hmm... That's a new way, Gollum. I didn't even know you could do that. I'm now going to look into how to fix it... ;)

PS. I'm interested to know - how does your code.php know the difference between normal usage and someone typing it in the address bar?

whats this about a "Script Debugger --> Break at next Statement" command?

how do i get to it?

newbie question im sure, but hey, every1s a newbie at one time or another...

Here is how to hide javascript code with PHP:

Create this PHP file with your <script> declaration:


<?
session_start();

$_SESSION["html_time"]=time();

?>
<html>
<head>
<script src="jsencode.php" type="text/javascript"></script>
</head>
<body>
<script type="text/javascript">
//<![CDATA[
document.write(test); // To show you it works!
//]]>
</script>
</body>
</html>


Create teh "jsencode.php" file as follows:


<?
session_start();
$script_time=time();

if ($script_time<=($_SESSION["html_time"]+1)){
header("Content-type:text/javascript");
include("jsinclude.js");
} else{

echo "// No code for you buddy!";
}
?>


Finally, create your REAL javascript source file and name it "jsinclude.js"



// This is your real javascript file
// JUST A SAMPLE

function showtip(obj){
if (obj.getAttribute("tooltip")!="null"){
tt=document.getElementById("xTooltip");
tt.style.left=(obj.offsetLeft+(obj.offsetWidth))+"px";
tt.style.top=(obj.offsetTop+obj.offsetHeight)+"px";
tt.style.visibility="visible";
tt.innerHTML=obj.getAttribute("tooltip");
}
}

function hidetip(){
tt=document.getElementById("xTooltip");
tt.style.visibility="hidden";
}

var test="this is my test text";


Then, load up "jsencodehtml.php" in your browser. Try to view the javascript source code file separately.

Here is a great Javascript encoder:

http://dean.edwards.name/packer/

Here is a great Javascript encoder

The problem with scripts such as this, unfortunatly, is that all you need do is change eval to document.write. There's no need to even try to decipher the rest.

Originally posted by Jeff Mott
Here is a great Javascript encoder

The problem with scripts such as this, unfortunatly, is that all you need do is change eval to document.write. There's no need to even try to decipher the rest.

Go ahead and try big shot ;)

I already had. Worked just fine. Was it not supposed to?

I stand corrected. My word-wrap was on when I tried it. But the other solution that I posted a few posts ago works very well usnig PHP and session state.

Originally posted by crh3675
I stand corrected. My word-wrap was on when I tried it. But the other solution that I posted a few posts ago works very well usnig PHP and session state. Actually, it does not work very well. It took me a very short amount of time to break it(most of the time that it did take was me copying your code into pages so that I could try it).

Which post are you speaking about?

I'm talking about the post where you gave all of that code...

How did you break it? I assume it is easy to break if you know what is running it in the background.

If you view the page, then view the script file, it will pull it out of the cache rather than downloading it again, thus you get the actual script file rather than the comment that you had as the error. Basically since the page is getting rendered, it is on my computer and I can view it...

Are you talking about viewing this file:

jsencode.php

The only way I was able to view it was by quickly clicking between both pages (jsencodehtml.php and jsencode.php) .

Yes, that is the file I am talking about. If you set the browser to pull the file from the cache rather than re-downloading it, you can just view the file and it will pull it from the cache which will be what it loaded the first time, therefore your PHP code is not running and it will give me the source to the js file.

Basically I am just not giving the PHP a chance to run, so it takes out the usefullness of your code. It will help to stop the inexperienced users, though...