如何知道php文件是从源代码加载的
我正在处理我的 JS 文件,我现在拥有的是一个带有 JS 标头的独特 php 文件,如果设置了变量,它将包含真正的 js 文件,这很好。
“主页”页面具有 php-js 文件的脚本标记:
<head>
<script type="text/javascript" language="javascript" src="bootstrap.php"></script>
</head>
bottstrap.php 文件具有类似以下内容:
if(isset($hostData) && !empty($hostData)) {
include('bootstrap.js');
}else {
echo "document.write('<center><bold>PLEASE DO SOMETHING...!</bold></center>');";
}
所有这些似乎都很好,但是在查看源代码 (CTRL+U) 时,浏览器会显示“bootstrap.php”。 php”部分作为链接,如果单击它显然会重定向到 http://mydomain/bootstrap.php 和 js代码可以很容易地看到了,这正是我不想要的...
所以我的问题是,是否有任何 php 方式可以知道文件是从浏览器的“渲染视图”加载还是从浏览器的“源代码”加载视图”???
非常感谢任何帮助 =)
I'm working with my JS files, what i have now is a unique php file with JS header, if a variable is set it includes the real js file, which is fine.
The "home" page has the script tag for the php-js file:
<head>
<script type="text/javascript" language="javascript" src="bootstrap.php"></script>
</head>
the bottstrap.php file has something like:
if(isset($hostData) && !empty($hostData)) {
include('bootstrap.js');
}else {
echo "document.write('<center><bold>PLEASE DO SOMETHING...!</bold></center>');";
}
all that seems to be fine, however when viewing the source code (CTRL+U) the browser shows the "bootstrap.php" part as a link, if clicked it obviously redirects to http://mydomain/bootstrap.php and the js code can be easily seen, which is exactly what i don't want...
So my question is, is there any php-way to know if the file is being loaded from browser's "rendering view" or being loaded from browser's "source code view" ???
Any help is truly appreciated =)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
简而言之,不。您无法向用户隐藏脚本源。你能做的最好的事情就是使用像 YUICompressor 这样的工具来混淆它。
In short, no. You can't hide your script source from your users. The best you can do is obfuscate it using tools like YUICompressor.
您无法隐藏 javascript 代码。它需要由客户端执行,即使你试图通过糟糕的代码格式来隐藏它,像 firebug 这样的工具也可以轻松地内省代码并提取代码。
There's no way you can hide the javascript code. It needs to be executed by the client, and even if you try to hide it by formatting your code badly, tools like firebug can easily introspect the code and pull out the code.
说实话,我不认为你真的可以这样隐藏它。我假设您要做的最好的事情是用户代理字符串,但我假设如果您在浏览器中“查看源代码”,它仍然会发送常规标头。
我能想到的添加 JS include 的唯一方法是在查看源模式下不显示它,即通过 javascript 实际加载外部文件(您甚至可以将 js 文件的路径分解为变量,这样它就不是真正的人类可读的)我不建议这样做。
如果有人想获取你的 javascript,他们将没有办法避免。
To be honest I don't think you can actually hide it like that. I'm assuming the best thing you've got to go on is the useragent string but I'm assuming if you "view source" in a browser it would still send the regular headers.
The only way I can think of adding the JS include without it appearing when in view source mode is to actually load the external file via javascript (you could even break the path of the js file into variables so it isn't really human readable) which I would not advise.
If someone wants to get at your javascript they will there no is way of avoiding it.
你不想让JS被看到,但你又想用它???
如果您希望在页面中使用 js 文件,则您的代码有问题。
您需要包含/需要该文件:
否则浏览器将加载引导程序文件的内容,但您想运行其中的代码(这只能在服务器上完成)。
另外:
通过重新阅读您的问题(和其他答案)将:更改
为
编辑
,这正是您想要的:使您的JS代码不可见(如果错误请纠正我)。
答案是:不可以。
您可以尝试混淆代码,但想要查看代码的人需要几秒钟才能“解码”。
You don't want the JS to be seen, but you do want to use it???
There IS something wrong with your code though if you want the js file to be used in your page.
You need to include / require the file:
Otherwise the browser will load the contents of the bootstrap file, but you want to run the code inside it (which can only be done at the server).
Also:
change:
to
EDIT
by re-reading your question (and other answers) that's exactly what you want: make your JS code invisible (correct me if wrong).
The answer to that is: No cannot be done.
You can try to obfuscate the code but it will take someone who wants to see it seconds to 'decode'.
尝试使用
$_SERVER["HTTP_referer"],其中包含调用此文件的 URL。Try using the
$_SERVER["HTTP_referer"], which have the url that called this file.我真的很抱歉从这里消失了......
我决定实施的最佳解决方案非常简单:不要在 JS 代码中显示任何 URL 或 PHP 文件;所以在过去的几个月里,我使用了一个独特的 PHP 文件来执行所有必要的数据库查询,一个存储过程从 JS 动态生成所需的所有 URL。
这样,URL 每次都会有所不同,我所说的“糟糕的逻辑”可以免费供用户查看/复制,但我不介意,尽管服务器数据是安全的。
感谢大家的宝贵回答!
I'm really sorry for disappearing from here...
The best solution I decided to implement is quite simple: don't show ANY URL or PHP files within JS code; so during last months I've used a unique PHP file to do all necessary database queries, a stored procedure generates dynamically all the URL's needed from JS.
In that way URL's vary every time and what I've named "poor logic" goes free for users to view/copy I don't mind that while server data is secure.
THANKS ALL FOR YOUR VALUABLE ANSWERS!!!