|
|
 jeffrey Afable - 2011-10-11 16:35:59 When you view source the script the php script will not be executed, but if you refresh it then thats the time the code or the session will change.
 Raul Molnar - 2011-10-12 17:30:46 - In reply to message 1 from jeffrey Afable
jeffrey Afable - 2011-10-13 02:12:12 - In reply to message 2 from Raul MolnarHere is your code :)
// JavaScript Document
$('.moveable').mouseover(function() {
var mx=screen.availWidth-$(this).width();
var my=screen.availHeight-$(this).height();
var d=0;
var m=Math.ceil(Math.random()*3+1);
while (blocked($(this),d,m)==true) {
var d=Math.ceil(Math.random()*4);
}
//alert(d);
if (d==1) {
var np=$(this).position().left+$(this).width()*(m-1);
$(this).animate ({
left:np+'px',
}, 200, function() {
});
}
if (d==2) {
var np=$(this).position().top+$(this).height()*(m-1);
$(this).animate ({
top:np+'px',
}, 200, function() {
});
}
if (d==3) {
var np=$(this).position().left-$(this).width()*(m-2);
$(this).animate ({
left:np+'px',
}, 200, function() {
});
}
if (d==4) {
var np=$(this).position().top-$(this).height()*(m-2);
$(this).animate ({
top:np+'px',
}, 200, function() {
});
}
});
function blocked(x,d,m) {
if (d==0) return true;
if (d==1) if (screen.availWidth < (x.position().left+x.width()*m)) return true;
if (d==2) if (screen.availHeight < (x.position().top+x.height()*m)) return true;
if (d==3) if ( (x.position().left-x.width()*m)<=x.width()) return true;
if (d==4) if ( (x.position().top-x.height()*m)<=x.height()) return true;
return false;
}
Raul Molnar - 2011-10-13 07:48:08 - In reply to message 3 from jeffrey AfableI get it, thanks for reply will fix this as soon I can. But else in standard browser like ie or ff can you see the code?
jeffrey Afable - 2011-10-13 08:03:18 - In reply to message 4 from Raul MolnarYap. I already tried this technique before and I seen it not applicable. Because in first viewing the source code of the page, the browser will not reload the page that is being view source if you just copy and paste the link then it will reload the php script. And I think also if the user download page source of the page almost all js,css,img are also downloaded. I think :)
jeffrey Afable - 2011-10-13 08:03:28 - In reply to message 4 from Raul MolnarYap. I already tried this technique before and I seen it not applicable. Because in first viewing the source code of the page, the browser will not reload the page that is being view source if you just copy and paste the link then it will reload the php script.
Yakim - 2011-11-02 05:16:53 - In reply to message 1 from jeffrey Afable"But else in standard browser like ie or ff can you see the code?"
Respectfully, Raul, it's naive to expect that anyone intent on "reading the code" will simply attempt "ViewSource" via a "standard browser" and then give up.
Chrome F12 inspector
Firefox Firebug extension
Firefox Tamper Headers extension
Really, this method of "protection" will be fairly useless considering how many users are familiar with these common tools.
Also, unless something else in the page is already dependent upon jquery... I can't abide "bringing an extra 247Kb to the party" just to gain the convenience of placing a $ selector vs calling document.body.append()
When I read the class description, I expected to see that your code employed a "nonce". That (a "nonce"), along with no-cache header directive(s) might be a more effective (still not bulletproof) approach.
Hey, while you're at it, add a wrapper and apply a salt to obfuscate the js code... and have the php script (the script which returns the ajax response) fread() the javascript source; just return the salted js code (vs divulging the URL of the js sourcefile)... and, check refereeer (if blank, or refereeer != file1, or whatever, just die() eh) in case the seeker attempts to copy/paste the file2.php URL into their address bar.
|
