No ****

Any problem with javascript can be discussed here.
Lixas
Posts: 750
Joined: Wed Feb 16, 2005 4:21 pm

Post by Lixas »

Flipper3 wrote:When looking over it...it is almost impossible because you have 2 php files which it is IMPOSSIBLE to steal a php file's source.
If web server is correctly configured, you will not see any php source. javascript's no right **** script is designed to prevent stealing html objects (text, images and so on)


Image
Flipper3
Posts: 353
Joined: Tue Feb 28, 2006 12:34 am

Post by Flipper3 »

Lixas wrote:If web server is correctly configured, you will not see any php source. javascript's no right **** script is designed to prevent stealing html objects (text, images and so on)
It is impossible to see any php source no matter the server configuration. (Well...possible but 99.9999999999999% of the time that is never done.)

On your website I can right **** in Firefox. :D
Lixas
Posts: 750
Joined: Wed Feb 16, 2005 4:21 pm

Post by Lixas »

but the source that you can see in my website with right **** is not, that paint a picture, paints a sophisticated table on so on, so you can not realy steal my website's source :P
Image
Flipper3
Posts: 353
Joined: Tue Feb 28, 2006 12:34 am

Post by Flipper3 »

Lixas wrote:but the source that you can see in my website with right **** is not, that paint a picture, paints a sophisticated table on so on, so you can not realy steal my website's source :P

Exactly...just like my website. It is a text-based game coded in PHP so nobody can steal the source.

So therefore, your site is not protected by no right ****. It is protected by the basics of PHP; that it hides your script source. So once again source hiding prevails since I can still see all of your non-PHP source.
Tails5
Posts: 1302
Joined: Wed Mar 15, 2006 8:09 am
Contact:

Post by Tails5 »

[html]<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1257" />
<title>Playoff's</title>
</head>
<script type="text/javascript">var SAJA_PATH="./classes/saja/"; var SAJA_HTTP_KEY="1621f677dbebb70e8484a6d53415f18a"</script>
<script type="text/javascript" SRC="./classes/saja/saja.js"></script>
<script type="text/javascript">
function change_image(image_src, element_id)
{
****.getElementById(element_id+'k').src='./images/gif/'+image_src+'.gif';
}

function change_rez(rez, element_id)
{
//alert('Element: '+ element_id+' Value: '+rez);
****.getElementById(element_id+'r').innerHTML=rez;
}
</script>
<body onload="saja.run('','page','r','innerHTML',this,'d80c6a5b501e446066f844e820918357','aec9a921e597c4df308482094ac5d602');">
<div id="page">
<div id="preview_image"></div>
<div id="gen_table">
</div>
<div id="gerated_image"></div>
</div>
<div align="center" id="sajaStatus" style="visibility:hidden; position:fixed; left:45%; top:49%"><b><img src="./images/ajax-loader.gif">
Please wait while loading...</b></div></body>
</html>[/html]

Code: Select all

var saja = {
procOn:0,
ClearAlert: function(doClear){
if(!doClear){
if(saja.timeOut)
clearTimeout(saja.timeOut)
saja.timeOut = setTimeout(function(){saja.ClearAlert(1)},6000)
}
else{
ob=****.getElementById('alertOutput');
ob.innerHTML = '';
clearTimeout(saja.timeOut)
}
},
ChangeIndicator: function(ob,procStatus){
var s = ****.getElementById('sajaStatus');
if(!s) return;
//saja is working
if(procStatus){
if(ob && ob.style) ob.style.cursor = 'wait';
****.body.style.cursor = 'wait';
s.style.visibility = 'visible';
}
//saja is finished
else{
if(ob && ob.style) ob.style.cursor = 'default';
****.body.style.cursor = 'default';
if(s) s.style.visibility = 'hidden';
}
},
NewReq: function(){
if(window.XMLHttpRequest)
try{return new XMLHttpRequest();}catch(e){}
else if(window.ActiveXObject)
try{return new ActiveXObject("Microsoft.XMLHTTP");}catch(e){
try{return new ActiveXObject("Msxml2.XMLHTTP");}catch(e){}}
},
run: function(php, id, act, property, ob, session_id, proc_file){
if(!proc_file) proc_file = '';
if(req = saja.NewReq()){
if(!saja.procOn)
saja.ChangeIndicator(ob,1);
saja.procOn++;
saja.ExecReq(req, php, id, act, property, SAJA_PATH + 'saja.process.php', ob, session_id, proc_file);
}
},
ExecReq: function(req, args, id, act, property, file, ob, session_id, proc_file){
req.open('POST',file,true);
req.send((SAJA_HTTP_KEY ? escape(saja.rc4(SAJA_HTTP_KEY, args)) : args) + '<!SAJA!>' + session_id + '<!SAJA!>' + proc_file);
req.onreadystatechange=function(){
if (req.readyState==4 && req.status==200){
actions = req.responseText.split('<saja_split>');
if(actions[0])
saja.Put(actions[0], id, act, property)
if(actions[1])
eval(actions[1]);
saja.procOn--;
if(!saja.procOn)
saja.ChangeIndicator(ob,0);
}
}
},
Put: function(content, id, act, property){
if(!id) return;
if(property){
try{ob = ****.getElementById(id);}catch(e){}
if(act=='p')
ob[property] = content + ob[property];
else if(act=='a')
ob[property] += ob[property];
else if(property.split('.')[0]=='style')
ob.style[property.split('.')[1]] = content;
else
ob[property] = content;
}
else
window[id] = content;
},
Get: function(id, property){
if(!property)
return saja.phpSerialize(id);
return saja.phpSerialize(****.getElementById(id)[property]);
},
phpSerialize: function(v){
var ret = '';
if(typeof(v)=='object'){
var len = v.length;
if(len){
ret = 'a:' + len + ':{';
for(var i=0; i<len; i++){
ret += 'i:' + i +';'
ret += 's:' + (v[i]+'').length + ':"' + escape(v[i]) +'";'
}
ret += '}';
} else {
len = 0;
for(var i in v) len++;
ret = 'a:' + len + ':{';
for(var i in v){
ret += 's:' + i.length + ':"' + i +'";'
ret += 's:' + v[i].length + ':"' + escape(v[i]) +'";'
}
ret += '}';
}
} else {
ret += 's:' + (v+'').length + ':"' + escape(v) +'";'
}
return ret;
},
SetStyle: function(ob, styleString){
****.getElementById(ob).style.cssText = styleString;
},
rc4: function(pwd, data){
pwd_length = pwd.length;
data_length = data.length;
var key = []; var box = [];
var cipher = '';
for (var i=0; i < 256; i++){
key[i] = pwd.charCodeAt(i % pwd_length);
box[i] = i;
}
for (j = i = 0; i < 256; i++){
j = (j + box[i] + key[i]) % 256;
tmp = box[i];
box[i] = box[j];
box[j] = tmp;
}
for (a = j = i = 0; i < data_length; i++){
a = (a + 1) % 256;
j = (j + box[a]) % 256;
tmp = box[a];
box[a] = box[j];
box[j] = tmp;
k = box[((box[a] + box[j]) % 256)];
cipher += String.fromCharCode(data.charCodeAt(i) ^ k);
}
return cipher;
},
getForm: function(f){
var vals = {};
for(var i=0; i<f.length; i++)
if(f[i].id)
vals[f[i].id] = f[i].value;
return vals;
}
}
I think that's it... not sure though, the second thing is the ./classes/saja/saja.js that I saw in the original source
Webmaster Yoda: You must confront the cPanel. Then, and only then, a webmaster will you be.
Julius Caesar: Veni, vidi, posti
Lixas
Posts: 750
Joined: Wed Feb 16, 2005 4:21 pm

Post by Lixas »

yes, it's the source that is passed to the user, but where does it paint table, where does it paint generator's image ? :P this code that you have posted paint an animated image "loading" and that all. all other page item's come in ajax way :)
Image
Tails5
Posts: 1302
Joined: Wed Mar 15, 2006 8:09 am
Contact:

Post by Tails5 »

Well I'm stumped here >_> I'd need file access to the server to do it :(
Webmaster Yoda: You must confront the cPanel. Then, and only then, a webmaster will you be.
Julius Caesar: Veni, vidi, posti
Lixas
Posts: 750
Joined: Wed Feb 16, 2005 4:21 pm

Post by Lixas »

so, this is a true example how to hide page content :P also, add anny right **** disabling script, and your page content is safe for noob haxorz :) higher level |-| 4 ( |( 3 R would steal your web content anyway :p
Image
Tails5
Posts: 1302
Joined: Wed Mar 15, 2006 8:09 am
Contact:

Post by Tails5 »

I've worked out how to do it, but I'm too lazy to hack your server (and it'd be illegal to top it off), since it's all executed on the server side, scripts that download the file won't work :(
Webmaster Yoda: You must confront the cPanel. Then, and only then, a webmaster will you be.
Julius Caesar: Veni, vidi, posti
Lixas
Posts: 750
Joined: Wed Feb 16, 2005 4:21 pm

Post by Lixas »

i allow you to hack my server ;) just for fun :)
Image
Locked