SmokyHosts Support Forums - Webhosting and Webdesigning Support!

SolusVM VPS management, cPanel/WHM/Fantastico, webdesigning help and discussion forums. Get help from co-webmasters and professionals!
https://smokyhosts.com/forums/

No ****

https://smokyhosts.com/forums/viewtopic.php?t=2559

Page 3 of 5

Posted: Sun Sep 23, 2007 6:06 pm
by Lixas
Flipper3 wrote:When looking over it...it is almost impossible because you have 2 php files which it is IMPOSSIBLE to steal a php file's source.
If web server is correctly configured, you will not see any php source. javascript's no right **** script is designed to prevent stealing html objects (text, images and so on)

Posted: Mon Sep 24, 2007 10:15 pm
by Flipper3
Lixas wrote:If web server is correctly configured, you will not see any php source. javascript's no right **** script is designed to prevent stealing html objects (text, images and so on)
It is impossible to see any php source no matter the server configuration. (Well...possible but 99.9999999999999% of the time that is never done.)

On your website I can right **** in Firefox. :D

Posted: Wed Sep 26, 2007 1:45 pm
by Lixas
but the source that you can see in my website with right **** is not, that paint a picture, paints a sophisticated table on so on, so you can not realy steal my website's source :P

Posted: Fri Sep 28, 2007 1:27 am
by Flipper3
Lixas wrote:but the source that you can see in my website with right **** is not, that paint a picture, paints a sophisticated table on so on, so you can not realy steal my website's source :P

Exactly...just like my website. It is a text-based game coded in PHP so nobody can steal the source.

So therefore, your site is not protected by no right ****. It is protected by the basics of PHP; that it hides your script source. So once again source hiding prevails since I can still see all of your non-PHP source.

Posted: Fri Sep 28, 2007 10:24 am
by Tails5
[html]<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1257" />
<title>Playoff's</title>
</head>
<script type="text/javascript">var SAJA_PATH="./classes/saja/"; var SAJA_HTTP_KEY="1621f677dbebb70e8484a6d53415f18a"</script>
<script type="text/javascript" SRC="./classes/saja/saja.js"></script>
<script type="text/javascript">
function change_image(image_src, element_id)
{
****.getElementById(element_id+'k').src='./images/gif/'+image_src+'.gif';
}

function change_rez(rez, element_id)
{
//alert('Element: '+ element_id+' Value: '+rez);
****.getElementById(element_id+'r').innerHTML=rez;
}
</script>
<body onload="saja.run('','page','r','innerHTML',this,'d80c6a5b501e446066f844e820918357','aec9a921e597c4df308482094ac5d602');">
<div id="page">
<div id="preview_image"></div>
<div id="gen_table">
</div>
<div id="gerated_image"></div>
</div>
<div align="center" id="sajaStatus" style="visibility:hidden; position:fixed; left:45%; top:49%"><b><img src="./images/ajax-loader.gif">
Please wait while loading...</b></div></body>
</html>[/html]

Code: Select all

var saja = {
procOn:0,
ClearAlert: function(doClear){
if(!doClear){
if(saja.timeOut)
clearTimeout(saja.timeOut)
saja.timeOut = setTimeout(function(){saja.ClearAlert(1)},6000)
}
else{
ob=****.getElementById('alertOutput');
ob.innerHTML = '';
clearTimeout(saja.timeOut)
}
},
ChangeIndicator: function(ob,procStatus){
var s = ****.getElementById('sajaStatus');
if(!s) return;
//saja is working
if(procStatus){
if(ob && ob.style) ob.style.cursor = 'wait';
****.body.style.cursor = 'wait';
s.style.visibility = 'visible';
}
//saja is finished
else{
if(ob && ob.style) ob.style.cursor = 'default';
****.body.style.cursor = 'default';
if(s) s.style.visibility = 'hidden';
}
},
NewReq: function(){
if(window.XMLHttpRequest)
try{return new XMLHttpRequest();}catch(e){}
else if(window.ActiveXObject)
try{return new ActiveXObject("Microsoft.XMLHTTP");}catch(e){
try{return new ActiveXObject("Msxml2.XMLHTTP");}catch(e){}}
},
run: function(php, id, act, property, ob, session_id, proc_file){
if(!proc_file) proc_file = '';
if(req = saja.NewReq()){
if(!saja.procOn)
saja.ChangeIndicator(ob,1);
saja.procOn++;
saja.ExecReq(req, php, id, act, property, SAJA_PATH + 'saja.process.php', ob, session_id, proc_file);
}
},
ExecReq: function(req, args, id, act, property, file, ob, session_id, proc_file){
req.open('POST',file,true);
req.send((SAJA_HTTP_KEY ? escape(saja.rc4(SAJA_HTTP_KEY, args)) : args) + '<!SAJA!>' + session_id + '<!SAJA!>' + proc_file);
req.onreadystatechange=function(){
if (req.readyState==4 && req.status==200){
actions = req.responseText.split('<saja_split>');
if(actions[0])
saja.Put(actions[0], id, act, property)
if(actions[1])
eval(actions[1]);
saja.procOn--;
if(!saja.procOn)
saja.ChangeIndicator(ob,0);
}
}
},
Put: function(content, id, act, property){
if(!id) return;
if(property){
try{ob = ****.getElementById(id);}catch(e){}
if(act=='p')
ob[property] = content + ob[property];
else if(act=='a')
ob[property] += ob[property];
else if(property.split('.')[0]=='style')
ob.style[property.split('.')[1]] = content;
else
ob[property] = content;
}
else
window[id] = content;
},
Get: function(id, property){
if(!property)
return saja.phpSerialize(id);
return saja.phpSerialize(****.getElementById(id)[property]);
},
phpSerialize: function(v){
var ret = '';
if(typeof(v)=='object'){
var len = v.length;
if(len){
ret = 'a:' + len + ':{';
for(var i=0; i<len; i++){
ret += 'i:' + i +';'
ret += 's:' + (v[i]+'').length + ':"' + escape(v[i]) +'";'
}
ret += '}';
} else {
len = 0;
for(var i in v) len++;
ret = 'a:' + len + ':{';
for(var i in v){
ret += 's:' + i.length + ':"' + i +'";'
ret += 's:' + v[i].length + ':"' + escape(v[i]) +'";'
}
ret += '}';
}
} else {
ret += 's:' + (v+'').length + ':"' + escape(v) +'";'
}
return ret;
},
SetStyle: function(ob, styleString){
****.getElementById(ob).style.cssText = styleString;
},
rc4: function(pwd, data){
pwd_length = pwd.length;
data_length = data.length;
var key = []; var box = [];
var cipher = '';
for (var i=0; i < 256; i++){
key[i] = pwd.charCodeAt(i % pwd_length);
box[i] = i;
}
for (j = i = 0; i < 256; i++){
j = (j + box[i] + key[i]) % 256;
tmp = box[i];
box[i] = box[j];
box[j] = tmp;
}
for (a = j = i = 0; i < data_length; i++){
a = (a + 1) % 256;
j = (j + box[a]) % 256;
tmp = box[a];
box[a] = box[j];
box[j] = tmp;
k = box[((box[a] + box[j]) % 256)];
cipher += String.fromCharCode(data.charCodeAt(i) ^ k);
}
return cipher;
},
getForm: function(f){
var vals = {};
for(var i=0; i<f.length; i++)
if(f[i].id)
vals[f[i].id] = f[i].value;
return vals;
}
}
I think that's it... not sure though, the second thing is the ./classes/saja/saja.js that I saw in the original source

Posted: Sat Sep 29, 2007 7:10 am
by Lixas
yes, it's the source that is passed to the user, but where does it paint table, where does it paint generator's image ? :P this code that you have posted paint an animated image "loading" and that all. all other page item's come in ajax way :)

Posted: Sun Sep 30, 2007 8:20 am
by Tails5
Well I'm stumped here >_> I'd need file access to the server to do it :(

Posted: Sun Sep 30, 2007 1:30 pm
by Lixas
so, this is a true example how to hide page content :P also, add anny right **** disabling script, and your page content is safe for noob haxorz :) higher level |-| 4 ( |( 3 R would steal your web content anyway :p

Posted: Sun Sep 30, 2007 3:24 pm
by Tails5
I've worked out how to do it, but I'm too lazy to hack your server (and it'd be illegal to top it off), since it's all executed on the server side, scripts that download the file won't work :(

Posted: Wed Oct 03, 2007 5:14 pm
by Lixas
i allow you to hack my server ;) just for fun :)
All times are UTC
Page 3 of 5

Powered by phpBB® Forum Software © phpBB Limited