Log in

View Full Version : php encypted/viewable?


bluewalrus
10-16-2008, 11:54 PM
Is php source viewable i assume it is but i don't know how. I have a username and password in a php form. I didn't know if i had to encrypt it somehow or if it really is at it appears not viewable. I assume it is viewable somehow though since the browser can interpret the data.

Thanks for any suggestions you have.
Twey
10-17-2008, 01:45 AM
No, it is not viewable (unless the client has filesystem access to your server and the necessary permissions). The browser sends the user's input data to the server, which interprets the script and generates appropriate plain HTML output based on the input.
bluewalrus
10-17-2008, 02:03 AM
My permissions are set to 644... read for all and write for owner? Is that what i want there. The password and user name are just in an if statement in the php file but from what you said i take it that it reads the if statement and if the username and password are both matching writes the code below that to the html and then the php is not viewable so... The only way to get the original php source code would be to go in threw the ftp or ask the person that wrote it?

Thanks
Twey
10-17-2008, 04:15 AM
Correct. You may wish to set it to 700 (rw-------), but you will need to ensure that it is owned by the right user (probably something like nobody:nobody or www-data:www-data).
bluewalrus
10-17-2008, 05:02 AM
I changed it to 700 and its bringing up this...

Warning: Unknown(/hsphere/local/home/crazychr/bluewalrus.net/test/sigma/edit.php): failed to open stream: Permission denied in Unknown on line 0

Warning: Unknown(/hsphere/local/home/crazychr/bluewalrus.net/test/sigma/edit.php): failed to open stream: Permission denied in Unknown on line 0

Warning: (null)(): Failed opening '/hsphere/local/home/crazychr/bluewalrus.net/test/sigma/edit.php' for inclusion (include_path='.:/usr/local/lib/php:/usr/local/share/pear') in Unknown on line 0

Where as the 644 was going threw but I don't know if it was/is secure so I have it set to the 700 but not functioning right now.


This is the php i dont want people to be able to see.

<?php
$username = $_POST['user'];
$password = $_POST['password'];
if ($username=="username1") {
if ($password=="password1") {
?>
Twey
10-17-2008, 05:05 AM
That means that you haven't ensured it's owned by the right user.
bluewalrus
10-17-2008, 02:58 PM
oo ok thanks