Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: require footer or fail

  1. #11
    Join Date
    Jan 2007
    Posts
    629
    Thanks
    10
    Thanked 28 Times in 28 Posts

    Default

    You could encrypt it, unencrypt it, and then execute it. But there are many problems with that:
    • Users won't be able to make modifications (at best this will upset them)
    • The page will load slower
    • Anyone who was really bent on getting the code wouldn't have too much trouble
    • it would be hard to create the process needed for the two way encryption, and then there is the execution to think about

    Other then that, there is nothing that I can think of that would even phase a user. Perhaps vbulletin does have something, but if it's in PHP, it can't be very effective.
    --Jas
    function GreatMinds(){ return "Think Like Jas"; }
    I'm gone for a while, but in the meantime: Try using my FTP script | Fight Bot Form Submissions

  2. #12
    Join Date
    Sep 2006
    Location
    St. George, UT
    Posts
    2,769
    Thanks
    3
    Thanked 157 Times in 155 Posts

    Default

    I've ran into forum software that did this as well (AEF I believe). Basically, there were two items that made it possible (and tough to find if you are in-experienced with PHP). The first was a variable named $copyright which had all of the information for the copyright notice. Then in the main initiation function, there was a function call to strrev and if the copyright variable was changed to something other than what it originally was, then the script would die. Pretty simple to go about this. Simply place this in a config file (or the script itself):

    Code:
    $copyright = 'Hello World!';
    Then place a function that executes on every page like so:

    Code:
     if ($copyright != strrev('!dlrow olleH')) {
      die();
     }
    Hope this helps
    "Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music." - Kristian Wilson, Nintendo, Inc, 1989
    TheUnlimitedHost | The Testing Site | Southern Utah Web Hosting and Design

  3. #13
    Join Date
    Jan 2007
    Posts
    629
    Thanks
    10
    Thanked 28 Times in 28 Posts

    Default

    That's not a good solution:
    PHP Code:
    if ($copyright != strrev('!dlrow olleH')) {
      
    //die();

    Even a brand new coder could figure that out. If they can figure out how to change the copyright, they can figure out how to add a comment or erase the line (especially since the function name is self explanatory ).

    Edit: and why use strrev? I would use binary or the crypt function or something.
    I also had a though-- what if some one accidentally changed the case of a letter in the copyright? lol. "Oh no! What happened?!"
    Last edited by Jas; 03-21-2008 at 03:50 AM.
    --Jas
    function GreatMinds(){ return "Think Like Jas"; }
    I'm gone for a while, but in the meantime: Try using my FTP script | Fight Bot Form Submissions

  4. #14
    Join Date
    Sep 2006
    Location
    St. George, UT
    Posts
    2,769
    Thanks
    3
    Thanked 157 Times in 155 Posts

    Default

    Quote Originally Posted by Jas View Post
    That's not a good solution:
    PHP Code:
    if ($copyright != strrev('!dlrow olleH')) {
      
    //die();

    Even a brand new coder could figure that out. If they can figure out how to change the copyright, they can figure out how to add a comment or erase the line (especially since the function name is self explanatory ).

    Edit: and why use strrev? I would use binary or the crypt function or something.
    I also had a though-- what if some one accidentally changed the case of a letter in the copyright? lol. "Oh no! What happened?!"
    I was just pointing to a simple example that I had found when trying to change the copyright link to open a new window instead of opening in the current window. Every time I changed the variable, it would kill the script and show just a blank page. I then found this in their main initiation function. I wasn't encourgeing the OP to use this as a solution, but instead a simple example to go off of.

    Hope this helps.
    "Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music." - Kristian Wilson, Nintendo, Inc, 1989
    TheUnlimitedHost | The Testing Site | Southern Utah Web Hosting and Design

  5. #15
    Join Date
    Jan 2007
    Posts
    629
    Thanks
    10
    Thanked 28 Times in 28 Posts

    Default

    Quote Originally Posted by thetestingsite View Post
    I was just pointing to a simple example that I had found when trying to change the copyright link to open a new window instead of opening in the current window. Every time I changed the variable, it would kill the script and show just a blank page. I then found this in their main initiation function. I wasn't encourgeing the OP to use this as a solution, but instead a simple example to go off of.

    Hope this helps.
    And it's not a bad example. I am not slamming your code (Your a better coder then I am, no matter how you look at it ).

    The point is that, in scripting languages, it's not possible to effectively protect your script. The reason, as has been said already, is because the user can edit the source code. At best you can slow them, but, again, you'll never stop them unless you use a compiled language (and some people can still hack into that ). If your worried about it getting stolen, it's probably best if you don't put it online.

    EDIT: although the why use strrev question might have sounded like I disliked the code. I was-- and am-- curious why you chose that one. Simplicity?
    Last edited by Jas; 03-21-2008 at 04:17 PM.
    --Jas
    function GreatMinds(){ return "Think Like Jas"; }
    I'm gone for a while, but in the meantime: Try using my FTP script | Fight Bot Form Submissions

  6. #16
    Join Date
    Sep 2006
    Location
    St. George, UT
    Posts
    2,769
    Thanks
    3
    Thanked 157 Times in 155 Posts

    Default

    EDIT: although the why use strrev question might have sounded like I disliked the code. I was-- and am-- curious why you chose that one. Simplicity?
    Again, the only reason I chose strrev was due to that being the case for Advanced Electron Forums (AEF). After thinking about it a little, I would try to make a call to a remote location which would have some kind of license/copyright code; however, as has been said before, this will only slow the person trying to change the code instead of actually stopping them.
    "Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music." - Kristian Wilson, Nintendo, Inc, 1989
    TheUnlimitedHost | The Testing Site | Southern Utah Web Hosting and Design

  7. #17
    Join Date
    Jan 2007
    Posts
    629
    Thanks
    10
    Thanked 28 Times in 28 Posts

    Default

    You know what, though, I just had an idea thanks to your comment, thetestingsite.

    Problem: Pulling information from elsewhere means they can't edit it. The problem that remains is that they can take out the bit of code that would stop the processing. (i.e. the die() function)

    Solution: If you make the code in some way dependent on some outside source-- say for a MySQL database or a few PHP pages-- you might be able to prevent changes. For example, you could give the user the files which pertain to the settings of the script, while the rest of the script stays on your server (for example, you can keep an algorithm for an encryption process on your server, rather then giving it to users). The script is then executed form the users website through your webserver. The downside is, of course, a huge loss in bandwidth for you. But anyway, it would certainly work

    I would not recommend doing this, and I doubt it's what your looking for, but it would certainly work.
    Anyway, I just though I would share that. Other people might have already thought of it, but it just know came to me.
    Last edited by Jas; 03-23-2008 at 03:15 AM.
    --Jas
    function GreatMinds(){ return "Think Like Jas"; }
    I'm gone for a while, but in the meantime: Try using my FTP script | Fight Bot Form Submissions

  8. #18
    Join Date
    Jan 2008
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    once again you get the problem of it being code... to prohibit it all you do is view the page and click view source.. take the source and paste it in an editor... bingo... change it as you want... for the remote calls.. here in SA we have a thing called "mxit" its an application that runs on cellphones to enable chat like msn.. anyways.. the main script makes a call to the servers to load another script... all you do is open the first script. find the url of where its going. download it. edit the first script with a new location. and you limit the web trafic. :P

    so basicaly... if you code it.. dont get attatched

  9. #19
    Join Date
    Jan 2007
    Posts
    629
    Thanks
    10
    Thanked 28 Times in 28 Posts

    Default

    You're thinking client side (like javascript), whereas we're talking server side (PHP, the source code of which is invisible to anyone except the server it's hosted from, unless you hack in). At no point should the clients computer directly contact the other server (hopefully).

    Code:
    Client==Website's Server
                    ||
                Second Server
    (Client goes to website, website gets output from second server, website server sends info back to client).
    Not
    Code:
            // Website's Server
    client {{
            \\ Second Server
    (Client pulls info from both servers)

    But yes, if you put it online, be prepared to see it copied, modified or otherwise stolen. I guess that's what we get for having so much freedom on the internet-- having no one monitor it has to have some disadvantages, right?
    Last edited by Jas; 03-25-2008 at 10:18 PM.
    --Jas
    function GreatMinds(){ return "Think Like Jas"; }
    I'm gone for a while, but in the meantime: Try using my FTP script | Fight Bot Form Submissions

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •