Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Convert from Javascript to protect my code 1

Status
Not open for further replies.
tav1035

tav1035

MIS
May 10, 2001
344
US
I have some code that I would like to hide and keep people from doing a "file- save as" and running this web application on their client. I am a newbie so I'm just learning. I already have a server with php, cgi, etc..
My code basically converts any spaces, returns, tabs ect. to ',' and counts them.

Any ideas would be appreciated.

Code: 
<SCRIPT LANGUAGE="JavaScript">
<!-- Begin
function convertSpaces(str)
{

str=str.replace(/\r/g,"")
str=str.replace(/\s/g,",")
str=str.replace(/\,,*/g,",")
str=str.replace(/\''*/g,"")
str=str.replace(/(,*),$/,"$1")
str=str.replace(/(,*),$/,"$1")
str=str.replace(/(,*),$/,"$1")
str=str.replace(/(,*),$/,"$1")
str=str.replace(/(,*),$/,"$1")
str=str.replace(/(,*),$/,"$1")
str=str.replace(/(,*),$/,"$1")
str=str.replace(/\,,*/g,"','")
str=str.replace(/^','/g,"")

return str;
}
//  End -->
</script>
<!-- END CONVERT SPACES -->

<!-- BEGIN TEXT AREA 1 -->
<textarea name="user" rows="10" cols="35" onBlur="this.value 

= 

convertSpaces(this.value);countWords(this.value);"></textare

a>
<!-- END TEXT AREA 1 -->

<!-- COUNT RECORDS -->
 <SCRIPT language=javascript type=text/javascript>
function countWords(strVal){
  var strArray = strVal.split ("','");
  document.getElementById('cnt').innerHTML = 

strArray.length;
}
 </SCRIPT>

<div align="center">
Record count is  <SPAN id=cnt>0</SPAN></div>
<!-- END COUNT RECORDS -->
tav
 
Sort by date Sort by votes
@thenewa2x

be very careful using $_SERVER['HTTP_REFERER'] for any live system. many browsers do not send this, or if they do, restrict doing so only to certain instances (for example typing a url in the address bar would not cause any browser to send the referer info).

further some browsers can be configured by the user to send the info (opera) on a click by click basis.

lastly - it's really easy for users to hack !
 
Upvote 0 Downvote
thenewa2x,
Couldn't a hacker type and get this file, then alter it to their site name ( Then do a file save as...and get the html files and supporting files and transfer it to their server and have a working application?

However I would like to try it out.

jpadie,
I played with several of you ideas and found this to work well->
Code: 
<?
require_once ("Sajax.php"); //download this from [URL unfurl="true"]www.modernmethod.com/sajax[/URL]
sajax_init();
sajax_export("parse_spaces");
sajax_handle_client_request();

function parse_spaces ($str) {
$find = array ("\r\n", "\n", " ","','", "','','", "','','","','','","','','");
$replace = "','";
return trim(str_replace($find, $replace, $str), "','");
}
?>

However, earlier you mentioned that->
"i'm not sure whether the countwords function will wait for the getcleanseddata function to finish. if it does not you might move the call to countWords (which i guess just pops up an alert or changes some html?) to the toggle function."
Well you were right, the counter doesn't count unless you click out of the textarea once to parse and a second time to count. So it must be running before the parsing is finished.

<!-- COUNT RECORDS -->
Code: 
 <SCRIPT language=javascript type=text/javascript>
function countWords(strVal){
  var strArray = strVal.split ("','");
  document.getElementById('cnt').innerHTML = 

strArray.length;
}
 </SCRIPT>

<!-- Counter -->
Code: 
<div align="center">
Record count is  <SPAN id=cnt>0</SPAN>
</div>
Code: 
<textarea name="user" id="user" rows="10" cols="35" onBlur="getcleanseddata();countWords(this.value);"></textarea>

thanks for the help.
tav
 
Upvote 0 Downvote
tav1035, the php file is a server-side script, it does not download to the client it executes on the server side and the results of the script are written out to the browser.
So if you had a php script that echoed "Hello" out to the page when you look at the source code in the browser you just have the HTML page with Hello in the body, none of the code that generated it.

A .js file is just an include file and does not execute on the server. While the code in the .js file does not show up in the pages source when viewed you can download the file (as you know) by referencing it on the URL because it is not a file type that will be interpreted directly while .asp and .php files are executed server-side.


It's hard to think outside the box when I'm trapped in a cubicle.
 
Upvote 0 Downvote
@tav1035

you could put the countword function into the js toggle function. that way you could guarantee the timing of the call.

Code: 
function toggle(val) {
  var elem=document.getElementById("containerdiv");
  elem.innerHTML = val; // or elem.value if a field
  document.getElementById('cnt').innerHTML = val.length;
}
 
Upvote 0 Downvote
jpadie,
Your code works but returns-> "count = 5" for n','n
It is counting all characters. The count should return 2.
Code: 
// you last post...
function toggle(val) {
  var elem=document.getElementById("containerdiv");
  elem.innerHTML = val; // or elem.value if a field
  document.getElementById('cnt').innerHTML = val.length;
}

I tried this code and it returns the right count, however it returns "undefined" in the textarea instead of n','n
Code: 
function toggle(strVal){
  var elem=document.getElementById("user");
  var strArray = strVal.split ("','");
  document.getElementById('cnt').innerHTML = strArray.length;
}

I know, I'm missing the "elem.innerHTML = val; // or elem.value if a field"
Is this why it's undefined?
Any ideas?
Thanks, tvondra at hotmail
tav
 
Upvote 0 Downvote
light may be dawning. is it the case that you don't ever really want the textarea text to change. people can type in what they want and all you're doing is counting the words (and discounting spaces etc)? or do you want the text area to changed to the comma variant too? if the former then i may have an easier solution to the problem! if the latter then could you explain what "n" is?

are you able to supply a url example? the previous url has changed to become a form of simple query creator.
 
Upvote 0 Downvote
jpadie,
This is a SQL query builder. It builds "in" statements based on similiar criteria,(ie.)-> (where location in ("SEATTLE','HOUSTON','BOSTON")) .
I've made it mistake proof, so no matter how a user enters the data, it will normalize it.
Most data comes from excel spreadsheets and then when the user needs to update the data, they can grab all the records at once and paste them back into the database, update them and not need to know SQL.

I already have it running and have about 60 users that depend on this tool in order to do their everyday work. I'm trying to protect this application as much as possible so users can't do a "save file as" and user the application without being a member.
This link will sort of explain it...

and this link will give you a short demo...
This demo will limit the query statement to five records.

or go here and sign in..
(username: freetrial)
(password: 051506)
the password will be good for another 5 days.

See what you think.
My next step is to make the button editable so anyone can modify what tables and fields gets appended to the "where statements"
tav
tvondra at hotmail
 
Upvote 0 Downvote
got it (the signin link does not work btw.)

why do you need the word count then?

and how do you deal with multiple words in the same criterion expression
ie
Code: 
where location in ("something", "something else")
 
Upvote 0 Downvote
jpadie,
The I run into that alot, however I thought about counting unique, but the amount of duplicates are seldom. The user usually grabs the results from a database export (crystal,excel,access,sticky note:), etc... a user may sort and filter using excel and copy only the records they choose to update and paste them into this application to build their SQL statement. So most of the time they are unique records. The user uses this tool when they want to make a change to a set of records, so they have pretty much already targeted the unique records.

But I like your thinking. Counting unique would be the ultimate.

I checked the login and it does work...
Once you sign in using USERNAME-freetrial, PASSWORD-051506
A window will popup asking you to choose an application for the "Query to be used on:"
Pick Maximo
tav

 
Upvote 0 Downvote
A window will popup
Click to expand...
that will be the problem. all my browsers block popups. i shall try again

on the main question - i think i have badly explained. what i was wondering about was what you did with criteria that had more than one word, or otherwise had a space in them?
 
Upvote 0 Downvote
jpadie,
There is unique stamp for every record. This tool is for taking data from an excel spreadsheet and pasting it back into the database and then doing an update to each records.
An example of a unique records:

MACHINES:
M# MaDescription Location
M0001 CNCMachine#1 30-001
M0002 CNCMachine#2 30-013
M0003 CNCMachine#3 50-002.2
etc....
or
WORK ORDERS:
WO# WoDescription Location
40101 Change oil in gearbox 20-001
40102 Change oil in scooter 15-230
40103 Change oil in lift 16-001.Mezz.
or
etc.
When the user filters or sorts in excel through hundreds of records they grab just the records they want by using the unique numbers
ie.
M0002
M0003
M0007
MC411
MD606
etc...
Throw it into my tool and build this ->
Where EQNUMBER in ('M0002','M0003','M0007','MC411','MD606')

The user doesn't need to worry about 2 word criterias they have already used excel for that purposes.
Thanks
tav
 
Upvote 0 Downvote
Thanks, to all....
I have this working in php.
I used the following code to convert all spaces and carriage returns to ',' (semi-quote, comma, semi-quote)->
Code: 
<?php
session_start();
require_once ("Sajax.php"); //download this from [URL unfurl="true"]www.modernmethod.com/sajax[/URL]
sajax_init();
sajax_export("parse_spaces");
sajax_handle_client_request();

function parse_spaces ($str)
{
    $find = array ("\r\n", "\n", "\',\'", " ", "','", "','','", "','','", "','','", "','','");
    $replace = "','";
    return trim(str_replace($find, $replace, $str), "','");
}
?>

and the following code for counting->
Code: 
<script>
<? sajax_show_javascript(); ?>
function getcleanseddata() {
  var elem=document.getElementById("user");
  x_parse_spaces(elem.innerHTML, toggle); //or elem.value if a field
}
//function toggle(val) {
//  var elem=document.getElementById("user");
//  elem.innerHTML = val; // or elem.value if a field
//}
//function toggle(str) {
//  var elem=document.getElementById("user");
//  elem.innerHTML = str; // or elem.value if a field
//  document.getElementById('cnt').innerHTML = str.length
//}
function toggle(strVal) {
  var elem=document.getElementById("user");
  var strArray = strVal.split (",");
  elem.innerHTML = strArray; // or elem.value if a field
  document.getElementById('cnt').innerHTML = strArray.length;
}
// function toggle(strVal){
//  var elem=document.getElementById("user");
//  var strArray = strVal.split ("','");
//  document.getElementById('cnt').innerHTML = strArray.length;
// }

</script>
take a look at USERNAME: freetrial
PASSWORD: 080106
tav
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

P
  • Locked
  • Question
JPgraph - How to stop a line graph from dropping to zero?
Replies
2
Views
412
Chris Miller
Chris Miller
R
  • Locked
  • Question
How Can I Use MySQL To Send Data To An Email
Replies
1
Views
293
Chris Miller
Chris Miller
mervgh
  • Locked
  • Question
My own custom error handler
Replies
1
Views
275
Chris Miller
Chris Miller
W
  • Question
how to send checked row data in php
Replies
0
Views
79
wiltang2004
W
ersatz
  • Locked
  • Question
How to send 2 select from mysql database in email like tables
Replies
5
Views
526
ersatz
ersatz

Part and Inventory Search

Sponsor

Back
Top