MrChriZ
Programmer
- May 6, 2008
- 1
I'm building a function which allows external users to run a script, that comes from my servers, but I don't want them to gain access to the source code.
What I'm doing is, I tell the external users to add this script to the header on their own webpage:
<script id="myScript" src=" type="text/javascript"></script>
Then when their pages load, it will fetch the javascript which I have setup as output in my PHP script on the server (I need that to get data from mySQL DB, relating to the specific external user, who accesses the script).
Now I want to set my PHP up, so it ONLY prints the javascript to the website with my script in it. So even if they take the direct URL from my script and paste it in their browser, it'll not print my javascript output code.
So far I've got some success with this PHP:
<?PHP
$var = "Data requested from DB";
$legalURL = "
if($_SERVER["HTTP_REFERER"] == $legalURL){
echo "document.write('$var');";
}
else{
echo "Hacking attempt";
}
?>
===========================
This prevents any outsiders, who have the link to my PHP script to actually view the output javascript content. But when the external user has loaded their own page, and afterwards pastes the link in their browser, they will have free access to the PHP output, as their HTTP_REFERER url is correct.
How can I make this work, or do you know of another way to build this setup, so I can be the only one, who can view my javascript sources?
What I'm doing is, I tell the external users to add this script to the header on their own webpage:
<script id="myScript" src=" type="text/javascript"></script>
Then when their pages load, it will fetch the javascript which I have setup as output in my PHP script on the server (I need that to get data from mySQL DB, relating to the specific external user, who accesses the script).
Now I want to set my PHP up, so it ONLY prints the javascript to the website with my script in it. So even if they take the direct URL from my script and paste it in their browser, it'll not print my javascript output code.
So far I've got some success with this PHP:
<?PHP
$var = "Data requested from DB";
$legalURL = "
if($_SERVER["HTTP_REFERER"] == $legalURL){
echo "document.write('$var');";
}
else{
echo "Hacking attempt";
}
?>
===========================
This prevents any outsiders, who have the link to my PHP script to actually view the output javascript content. But when the external user has loaded their own page, and afterwards pastes the link in their browser, they will have free access to the PHP output, as their HTTP_REFERER url is correct.
How can I make this work, or do you know of another way to build this setup, so I can be the only one, who can view my javascript sources?
