| Author |
Message |
firedemon666
Hangin' Around
Joined: Apr 28, 2006
Posts: 31
|
 Posted:
Fri Apr 28, 2006 12:42 am |
|
Hello all. Nice site you got here. LOADS of forums. Your SQL database must be the size of the grand canyon. Anyways let's cut to the chase.
As a way to hide the soure code from a few custom modifications we have done to our site and in the hopes to at least help in prevention against SQL injections, I have added to the site a javascript which encrypts the source code of the site. The way I have done it, which is to slap the PHP file into the root directory and insert the line, "Include("Script_Here.php");" into the theme.php file of the theme I am currently using which would encrypt the source code of every page on the site (or at least the pages that have the PHP theme tied to them which is 99% of the site). The problem is, is that this script completely FUBARS select modules and blocks. Right now the only module I am having trouble with is the arcade. While the source encryption script is installed. The problem I am having is that the arcade will not record new scores. Whether the problem is with the arcade module itself or newscore.php I am not sure but that can be determined easily.
The problem here I am having is how to exclude the source encryption script from just slect modules, whil still leaving the line in my theme.php and allowing it to load up with the rest of the site. Is there a simple line I can insert into a .php file that will halt this script from loading up with it?
Thanks a bunch in advance. |
| |
|
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Fri Apr 28, 2006 2:55 am |
|
did it record before you started using the encryption ? |
| |
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Fri Apr 28, 2006 5:57 am |
|
| Quote: | | I have added to the site a javascript which encrypts the source code of the site |
Just curious but what heppens when a browser is used that does not support JS? |
| |
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Fri Apr 28, 2006 7:43 am |
|
So its a Javascript that encodes the HTML? What happens when the Javascript is encrypting Javascript code? |
_________________
- Only registered users can see links on this board! Get registered or login! -
Need help? Only registered users can see links on this board! Get registered or login! |
|
|
|
firedemon666
|
| Posted:
Fri Apr 28, 2006 1:34 pm |
|
| Quote: | | did it record before you started using the encryption ? |
Yes it did.
And it doesn't matter whether the browser supports java or not. Just go to,
www.xgl-clan.com
and try viewing the source. |
| |
|
|
|
|
Guardian2003
|
| Posted:
Fri Apr 28, 2006 11:53 pm |
|
It took so long to load I gave up! |
| |
|
|
|
|
firedemon666
|
| Posted:
Sat Apr 29, 2006 1:25 am |
|
Thats because the swat 4 block was on the fritz and was lagging the site. Try it again now. Should come right up. |
| |
|
|
|
|
firedemon666
|
| Posted:
Wed May 03, 2006 9:36 pm |
|
Well guys is there a way? |
| |
|
|
|
|
evaders99
|
| Posted:
Wed May 03, 2006 10:28 pm |
|
I assume you have the include line that you posted in there
You could do something like
Code:
if (($name == "Arcade) OR ($name == "Forums")) {
} else {
Include("Script_Here.php");
}
|
Add the names of the modules with conditionals as needed |
| |
|
|
|
|
firedemon666
|
| Posted:
Wed May 03, 2006 11:23 pm |
|
Tried that, thinking it would work. No go. Tried the Forums line so that the source of anything forum related (IE the arcade) would not be encrypted. The problem I discovered, is that the score recording does not lie within the forums or arcade itself. It is a seperate file that handles this. Around in the root folder of my website, you would find a file called "arcade.php". I became suspicious of this file after the script mod failed so I removed the csource lines so that it would not load on any page, and deleted arcade.php from my root directory. The arcade still loaded up fine, all the games played, but hey! When I go to submit a high score, NOTHING HAPPENS! I put the file back and this dissapeared. And since the file is not identified by "$file" or "$name", I cannot exclude it with this specific script. So, is it still possible? It is just this one file we need to keep the csource from loading with. |
| |
|
|
|
|
evaders99
|
| Posted:
Sat May 06, 2006 3:54 pm |
|
Try this then
Code:
if (stristr($_SERVER['PHP_SELF'], "arcade.php")) {
} else {
Include("Script_Here.php");
}
|
|
| |
|
|
|
|
firedemon666
|
| Posted:
Sat May 06, 2006 4:09 pm |
|
How do I add a conditional? I discovered the file newscore.php also plays a role in writing the tables for games that have no previous score recorded. As it is now, Games that have previous scores will record fine. Games that have no previous scores will flunk out. We are in the home stretch!
Thanks a bunch for the help. |
| |
|
|
|
|
evaders99
|
| Posted:
Sat May 06, 2006 5:16 pm |
|
Code:
if (stristr($_SERVER['PHP_SELF'], "arcade.php") OR stristr($_SERVER['PHP_SELF'],"newscore.php') ) {
|
Hope that helps
You should be able to figure out how to keep extending that with the necessary OR statements  |
| |
|
|
|
|
firedemon666
|
| Posted:
Sat May 06, 2006 5:23 pm |
|
Code:
<?php
if (stristr($_SERVER['PHP_SELF'], "arcade.php") OR
stristr($_SERVER['PHP_SELF'],"newscore.php') ) {
} else {
Include("scripts/csource.php");
}
|
Tried it like that. The site is a dud with that script in place. When you try loading it all you get is a blank page. Also tried<
Code:
<?php
if (stristr($_SERVER['PHP_SELF'], "arcade.php") OR
(stristr($_SERVER['PHP_SELF'],"newscore.php') ) {
} else {
Include("scripts/csource.php");
}
|
In case you had made a type since im relatively new to scripting. Still no go.
However with the script:
Code:
<?php
if (stristr($_SERVER['PHP_SELF'], "arcade.php")) {
} else {
Include("scripts/csource.php");
}
|
The site loads just fine. WTH is going on? |
| |
|
|
|
|
evaders99
|
| Posted:
Sat May 06, 2006 11:20 pm |
|
Sorry.. it was a typo, the last quote should have been a double quote
Code:
if (stristr($_SERVER['PHP_SELF'], "arcade.php") OR stristr($_SERVER['PHP_SELF'],"newscore.php") ) {
|
|
| |
|
|
|
|
firedemon666
|
| Posted:
Sat May 06, 2006 11:28 pm |
|
Even with my low level scripting skills Id've recognized that if I had seen it. How could I have been so blind... Lol
Anyways the arcade works flawlessly now. Thanksa bunch man, I owe ya one =D |
| |
|
|
|
|
firedemon666
|
| Posted:
Mon May 08, 2006 12:37 am |
|
Ahhh alas this problem is not through repeating itself. I have found an MSN messenger block for my site that allows people to log onto MSN without having the messenger installed. But csource FUBARS it and causes it to be displayed at the bottomof the page. I'm not sure if the above script only works on files in the root folder but I tried
Code:
stristr($_SERVER['PHP_SELF'],"blocks/block_name_here")
|
And failed horribly. The block was still disfigured at the bottom of the page. Whats up with it this time? |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
