I know, I know - obfuscated html/js code is useless (I read the other questions on SO), but I still want to make life harder for copy-cats of my site...
I'm running a php based website, which generates html output. I would like the FINAL html output (which has html, js, json and uses ajax) to be obfuscated. Is there a php function for that purpose? I found http://www.ioncube.com/html_encoder.php but that relies on some of their special software to be loaded on the server - ie, a no-go...
Any suggestions?
Not true obfuscation, but rather hard to read in most cases (and less bandwidth-intensive as well!)
<?php
ob_start();
// Generate output here
$output = ob_get_contents();
ob_end_clean();
$output = preg_replace('\s{2,}',' ', $output);
echo $output;
?>
You can compress your JavaScript and css
For php output it can be done using ob_start have a look at this http://ru.php.net/manual/en/function.ob-start.php#71953
You should have a look at Minify it has a Minify_HTML class removing whitespace, unnecessary comments and tokens
Well, in my studies of HTML obfuscator, like http://htmlobfuscator.com/, are truely change their "special" code into reversed base64.
When we decode it, they're actually packed js file using packer that you could find on Google.
So, now we could do this
Slashup the whole html, for the Js string, then "pack" the javascript, then encode it into base64, then rotate the encoded string. Viola, done.
You'll get something like this:
var IO1='KkSKpcCfngCdpxGcz5yJr9GfwRHdox3YyNHfmVmc8NmczRXZnxXZtFmTnFGV5J0c05WZtVGbFRXZnxXawFWeyVWdxpGf0BXayN2c8xmc1xXZwF2YzVmb1xnclJnclZWZyxHZslGaDRmblBHchx3bm5Wa8VGdpJ3d8xHduVWblxWRlRXYlJ3Y8VGb0lGdDNDfDJDfs1GdoxXek9mYDNDfyl2cwIDf0NXZ0V0M8x3bsxWZIV0M8VGb0lGd8RWYlh2QzwHbtRHaDNDfMJVV8V0M8FTSPxHduVmbvBXbvNUSSVVZk92YuVGfJ9US8RWYlhGfyFmd8N0M8JjN8JTO8hzM8Rnbl1Wdj9GZ8VGchN2cl9Ff5R2bixHbhZXZ8ZzM8VzM8VGZvNkchh2Qt9mcmxHdpxGczx3Zulmc0N1b0xHc4V0ZlJFf05WSlNnchBHf3Vmb8VGbph2d8ZWa8dmbpJHdTxXZjFGbwVmc85mc1RXZyxnbvlGdj5WdmxHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHfnwCO0EDLyYDLnkSK9tHLwwSKnwFfnwFKFFjLnwFNywnNyw3NywHOywnYyw3MywnMywHWxw3VxwXWxwnWxwHMywXYywnZywXbyw3aywnaywHbywnbywHaywHZywXayw3YywXZyw3ZywXNywnUxwnSxwXOywXRxwnRxwHexwHRxwHSxw3QxwXQxw3dxwnexwXexw3RxwXVxwnQxw3Sxw3UxwXMywHVxwXUxwHUxwXSxwnVxwHTxwndxwXdxwXTxwHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHf8xHfnwFLOFDLPFDLnwVKpkyJcxFX8dCXcxFKwEjLnwFXcNWM8JWM8RWM8VWM8ZWM8FWM8lTM8VTM8hWM8ZTM8dTM8hTM8dWM8xWM8BXM8NXM8JXM8RXM8FXM85WM8pWM8lWM8tWM89WM81WM8RTM8JTM8xEfLxXT85EfzEDfKxHU8lEfGx3R8dCXcxFLDxyQscCXcx1OpkyNoMHK05iM7kCNoInL4sTXwsVKnwFXcxFXcxlNnwFXcxFXcxFKx5iM9gDI1sTKv5iMokzKnwFXcxFXcxVPwZyJcxFXcxFXctSK25iMokzKnwFXcxFXcxVP5ZyJcxFXcxFXctyJcxFXcxFXcFUP69zLu5ydv8iO4dCXcxFXcxFX9IkL0sTKnwFXcxFXcxVdnwFXcxFXcxFKq5iM9QDI1szJcxFXcxFXcFTJj9yMlETJi9yMlEWJlVSblcWJrVSMlYzLzUSMlg2LzUSalwWJxUiZlETJkVyJcxFXcxFXc1zNgUzJcxFXo0HcgUUf9lSXjt1askyJcxFXndCXcxFLnwFXcJGXcxFXcxFXcdCXcx1KpMGKltyJcxFXixFXcxFXcxFXnwFXchiVgUFKU5Cc9A3ep01YbtGKStXKt0yYoM1O9lSKXhCWuMmOpETMrMGKa5SW/ElPpEWJj1zYogyKpkSKh9yYo8EKlpzJcxFXnwFXc9TY8MGKFtXKjhCR9U2epQGLlxyasMGLhxCcoQEKIdCXo0HcgYXM91XKdN2WrxSKnw1ZnwFLnwlYcxFXcdCXrkyYoU2KnwlYcxFXcdCXoMUMgEUMocXMuAXPwtXKdN2WrhSexsXKt0yYooXM70XM9M2O9dCXrcHXcxFXnwldxsXKoUXM9U2Od1XXltFZgYXM7lSZoUXMb1za9lyYoUGf811YbtWPdlyYoU2WktXKt0yYooXM7lSK4FDLv41LocXMucCXnwVIokXM70XKpgUMoQUMuMmOpkjMrMGKGFjL4FzPHFjPpEWJj1zYogyKpkSKh9yYoIUMoUmOnw1Jc9TY8MGK2FzepMGK1FTPltXKkxSZssGLjxSYsAHK1FDKJFzJo0Hcg4mc1RXZy1Xfp01YbtGLpcyZnwyJixFXnsSKjhSZrciYcx1JoAHeFdWZSBydl5GKlNWYsBXZy5Cc9A3ep01YbtGKml2ep0SLjhSZslGa3tTfpkiNzgyZulmc0N1b05yY6kSOysyYoUGZvNkchh2Qt9mcm5yZulmc0N1P1MjPpEWJj1zYogyKpkSKh9yYoQnbJV2cyFGcoUmOncyPhxzYo4mc1RXZytXKjhibvlGdj5Wdm1TZ7lCZsUGLrxyYsEGLwhibvlGdj5WdmhCbhZXZ';function l1O(data){var OOOlOI="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var o1,o2,o3,h1,h2,h3,h4,bits,i=0,enc='';do{h1=OOOlOI.indexOf(data.charAt(i++));h2=OOOlOI.indexOf(data.charAt(i++));h3=OOOlOI.indexOf(data.charAt(i++));h4=OOOlOI.indexOf(data.charAt(i++));bits=h1>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String.fromCharCode(o1)}else if(h4==64){enc+=String.fromCharCode(o1,o2)}else{enc+=String.fromCharCode(o1,o2,o3)}}while(i= 0; i-- ){ ret += string.charAt(i);} return ret; }eval(l1O(OOO(IO1)));
Good luck~
No, php couldn't do that without something on the client side. You could always have some javascript decode it, but that wouldnt be friendly to whoever has it turned off, it would be slow and no search engine support.
Related
I'm currently using this code:
$blog= file_get_contents("http://powback.tumblr.com/post/" . $post);
echo $blog;
And it works. But tumblr has added a script that activates each time you enter a password-field. So my question is:
Can i remove certain parts with file_get_contents? Or just remove everything above the <html> tag? could i possibly kill a whole div so it wont load at all? And if so; how?
edit:
I managed to do it the simple way. By skipping 766 characters. The script now work as intended!
$blog= file_get_contents("powback.tumblr.com/post/"; . $post, NULL, NULL, 766);
After file_get_contents returns, you have in your hands a string. You can do anything you want to it, including cutting out parts of it.
There are two ways to actually do the cutting:
Using string functions like str_replace, preg_replace and others; the exact recipe depends on what you need to do. This approach is kind of frowned upon because you are working at the wrong level of abstraction, but in some cases it has an unmatched performance to time spent ratio.
Parsing the HTML into a DOM tree, modifying it appropriately (this time working at the appropriate level of abstraction) and then turn it back into a string and echo it. This can be more convenient to work with if your requirements are not dead simple and is easier to maintain, but it typically requires more code to be written.
If you want to do something that's most naturally expressed in HTML document terms ("cutting out this <div>") then don't be tempted and go with the second approach.
At that point, $blog is just a string, so you can use normal PHP functions to alter it. Look into these 2:
http://php.net/manual/en/function.str-replace.php
http://us2.php.net/manual/en/function.preg-replace.php
You can parse your output using simple html dom parser and display olythe contents thatyou really want to display
For example, I would like to:
require('encrypted.php')
"encrypted.php" contains php code that was encrypted with base64, and I have the key to decrypt it. Is there a way to first decrypt the file and then just load the decrypted code into PHP?
The first way that jumps to mind is:
eval("?".">".base64_decode(file_get_contents("encrypted.php"))."<"."?php");
However that's probably not a good idea (evil eval).
Why have you encrypted a PHP file anyway? Nobody can see the source code unless you mess around with things.
You would need to load the file's contents with file_get_contents() or similar, then call base64_decode() on it and eval() it as PHP. Only do this if you are certain of the contents of the file and you trust its source.
// Only do this is the file is trusted!!!
$phpcode = base64_decode(file_get_contents("trusted_encoded_file.php"));
eval($phpcode);
Note: See #Kolink's implementation if the encoded file contains <?php ?> open/close tags.
you don't need any key to decode base64 data , use base64_decode().
It is not professional solution, but take look at this : http://www.zend.com/en/products/guard/
How Can I decode this php curl script: http://pastebin.com/raw.php?i=YWE1i4U7
It's got un-encoded characters here and there, like the "t"s, the "v"s, etc.
You can convert each \x12 escaped character with hexdec and chr. And to automate that a little with preg_replace.
print preg_replace('/[\\\\]x(\w\w)/e', 'chr(hexdec("$1"))', $script);
Though that's only a partial "decoding". Won't make everything legible, nor will it likely leave the code in a working state.
This builds on mario's very cool string replacement.
Save your file as source.phps - most servers will display this as PHP source code and will not execute it. (Check with your local web server admin to make sure .phps is enabled and safe).
In the same directory, create a file that's a decoder, I called mine decode.php. The contents:
<?php
$phpsource = file_get_contents('source.phps');
highlight_string(str_replace(";",";\n", preg_replace('/[\\\\]x(\w\w)/e', 'chr(hexdec("$1"))', $phpsource)));
?>
This is a basic step that makes the code a little bit more readable so you can see the PHP. It's still very ugly, as it obfuscates itself as much as it possibly can, but now you can see, with code-highlighting the various calls to base64_decode and header the script makes.
I want to create a PHP script that grabs the content of a website. So let's say it grabs all the source code for that website and I say which lines of code I need.
Is there a function in PHP that allows you too do this or is it impossible?
Disclaimer: I'm not going to use this for any illegal purposes at all and not asking you too write any code, just tell me if its possible and if you can how I'd go about doing it. Also I'm just asking in general, not for any specific reason. Thanks! :)
file('http://the.url.com') returns an array of lines from a url.
so for the 24th line do this:
$lines = file('http://www.whatever.com');
echo $lines[23];
This sounds like a horrible idea, but here we go:
Use file_get_contents() to get the file. You cannot get the source if the web server first processes it, so you may need to use an extension like .txt. Unless you password protect the file, obviously anybody can get it.
Use explode() with the \n delimiter to split the source code into lines.
Use array_slice() to get the lines you need.
eval() the code.
Note: if you just want the HTML output, then ignore the bit about the source in step 1 and obviously you can skip the whole eval() thing.
For the most part, when I want to display some HTML code to be actually rendered I would use a 'close PHP' tag, write the HTML, then open the PHP again. eg
<?php
// some php code
?>
<p>HTML that I want displayed</p>
<?php
// more php code
?>
But I have seen lots of people who would just use echo instead, so they would have done the above something like
<?php
// some php code
echo("<p>HTML that I want displayed</p>");
// more php code
?>
Is their any performance hit for dropping out and back in like that? I would assume not as the PHP engine would have to process the entire file either way.
What about when you use the echo function in the way that dose not look like a function, eg
echo "<p>HTML that I want displayed</p>"
I would hope that this is purely a matter of taste, but I would like to know if I was missing out on something. I personally find the first way preferable (dropping out of PHP then back in) as it helps draw a clear distinction between PHP and HTML and also lets you make use of code highlighting and hinting for your HTML, which is always handy.
The first type is preferable, exactly for the reasons you mentioned.
Actually, echoing out whole chunks of html is considered bad practice.
No, there's no performance increase that would be visible.
Sometimes its just simply easier to output content using echo (for example, when inside a while or for loop) than to close the php tag.
I think there's a preprocessor which converts the same form into the second. That's what happens in ASP.NET, anyway. And in both ASP.NET and classic ASP, loops can actually stretch across raw-HTML regions.
There's no performance difference at all.
Just the style that produces the most readable code. Depending on the actual situation that can be either of the two.
But mixing HTML and PHP should be avoided where possible anyway. THis can be accomplished by using a template system for your views.