1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Use PHP to determine what code is shown in "View Source" ...

Discussion in 'PHP & Perl' started by OTrap, Mar 29, 2014.

  1. OTrap

    OTrap Jr. VIP Jr. VIP

    Joined:
    Jul 12, 2008
    Messages:
    2,282
    Likes Received:
    1,051
    I currently have a setup for page2.php that looks something like this:

    Code:
     <?
    $referer = $_SERVER['HTTP_REFERER'];
    
    if ( top != self && $referer == "http://www.website.com/randompage.html") {
    
        echo "Page 1";
        echo "$referer";
    
    } else {
        echo "Page 2";
        echo "$referer";
    }
    
    ?>
    My understanding is that this means that unless a page is framed by http://www.website.com/randompage.html, it will show "Page 2."

    However, it appears that if you use Chrome, and you go to http://www.website.com/randompage.html, find the source code, and find the framed page, and then they go to "view-source: http://www.website.com/page2.php," it will still show the "Page 1" source code.

    Is there any way to side-step that?

    Thanks.
     
    Last edited: Mar 29, 2014
  2. MrBlue

    MrBlue Senior Member

    Joined:
    Dec 18, 2009
    Messages:
    950
    Likes Received:
    662
    Occupation:
    Web/Bot Developer
    No it should not show both pages. PHP runs server side and based on the above code it will echo out only one of the two pages and not both.
     
  3. OTrap

    OTrap Jr. VIP Jr. VIP

    Joined:
    Jul 12, 2008
    Messages:
    2,282
    Likes Received:
    1,051
    My apologies. I didn't explain myself well.

    My attempt above was to prevent people from being able to view the "Page 1" source code, and instead only showing them the "Page 2" source code.

    However, it appears that if they visit the parent framing page first, they can view the "Page 1" source code by typing "view-source: http://www.website.com/page2.php" in Chrome.

    I was curious if there was any way around this. Would preventing the cache or something of that sort do it?
     
  4. MrBlue

    MrBlue Senior Member

    Joined:
    Dec 18, 2009
    Messages:
    950
    Likes Received:
    662
    Occupation:
    Web/Bot Developer
    Sure you can view-source:anywebpage.php you want. I think what I'm not understanding here is HOW would they know what page to view-source of?

    Can you PM an example of what you are doing?
     
    • Thanks Thanks x 1
    Last edited: Mar 29, 2014
  5. OTrap

    OTrap Jr. VIP Jr. VIP

    Joined:
    Jul 12, 2008
    Messages:
    2,282
    Likes Received:
    1,051
    I'm going to try to mention this differently.

    I have a page: index.php. It looks, more or less, like this:

    Code:
    <html>
    <head>
    <title>Some page</title>
    </head>
    <body>
        <div>
            <iframe src="frame.php"></iframe>
        </div>
    </body>
    </html>
    Now, on that "frame.php" page, I have this:

    Code:
    <?
    $referer = $_SERVER['HTTP_REFERER'];
    
    if ( top != self && $referer == "index.php") { ?>
    
    <html>
    <head>
    <title>Framed content</title>
    </head>
    <body>
        <div>
            Eat me.
        </div>
    </body>
    </html>
    
    <? } else {
        echo "Don't eat me.";
        echo "$referer";
    }
    
    ?>
    What seems to happen is this: If someone first goes to the index.php page, and then they type this into the address bar:

    view-source:http://mydomain.com/frame.php

    They get this:

    Code:
    <html>
    <head>
    <title>Framed content</title>
    </head>
    <body>
        <div>
            Eat me.
        </div>
    </body>
    </html>

    But if they don't first go to index.php, then they get:

    Code:
    1 Don't eat me

    Is there any way to make it so that they get the latter any time they use the "view-source" feature on frame.php?
     
  6. x00bin

    x00bin Newbie

    Joined:
    Mar 20, 2014
    Messages:
    19
    Likes Received:
    1
    Occupation:
    Independent Contractor
    Location:
    World Wide Web
    Home Page:
    Dont you think everyone would hide his source code this way? :)

    You cant! All you can do is: Encrypt your source code.
     
  7. OTrap

    OTrap Jr. VIP Jr. VIP

    Joined:
    Jul 12, 2008
    Messages:
    2,282
    Likes Received:
    1,051
    I actually found a handy little workaround that hides it. Naturally, the debugging tool would still allow anyone to see the full source code, but I actually got it to work the way I wanted it to otherwise.
     
  8. royserpa

    royserpa Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 28, 2011
    Messages:
    4,641
    Likes Received:
    3,491
    Gender:
    Male
    Occupation:
    Negative Options aka Rebills!
    Location:
    Royserpa
    Home Page:
    Would you mind sharing it? I am trying to make something like it :)
     
  9. OTrap

    OTrap Jr. VIP Jr. VIP

    Joined:
    Jul 12, 2008
    Messages:
    2,282
    Likes Received:
    1,051
    Sure!

    I'm out and about, but when I get home, I'll spell out what I'm doing. The page itself is this:

    http://earnlike.us/

    The gist of what I did was force another page to load the video page with the error in a small frame after the video has already loaded in the current page. So what is displayed on the current page will not show up if you actually go to the framed page.

    It's a bit of a mess, so be warned. It's the sum total of my efforts, so it could probably be streamlined, but I'm not messing with it, since it seems to work apart from the debugging tool.
     
  10. handmadebots

    handmadebots Senior Member

    Joined:
    Nov 8, 2012
    Messages:
    902
    Likes Received:
    204
    Home Page:
    I am pretty sure that if you set the right permissions to your files, they won't be able to see the source code. Set the permissions of the php files that you don't want people to see the source code, just to execute only.
     
  11. CoolAdvisor

    CoolAdvisor Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 24, 2008
    Messages:
    976
    Likes Received:
    360
    you mix php and js?
    Code:
    top != self 
    
    this part is should be a js, you cannot detect if your page is iframed via php, you need to do it client-side using js
     
    Last edited: Jun 9, 2014
  12. CoolAdvisor

    CoolAdvisor Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 24, 2008
    Messages:
    976
    Likes Received:
    360
    cool landing page, btw, really impressing
     
    • Thanks Thanks x 1
  13. OTrap

    OTrap Jr. VIP Jr. VIP

    Joined:
    Jul 12, 2008
    Messages:
    2,282
    Likes Received:
    1,051
    Ah, so the top != self part doesn't do anything, since it's not in js?

    And thanks. I learned from one of the best.
     
    • Thanks Thanks x 1