By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
445,876 Members | 1,191 Online
Bytes IT Community
Submit an Article
Got Smarts?
Share your bits of IT knowledge by writing an article on Bytes.

Don't want to send your comments with the code?

hsriat
Expert 100+
P: 1,654
I am not sure how many of you would have faced this problem, but I faced this many times. I am not good at memorizing things, so I give lot of code comment in my code. And never wanted that code to reach the client. So I used to remove comments from each file by a PHP code and then upload that minified file to the server.

Then an idea came across my mind. And I never removed comments afterwards. May be some of use would already be using this thing, but it's new to me, so thought of posting here.

Here it is...
  • Instead of a regular name folder eg. js or scripts, in which you save your JavaScript files, save them in a random name folder. Something like js_kl32lnfdn.
  • We call our external JavaScript files as [html]<script type="text/javascript" src="/scripts/myscript.js"></script>[/html]
    Instead of this, make a PHP function, something like this:[php]function send_script($script)
    {
    echo "<script type=\"text/javascript\" src=\"/js.php?js=".$script."\"></script>"; //don't use the XML style closing tag (<script .... />) IE would not read it.
    }[/php]Keep this function in a saperate file.
  • In the root folder, save this PHP file (js.php)[php]<?php

    //define the folder name, so that it can be changed anytime.
    define("FOLDER_NAME", "js_kl32lnfdn");

    //path for the original file
    $js_original = $_SERVER['DOCUMENT_ROOT']."/".FOLDER_NAME."/".$_GET['js'];

    //header for the javascript file (will give a warning if not provided)
    header("content-type:text/javascript; charset:UTF-8");

    //alert error if file doesn't exisit
    if (!file_exists($js_original))
    die('alert(\'JavaScript file error!\')');

    //include minificator class
    require('jsmin-1.1.0.php');

    //read and minify the content
    $minified = JSMin::minify(file_get_contents($js_original));

    //header for caching
    header("Expires: ".gmdate("D, d M Y H:i:s", (time()+9000)) . " GMT");

    //year to write on copyright notice
    $year = getdate();
    $year = $year['year'];

    //send your copyright notice
    echo "/* Copyright ".$year." - www.your-website.com */";

    //send the minified version
    echo $minified;

    ?>[/php]
    The minificator PHP class is here: JSMin

What will happen is..
  • The JavaScript file will get minified by the js.php file, which in itself will use a minificator class (not made by me).
  • A file with path js_kl32lnfdn/script1.js will be called as js.php?js=script1.js. So one would never come to know the path to the original (commented) file.
  • For futher security, like if you only want the logged in user to be able to call the javascript or other things, you can add some verification code just in the starting of the js.php.


Hope you will like it. But if there's any drawback, do tell me. :)

Regards,
Harpreet
May 16 '08 #1
Share this Article
Share on Google+
2 Comments


acoder
Expert Mod 15k+
P: 16,027
Haven't tested, but can't see why it can't work.

More useful than trying to hide actual code which is more trouble than it's worth.
May 17 '08 #2

FLEB
P: 30
It's an interesting idea-- both as an obfuscation device and as an automatic space-saving measure.

Instead of using an obscure directory name for the scripts, you would be better off, IMO, putting an .htaccess file into the cleartext scripts directory with a "deny from all" directive (or a full-fledged password-protected directory if you want clear web access to privileged people). Or, you could store the scripts outside the document-root of the server, making them impossible to directly access via the Web. That way there are no cryptic names to remember (just call it "clear-scripts"), and there is no access for anyone-- even if they guess the directory name.

Also, for extra fun, you might want to look into a mod_rewrite rule that would automatically redirect any calls for your scripts to the pre-processor. It's a slick trick, although kind of a pain to debug.
Aug 7 '08 #3