lime icon

Phosphorus and Lime

A Developer's Broadsheet

This blog has been deprecated. Please visit my new blog at klenwell.com/press.
JS: a php javascript pseudo-compiler
Actually it's script obfuscator, of sorts. It is meant to make your javascript files functional yet inaccessible. It's based on this script. I attempted to package the concept a little more neatly.

It works as far as I've investigated, but that has only been as far as Firefox and IE 6.

NOTE: falsifier found. save complete web page in IE or Firefox and it renders visible the js portion of the js_script.php page

I imagine it would be possible to conceal the js script more effectively using this basic concept together with some conditional file operations, but I'll have to come back to this.

php_js_compiler.inc.php

function js_php_run($js_path)
{
// *** DATA

// *** MANIPULATE

// start session
if ( session_id() == '' ) session_start();

// set session compile flag
$_SESSION['compile_js'] = 1;

// build script link
$script_link = '<script language="JavaScript" src="' . $js_path . '"></script>';

// *** RETURN

// print this below in html doc head section
return $script_link;
}


function js_php_compile()
{
// start session
session_start();

// check flag
if ( !$_SESSION['compile_js'] ) die('js compile error');

// reset flag
$_SESSION['compile_js'] = 0;

// send content header
header("Content-type: application/x-javascript");

// return
return;
}

?>


js_script.php
require_once('php_js_compiler.inc.php');
js_php_compile();
?>

// if you can read the following word, this js protection scheme has failed: WORD

//any javascript can go in here
alert("js compiler enabled");


js_compiler_test.php
<?php
require_once('php_js_compiler.inc.php');
$js_path = 'js_script.php';
$js_link = js_php_run($js_path);

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html>
<head>
<title>javascript protector?</title>

<!-- JS File Calls -->
<!-- <script language="JavaScript" src="js_script.php"></script> -->
<?php echo $js_link; ?>

</head>

<body>

<h2>test in progress</h2>

<p>if javascript is enabled on your computer, you should have seen a javascript alert
pop-up.</p>

<p>however, if you try to view the source directly in your browser, you should get an error message.</p>
<a href="js_script.php">source file : js_script.php</a>

</body>
</html>


an online demo: js_compiler_test.php