drrvnbwle80177811 2018-12-12 03:50
浏览 68
已采纳

在没有用户能够查看数据的情况下将php数据导入html

I want to get an html page to be able to get a string of anything, for example 'text', without the user of the website being able to see the source of where I got it from. I have a working method right now, but the user can see the source, which is not what I want. Anyone know any ways?

I have my code below:

challenge.php:

<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8">
        <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">

        <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO"
            crossorigin="anonymous">
    </head>

    <body>
        <h1 class="result">Result: </h1>

        <script src="http://code.jquery.com/jquery-3.3.1.min.js" integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=" crossorigin="anonymous"></script>
        <script>
            var req = new XMLHttpRequest();

            req.onload = function() {
                $(".result").html(this.responseText);
            }

            req.open("get", "get-data.php", true);
            req.send();
        </script>
    </body> 
</html>

get-data.php:

<?php

echo json_encode("text");

?>

The only problem for this code is when the user does ctrl + u, they can see "get-data.php. Then they can simply go to that that page and see the text.

  • 写回答

2条回答 默认 最新

  • douyihuaimao733955 2019-01-22 04:33
    关注

    There is no way to do what you wanted. No matter what you do, unless the code is purely php, the user will be able to see the value. The closest you can get is to set the value in javascript and obfuscate it, which will make it much harder to read.

    When you obfuscate var value = "text"; a few times, it ends up looking like var _0x567b=["\x74\x65\x78\x74"];var _0xc6ac=[_0x567b[0]];var _0xc282=[_0xc6ac[0]];var _0x68bd=[_0xc282[0]];var _0xab55=[_0x68bd[0]];var _0x396f=[_0xab55[0]];var _0x12a8=[_0x396f[0]];var value=_0x12a8[0]

    That alone is hard to read, but won't take longer than a few minutes for someone who knows what they're doing. So what I suggest is adding a few random variables (I added 500 extra variables) and obfuscate all of that a few times. Then it becomes much harder to read. 

    var value = "text";
var value = "text";
var value = "text";
var value = "text";
var value = "text";

    ends up being var _0x398a=["\x74\x65\x78\x74"];var _0xefdc=[_0x398a[0]];var _0x6313=[_0xefdc[0]];var _0xa20b=[_0x6313[0]];var _0x2e32=[_0xa20b[0]];var _0xfe7b=[_0x2e32[0]];var value=_0xfe7b[0];var value=_0xfe7b[0];var value=_0xfe7b[0];var value=_0xfe7b[0];var value=_0xfe7b[0] when you obfuscate it a few times.

    Although this may be a strong solution, there is no definite way to make the value 100% unreadable by the user. You will always only be able to make it harder and harder for the user to read the code.

    The obfuscating tool I used is at this link: https://javascriptobfuscator.com/Javascript-Obfuscator.aspx

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥500 火焰左右视图、视差(基于双目相机)
  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本