Simple way to obfuscate javascript code by PHP - Stack Overflow

admin管理员组

文章数量:1320661

I want to give a free download to my web visitor but I will hide the download link until they click the facebook like button. After they like it then jquery will make the button active and add 'href' attribute to the tag, contains path to the file, so then user will be able to click the link and download the file.

The problem is, user will be able to see the path easily when viewing source of the html in their browser. Is there any easy way in php (I put the javascript codes inside on PHP file) to make a the path is harder to read?

It's fine when people will be able to deobfuscate it. I just want to make it harder to read for non advance user, so then people will consider to like the link instead of finding a way to deobfuscate the code.

Thank you

I want to give a free download to my web visitor but I will hide the download link until they click the facebook like button. After they like it then jquery will make the button active and add 'href' attribute to the tag, contains path to the file, so then user will be able to click the link and download the file.

The problem is, user will be able to see the path easily when viewing source of the html in their browser. Is there any easy way in php (I put the javascript codes inside on PHP file) to make a the path is harder to read?

It's fine when people will be able to deobfuscate it. I just want to make it harder to read for non advance user, so then people will consider to like the link instead of finding a way to deobfuscate the code.

Thank you

• php
• javascript
• jquery

Share Improve this question Follow asked Dec 7, 2012 at 14:20 webchunwebchun 1,21422 gold badges1414 silver badges3030 bronze badges 4

• 4 People will like it if the download is good. Else, you should not force them to like… – Bergi Commented Dec 7, 2012 at 14:25
• This seems unethical and possibly violates a TOS: requiring a LIKE from the user to pay for software that hasn't been tried yet.... before the user knows if the download was good, plete, patible or even relevant. In this way a download with spyware, adware, or just an obscene troll, can gain an undeserved endorsement. – Paul Commented Dec 7, 2012 at 14:44
• @Paul lol This won't be something like that. I just want to give free design/psd files (just like icons, psd themes etc) to my website visitors and as a giving back their 'like' will help me to spread my website through their facebook. And also, as this is just a design stuffs, user will be able to see the image preview of file in the blog content. – webchun Commented Dec 7, 2012 at 14:56
• @dreamexploded I don't want to assume any negative intent on your part. Trying to get any kind of acknowledgment for free icons, utilities, etc... is difficult because of all the takers. Still, this Q&A creates a controversial recipe. – Paul Commented Dec 7, 2012 at 15:10

Add a ment  | 

4 Answers 4

Sorted by: Reset to default 3

The only way to really do this properly is, of course, for the button press to make a round-trip to the server to retrieve the URL, via ajax or whatever.

But if you don't want to do that, and just want to obscure it, there are plenty of options. Base-64 encoding, for instance, has good support both in PHP and JavaScript, so you could encode the path on the PHP side (with base64_encode) and decode on JavaScript once the button is pressed (using any of several solutions discussed here on Stack Overflow).

Perhaps you could just store the path server side and have the frontend pass a special code to a remote endpoint once the item has been "liked".

$([however you're binding to the like button]).on('click', function() {
 $.getJSON('/download_link.php', {'key': <some unique key>}, function(response) {
   if(response.status == 'valid') {
     $('<div><a href="' + response.path + '">Download the item now!</a></div>').appendTo('body');
   }
   else {
     alert('invalid security key');
   }
 });
});

If you're worried about people easily seeing the routine, then go to packer (http://dean.edwards.name/packer/). It's not secure but it will deter your average joe from seeing the code easily.

FYI the code above looks like this when packed:

eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('$([m h\'9 e l 2 5 6]).7(\'8\', 3() {\n     $.b(\'/c.d\', {\'1\': <f g 1>}, 3(0) {\n       i(0.j == \'k\') {\n         $(\'<4><a n="\' + 0.o + \'">p 2 q r!</a></4>\').s(\'t\');\n       }\n       u {\n         v(\'w x 1\')}})});',34,34,'response|key|the|function|div|like|button|on|click|re||getJSON|download_link|php|binding|some|unique|you|if|status|valid|to|however|href|path|Download|item|now|appendTo|body|else|alert|invalid|security'.split('|'),0,{}))

You'll need to return the following from the download_link.php file:

<?php
  if(valid_key($_REQUEST['key'])) {
     header('Content-Type: application/json');
     echo json_encode(array('status' => 'valid', 'path' => generate_secret_path()));
  }
?>

Hope that helps.

You can try something like this:

ob_start();
# Insert regular JavaScript here...
$generatedoutput = ob_get_contents();
ob_end_clean();
$generatedoutput = str_replace("\\\r\n", "\\n", $generatedoutput);
$generatedoutput = str_replace("\\\n", "\\n", $generatedoutput);
$generatedoutput = str_replace("\\\r", "\\n", $generatedoutput);
$generatedoutput = str_replace("}\r\n", "};\r\n", $generatedoutput);
$generatedoutput = str_replace("}\n", "};\n", $generatedoutput);
$generatedoutput = str_replace("}\r", "};\r", $generatedoutput);
require('javascriptpacker.php');
$myPacker = new JavaScriptPacker($generatedoutput, 62, true, false);
$packed = $myPacker->pack();
echo($packed);

And add this way:

<script language="JavaScript" type="text/javascript" src="js.php"></script>

^{N.B: Originally from sites.google./a/vansteenbeek/archive/obfuscate_javascript, which is now a 404}

There are lots of ways to do what you want. Here's a simple algorithm that can build a URL. You can use this as inspiration. The following algorithm builds the URL "http://www.google./"

var url = [
    72, 84, 84, 80, 26, 15, 15, 87,
    87, 87, 14, 71, 79, 79, 71, 76,
    69, 14, 67, 79, 77, 15
].map(function(u) {
    return String.fromCharCode(u + 32);
}).join('');

console.log(url);

本文标签： Simple way to obfuscate javascript code by PHPStack Overflow