...

View Full Version : Viewing php in browser & other puzzles!



nickyfraggle
12-28-2007, 09:11 PM
Hello,

I have been coding php for some time now and have heard of a couple of odd things. Just wondered if anyone knew the answers.

1) I have heard that there are ways for people to view your php code in a website, even though php is a server side scripting language. I always thought the fact that the php code is hidden from the users of the site was one of the strong points of using php.

2) I have also heard (from someone at uni) that it is possible to compile php code. I didn't think this was possible. It would be great if it was as it would mean all my mode wouldn't be open to people playing with it if it was sold on!!

Not sure if these are just complete myths!!

Thanks guys!

Nicky

oesxyl
12-28-2007, 09:53 PM
Hello,

I have been coding php for some time now and have heard of a couple of odd things. Just wondered if anyone knew the answers.

1) I have heard that there are ways for people to view your php code in a website, even though php is a server side scripting language. I always thought the fact that the php code is hidden from the users of the site was one of the strong points of using php.

true only if the server is bad configured otherwise no.



2) I have also heard (from someone at uni) that it is possible to compile php code. I didn't think this was possible. It would be great if it was as it would mean all my mode wouldn't be open to people playing with it if it was sold on!!


kind of compile:

http://www.php.net/manual/en/ref.bcompiler.php



Not sure if these are just complete myths!!


or interpretation, :)

best regards

nickyfraggle
12-28-2007, 10:12 PM
Hehe! Thanks for your help! It seems a great many things are open to interpretation!!

Nicky

Jesuspwnt
12-29-2007, 02:29 AM
"hackers" can see your code if they find a vulnerablility in your code that allows them to.
Another way is via local file inclusion which is another type of vulnerablility.
last way is if the server is misconfiguired, or you use a distobution of the lightspeed server. as there has been found an exploit which with 3 characters at the end of the filename, a "hacker" can view the source of that file

Inigoesdr
12-29-2007, 03:01 AM
1) I have heard that there are ways for people to view your php code in a website, even though php is a server side scripting language. I always thought the fact that the php code is hidden from the users of the site was one of the strong points of using php.
Not directly, no. Someone can't just right-click and hit View Source. But as oesxyl & Jesuspwnt stated, if you're on a shared server and security is lax, it is possible for them to get the source.

2) I have also heard (from someone at uni) that it is possible to compile php code. I didn't think this was possible. It would be great if it was as it would mean all my mode wouldn't be open to people playing with it if it was sold on!!
Your code is compiled into bytecode by PHP encoders(Zend Guard, Ioncube) so people can't see the source, but there have been a couple of hackers who have found ways to get at least part of the code from the encoded file(maybe not with the newer versions?). There is also the PHP GTK (http://gtk.php.net/) that will compile code, but that is for running it in your OS GUI, not on your website.

matak
12-29-2007, 05:15 AM
php gtk doesn't compile php code.

Inigoesdr
12-29-2007, 06:03 AM
Sorry, let me be more specific. The PHP GTK can be used to run PHP code that will generate GUI apps, and some programs (http://www.roadsend.com/home/?pageID=compiler) will compile PHP code that will run as a standalone desktop GUI app on the OS it was compiled for.

mlse
12-29-2007, 03:18 PM
This is a nice little PHP -> EXE (windows) "compiler" that I've used before (ages and ages and ages ago!): http://www.bambalam.se/bamcompile (not a true compiler in that it does not produce native machine code). Might be out of date now.

matak
12-29-2007, 06:11 PM
and let's also say that compiling PHP code is going against all that PHP stands for. if PHP wasn't free code from the start websites would still be in stone age

Inigoesdr
12-30-2007, 02:21 AM
and let's also say that compiling PHP code is going against all that PHP stands for. if PHP wasn't free code from the start websites would still be in stone age

I wouldn't go so far as to say it goes against what PHP stands for.. keep in mind that Zend makes and distributes(not for free I might add) the most widely used encoding software whose main purpose is to prevent people from seeing the source. But, I will agree that PHP wasn't designed to be compiled to begin with, and is certainly not the ideal platform for designing GUI programs.

mlse
12-30-2007, 05:16 PM
On the subject of GUI programs; I know this is a little off-topic, but I have used wxPython (http://www.wxpython.org/) quite a bit for writing GUI programs ... it is not the greatest thing since sliced bread, but you can knock up cross-platform demos really really fast!

matak
12-31-2007, 04:08 AM
i would really like to see how people write programs for php gtk. but i really mean, the whole source from the start. from echoing links to drawing lines with mouse. :coffee:



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum