brooksh Posted June 24, 2009 Share Posted June 24, 2009 I'm trying to hide the source code if a user directly goes to my xml page. I used this before and it worked, but it doesn't for this. <?php header("Cache-Control: no-cache, no-store, must-revalidate, max-age=0"); // HTTP/1.1 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past if(!empty($_SERVER['HTTP_REFERER']) && substr($_SERVER['HTTP_REFERER'],0,21)== "http://www.mywebsite.com") { echo '<?xml version="1.0" encoding="UTF-8"?>'; ?> ......My XML CODE....... <? } ?> Here is my code to call this xml.php page. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <script type="text/javascript" src="swfobject2.js?v=2.1"></script> <script type="text/javascript"> var params = {allowfullscreen: "true"}; var flashvars = {dataFile: "xml.php"}; var attributes = {}; swfobject.embedSWF("file.swf", "flashContent", "640", "480", "9", false, flashvars, params, attributes); </script> Quote Link to comment Share on other sites More sharing options...
corbin Posted June 24, 2009 Share Posted June 24, 2009 Short answer: You can't hide something you send to the client. Quote Link to comment Share on other sites More sharing options...
RussellReal Posted June 24, 2009 Share Posted June 24, 2009 you COULD do a shifty lil maneuver, but this doesn't actually prevent people from just viewing the source of js injecting the main page// but on the main page do this session_start(); $_SESSION['send_xml'] = true; and then in the xml php page do this: session_start(); if ($_SESSION['send_xml'] == true) { $_SESSION['send_xml'] = false; // send xml here.. } that would ocne they hit the page set the session var, then when the page requests the xml, the xml php page will check for the session, if it has it set to true, then it sets it to false and displays the data, this way if they try to go directly to that xml php page.. the session wouldn't be set to true, and they wouldn't get any output.. but firebug would be perfect for any beginner leecher to just rip it right outta your main page so this just protects against people going directly to the file Quote Link to comment Share on other sites More sharing options...
brooksh Posted June 25, 2009 Author Share Posted June 25, 2009 RussellReal that's awesome Quote Link to comment Share on other sites More sharing options...
corbin Posted June 25, 2009 Share Posted June 25, 2009 Someone who knew what he/she was doing could get around that in about 1 second.... Guess it's better than nothing though. Quote Link to comment Share on other sites More sharing options...
brooksh Posted June 25, 2009 Author Share Posted June 25, 2009 exactly. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.