Jump to content

Recommended Posts

Hi Shabar

usually it's not a problem because surfers can't read your PHP code anyway.

 

One way (maybe not the best, lets see what others say) would be to obfuscate the code in some way, that is to make it look like it is doing something else.

 

function log_into_google_stats($google_url) {
  include sha1($google_url).'php';
  }

$google_advertising_link = 'http://www.google.co.uk/intl/en/ads/';
log_into_google_stats($google_advertising_link);

 

And call your php file :    9e5030bed0afa0cb93c00ccb86d344d3b821b171.php

 

(Incidentally, the name here of the PHP file is the SHA1 hash of the URL used for google advertising)

 

 

IMPORTANT :  It is not foolproof !!!!  A PHP programmer would be able to work out what you were doing.  But to the casual user, it looks like you are doing something around logging into a google advertising hit counter or something. 

Other people may have better suggestions, but give that a whirl. Good luck.

if a PHP programmer has acess to your pages.. than the last thing you need to worry about is obfuscating your page name. and technically, this isn't obfuscating the code, because the code remains untouched. Also, unless you sha1 the actual file names of the files themselves, this method is kind of dumb

 

if you really want to inlude a page without explictely using the "include" function, you can use get file contents, and eval... but thats just a really dumb way of using include.

 

 

is there any reason you don't want to use include? PHP code is already hidden so i don't really see the problem

so someone is going to go through every one of the files they want to include, and apply a sha1 hash to all of them? No offense, but that just seems kind of dumb.

 

and I did provide an alternative.. file_get_contents + eval, but thats just a slower version of include, which I also stated.  I don't even understand why OP doesn't want to use include, or one of its sister functions, but whatever

weird post, but i'll give my two cents anyways.

 

to reiterate, PHP code cannot be seen once parsed to the web browser, therefore, 'hiding' the names of your included files is a waste of time, since in order for anyone to read the name of the included file within your script, they'd have to have a copy of the original file/script, in which case, you've already been compromised.

 

thing is, if somebody really wants to get something from you, they'll find a way.  otherwise, encoding/encrypting/masking include()ed filenames is really going to do diddly-squat.

 

let's say you mask the filename, have you added it to you .htaccess file to be excluded from scrapers/bots?  you see, there's always ways to gain access.

Thax for your valuable ideas and suggestions.

 

My real practical issue is I have a PageA.php file and according to the information It calls second php file (PageB.php) within PageA.php.

 

I checked with include section but it was not there.

So I need to find out from which part of the PageA.php call the second page (PageB.php)

 

Only thing even name "PageB.php" not mentioned in the PageA.php

 

Because in some pages I fin following part where it calls second page

 

<form name="frm" class="cssform" action="xxxxxx.php" method="post">

 

Likewise are there any other ways to call another php page by not giving the calling page directly.

 

 

thax

 

shabar

 

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.