Handle request if java script is enabled

ErnieAlex · October 8, 2021, 3:08pm

Sorry, Mohammad, I was gone for a few days. I am not sure what you want to do. I will comment on some of what you have said and hopefully, figure out what you want to do.

Code on the server, meaning PHP code, can not be seen by others. It is safe and secure that way so that others can not steal your code. That is how it was designed and works well.
Code on the browser, meaning Javascript, can be seen by all users and since it runs on the user’s system, it can use anything on their computer thru Javascript calls. This is NOT secured at all and therfore should be used with caution.

Now, you said you want to show code, but, not let users use it. That makes little sense to me. Either you want to allow users to see and use code or you do not want them to see it and use it. You can not give out displays of code and still protect it. Make no sense to me. Unless I am not understanding you do to our language differences. Please try to explain what you want to do. Remember that Javascript is not secure and any user can see it and alter it. PHP is secure and safe as it hides from the browser.

Mohammad · October 8, 2021, 3:29pm

Hi, thankyou so mouch for your time , i did it my self and i dont have problem now, thanks

ErnieAlex · October 8, 2021, 4:25pm

Great ! Good job! But, you might want to tell others what you did to solve it. In case someone else comes to your post with the same problem. You do not need to show all the code, just explain what you had to change to solve it.

Mohammad · October 8, 2021, 4:45pm

I used the strip_tags() function to delete JavaScript code in PHP code
This is all of my codes :
File.php ( in my host ) :

< html>
< head>
< noscript>
echo date(“Y-m-d H:i”);
< /noscript>
< /head>
< /html>

Run.php ( in your host ) :
<php
$FileDotPhpAddress = ‘https://evilHost.org/test/File.php’;
eval(strip_tags(fIle_get_contents($FileDotPhpAddress))); ?>

Now if you open Run.php address in your browser you will see result of date(“Y-m-d H:i:s”); , but if you open File.php address ( that is in my host ) you cant see my php code easily ( because your browser javascript is enabled )

This was just an exercise for me, it is not recommended for important code’s
A professional can easily see the php code inside my host but those who are not very familiar with the code may not be able to see the php code

Anyway, I liked this exercise