PHP Javascript Obfuscator

PHP Javascript Obfuscator

Anti-Theft Protection for JavaScript Source Code

The Code Repository

The WiseLoop PHP JavaScript Obfuscator can be used directly on JavaScript URLs like this:

<script src="jso.php?js=some/path/to/your/js/directory/my-js-code-file.js&doDecoy=true&doMinify=true&doLockDomain=true&doScrambleVars=true&encryptionLevel=2&expirationDate=2090-12-12" type="text/javascript"></script>

The obfuscator will deliver the obfuscated version of "real-path-to-js/my-js-code.js".
But what if someone checks the page source and see where the real path where "my-js-code.js" is located? A simple browser request to "real-path-to-js/my-js-code.js" will reveal the JavaScript source code.

The code repository will hide the real path to JavaScript files and will increase the protection level.
Basically, the code repository consists of a list of directories containing the JavaScript files to be protected. The directories can be located anywhere on your server and they will not be revealed when using the obfuscator. So, when using the obfuscator with the repository feature (recommended) the usage will be:

<script src="jso.php?rjs=repository-name/my-js-code.js" type="text/javascript"></script>

The obfuscator will search through all the directory entries under the "repository-name" for the "my-js-code.js" file. When founded, it wil obfuscate it and deliver it to the requester. There is no way for the client-side to find out where the actual real source code of "my-js-code.js" is located.
There are several ways to configure a repository:

1. Create a new custom repository

This is the most common and recommended way of setting up a JavaScript code repository.
Just create a new .php (ex. my-app-repository.php) file under the /php-javascript-obfuscator/repository directory and make it look like this:

return array(
    __DIR__ . '/../a/relative/path/to/js/files',
    __DIR__ . '/../another/relative/path/to/js/files',

To deliver obfuscated code for the file "my-js-code.js" use the following snippet:

<script src="jso.php?rjs=my-app-repository/my-js-code.js" type="text/javascript"></script>

Of course, file "my-js-code.js" must exists in one of the directories specified in the repository. Also, the file must be unique across the directories belonging to the repository.
A very usual scenario is that the repository contains just a single directory.
If you have JavaScript files with the same name in different directories, just create new repositories with those directories so that a certain repository will not contain duplicate file names.

  • The repository file must reside inside the /php-javascript-obfuscator/repository directory.
  • It is recommended to use absolute directory paths in order to avoid confusion. Use the __DIR__ PHP function to retrieve the absolute path of the current repository file, and relatively start build from there the desired paths (like the first two directories in the sample above).
  • When specifying the repository name inside the script tag, you must skip the .php extension
  • Because the repository name will be used inside a HTTP request, please name it accordingly - no spaces or any incompatible chars are allowed.
  • The subdirectories of a repository directory are not considered, so no recursive directory search will be made when looking for a certain JavaScript file; the search is done only in the directories specified in the repositories.

/php-javascript-obfuscator/repository directory should have a "sample-repository.php". You can also make a copy of it, rename it and modify it to suit your needs.

1.1. Achieve more protection using Apache .httaccess

Even the directory path of a repository entry remains unknown for the outside world, you can furthermore protect it by using a .htaccess file that will limit the access more drastically.
A sample .htaccess is provided inside the /php-javascript-obfuscator/repository directory and its contents should look like:

 <Files ~ "\.js$">
 Order allow,deny
 Deny from all

Please be aware that when you protect a JavaScript directory with .htaccess file, you will no longer be able to access (load) directly any of the JavaScript files from it. So, if your website page tries to load directly a JavaScript file from there, the request will be denied.
In this case, you will need to load the JavaScript files through the WiseLoop PHP Javascript Obfuscator only and of course, you'll get a much higher level of protection.

2. Use the provided default.php repository

This method is suitable (but not recommended) if the obfuscator will be used for only a single application.
Just edit the /php-javascript-obfuscator/repository/default.php file and tune it according to your needs, but minding the same rules mentioned above.

It somehow shortens the usage snippet, but there is no such a big difference:

<script src="jso.php?js=my-js-code.js" type="text/javascript"></script>

Basically, the obfuscator will consider the "my-js-code.js" as a full path to a JavaScript file and most likely that path will not really exists and the obfuscator will look for it in the default.php repository. This method is not recommended as it can bring some little performance loss due to the unsuccessful attempt of loading a believed to be a real full path to a JavaScript source code file.
So, even if you have just a single JavaScript application, it is better to create a new repository for it instead of using the default one.

Regular License $20.00
Use by you or one client, in a single end product which end users are not charged for.

Extended License $100.00
Use by you or one client, in a single end product which end users can be charged for.

Short Information

Obfuscate, scramble, minimize, domain lock, set an expiration date and encrypt your JavaScript code to protect it against theft!
This safe JavaScript anti-theft protection allows you to deliver live obfuscated encrypted JavaScript code by online processing the original source code directly on the server side, so no offline processing is needed. Just copy your original JavaScript source code to the server, and deliver it to the browser through the WiseLoop PHP Javascript Obfuscator and you will be protected against theft.

Buyer rating:
500 Sales