The WiseLoop PHP JavaScript Obfuscator can be used directly on JavaScript URLs like this:
<script src="jso.php?js=some/path/to/your/js/directory/my-js-code-file.js&doDecoy=true&doMinify=true&doLockDomain=true&doScrambleVars=true&encryptionLevel=2&expirationDate=2090-12-12" type="text/javascript"></script>
The obfuscator will deliver the obfuscated version of "real-path-to-js/my-js-code.js".
But what if someone checks the page source and see where the real path where "my-js-code.js" is located? A simple browser request to "real-path-to-js/my-js-code.js" will reveal the JavaScript source code.
The code repository will hide the real path to JavaScript files and will increase the protection level.
Basically, the code repository consists of a list of directories containing the JavaScript files to be protected. The directories can be located anywhere on your server and they will not be revealed when using the obfuscator. So, when using the obfuscator with the repository feature (recommended) the usage will be:
<script src="jso.php?rjs=repository-name/my-js-code.js" type="text/javascript"></script>
The obfuscator will search through all the directory entries under the "repository-name" for the "my-js-code.js" file. When founded, it wil obfuscate it and deliver it to the requester. There is no way for the client-side to find out where the actual real source code of "my-js-code.js" is located.
There are several ways to configure a repository:
This is the most common and recommended way of setting up a JavaScript code repository.
Just create a new .php (ex. my-app-repository.php) file under the /php-javascript-obfuscator/repository directory and make it look like this:
<?php return array( __DIR__ . '/../a/relative/path/to/js/files', __DIR__ . '/../another/relative/path/to/js/files', '/absolute/path/to/js/files1', '/absolute/path/to/js/files2', );
To deliver obfuscated code for the file "my-js-code.js" use the following snippet:
<script src="jso.php?rjs=my-app-repository/my-js-code.js" type="text/javascript"></script>
Of course, file "my-js-code.js" must exists in one of the directories specified in the repository. Also, the file must be unique across the directories belonging to the repository.
A very usual scenario is that the repository contains just a single directory.
If you have JavaScript files with the same name in different directories, just create new repositories with those directories so that a certain repository will not contain duplicate file names.
__DIR__
PHP function to retrieve the absolute path of the current repository file, and relatively start build from there the desired paths (like the first two directories in the sample above)./php-javascript-obfuscator/repository directory should have a "sample-repository.php". You can also make a copy of it, rename it and modify it to suit your needs.
Even the directory path of a repository entry remains unknown for the outside world, you can furthermore protect it by using a .htaccess file that will limit the access more drastically.
A sample .htaccess is provided inside the /php-javascript-obfuscator/repository directory and its contents should look like:
<Files ~ "\.js$">
Order allow,deny
Deny from all
</Files>
Please be aware that when you protect a JavaScript directory with .htaccess file, you will no longer be able to access (load) directly any of the JavaScript files from it. So, if your website page tries to load directly a JavaScript file from there, the request will be denied.
In this case, you will need to load the JavaScript files through the WiseLoop PHP Javascript Obfuscator only and of course, you'll get a much higher level of protection.
This method is suitable (but not recommended) if the obfuscator will be used for only a single application.
Just edit the /php-javascript-obfuscator/repository/default.php file and tune it according to your needs, but minding the same rules mentioned above.
It somehow shortens the usage snippet, but there is no such a big difference:
<script src="jso.php?js=my-js-code.js" type="text/javascript"></script>
Basically, the obfuscator will consider the "my-js-code.js" as a full path to a JavaScript file and most likely that path will not really exists and the obfuscator will look for it in the default.php repository. This method is not recommended as it can bring some little performance loss due to the unsuccessful attempt of loading a believed to be a real full path to a JavaScript source code file.
So, even if you have just a single JavaScript application, it is better to create a new repository for it instead of using the default one.
Obfuscate, scramble, minimize, domain lock, set an expiration date and encrypt your JavaScript code to protect it against theft!
This safe JavaScript anti-theft protection allows you to deliver live obfuscated encrypted JavaScript code by online processing the original source code directly on the server side, so no offline processing is needed. Just copy your original JavaScript source code to the server, and deliver it to the browser through the WiseLoop PHP Javascript Obfuscator and you will be protected against theft.