Secure angularjs code ajax request on php file
Question
I'm working on web app and I'm using angularjs. The problem is, I would like to be able to secure my angular code, I don't want someone look my code.
I have put my angular code to php file, and I'm trying to make request by $.ajax() method.
Can you help me?
This is the code:
index.html file
<!doctype html>
<html lang="en">
<head>
..............
</head>
<body>
..............
<script src="assets/plugins/bootstrap/js/tooltip.js"></script>
<script src="assets/plugins/bootstrap/js/popover.js"></script>
<script src="assets/plugins/wow/wow.min.js"></script>
<script src="assets/plugins/pouchdb/pouchdb-4.0.0.min.js"></script>
<!-- Sripts for individual pages, depending on what plug-ins are used -->
<script src="assets/plugins/layerslider/js/greensock.js" type="text/javascript"></script>
<script src="assets/plugins/layerslider/js/layerslider.transitions.js" type="text/javascript"></script>
<script src="assets/plugins/layerslider/js/layerslider.kreaturamedia.jquery.js" type="text/javascript"></script>
<!-- Initializing the slider -->
<!--Angular scripts-->
<script src="assets/plugins/angular/angular.min.js"></script>
<script src="assets/plugins/angular-country-select/angular.country-select.js"></script>
<script>
(function(){
$.ajax({
url: 'assets/js/an.app.php',
type:'GET',
cache: false,
success: function(newScript){
if(newScript){
$('body').append(newScript);
console.log(newScript);
}
}
});
})();
</script>
<!--Fin Angular-->
<script>
jQuery("#layerslider").layerSlider({
pauseOnHover: true,
autoPlayVideos: false,
skinsPath: 'assets/plugins/layerslider/skins/',
responsive: true,
skin: 'borderlessdark3d',
hoverPrevNext: true,
});
</script>
<script>
new WOW().init();
</script>
<!-- Boomerang App JS -->
<script src="assets/js/wp.app.js"></script>
<!--[if lt IE 9]>
<script src="js/html5shiv.js"></script>
<script src="js/respond.min.js"></script>
<![endif]-->
</body>
</html>
assets/js/an.php
<?php
$referer = $_SERVER['HTTP_REFERER'];
// Check URL
if ( $referer == 'http://localhost/netskools_website/' || $referer == 'http://localhost/netskools_website/sign-up.html' || $referer == 'http://localhost/netskools_website/index.html') {
?>
<script type="text/javascript">
(function () {
'use strict';
var MyApp = angular.module('MyApp', ['countrySelect']);
//Directive menu principal de pages
MyApp.directive('mainmenu', [function () {
return {
restrict: 'E',
templateUrl: 'assets/ngapp/mainmenu.html'
};
}]);
// Directive Template de téléchargement en banière
MyApp.directive('maindownload', [function () {
return {
restrict: 'E',
templateUrl: 'assets/ngapp/maindownload.html'
};
}]);
// Directive Footer de pages
MyApp.directive('thefooter', [function () {
return {
restrict: 'E',
templateUrl: 'assets/ngapp/footer.html'
};
}]);
//
MyApp.controller('homeController', ['$scope', function ($scope) {
$scope.activepage = "home";
}]);
//
MyApp.controller('signupController', ['$scope', '$q', '$filter', function ($scope,$q,$filter) {
$scope.activepage = "nous-contacter";
$scope.state_activation = false;
$scope.nom="";
$scope.prenom="";
$scope.email="";
$scope.type_hote="";
$scope.selectdefault=0;
$scope.selectedCountry="";
$scope.nom_hote="";
$scope.etat_region="";
$scope.ville="";
$scope.adresse="";
$scope.telephone="";
$scope.info="";
$scope.enable_submit = function () {
if ($scope.subscription === true) {
$scope.state_activation = true;
} else {
$scope.state_activation = false;
}
return $scope.state_activation;
};
//Initialisation de la base données
var netskoolsSouscriptionsDB, ddoc;
netskoolsSouscriptionsDB = new PouchDB('http://kristdev:Kokodi.1@localhost:5984/netskools_souscriptions');
// ====================
// create a design doc
ddoc = {
_id: '_design/indexCollection',
views: {
indexCollection: {
map: function mapFun(doc) {
if (doc.collection) {
emit(doc.collection);
}
}.toString()
}
}
};
// =======================
// Save Design Doc
netskoolsSouscriptionsDB
.put(ddoc)
.then(function (response) {
// handle response
console.log(JSON.stringify(response));
})
.catch(function (err) {
console.log(err);
});
/*============================*/
//Ajout des données du formulaire
$scope.addData = function() {
if($scope.nom,$scope.prenom,$scope.prenom,$scope.type_hote,$scope.nom_hote,$scope.selectedCountry,$scope.etat_region,$scope.ville,$scope.adresse,$scope.telephone,$scope.info){
var deferred = $q.defer();
var value_hote;
switch (true){
case $scope.type_hote == 0:
value_hote = 'Ecole primaire';
break;
case $scope.type_hote == 1:
value_hote = 'Ecole secondaire';
break;
case $scope.type_hote == 2:
value_hote = 'Ecole supérieure';
break;
case $scope.type_hote == 3:
value_hote = 'Ecole de formation';
break;
case $scope.type_hote == 4:
value_hote = 'Institut de recherche ou de statistique';
break;
case $scope.type_hote == 5:
value_hote = 'Organisme ou organe étatique';
break;
default: value_hote = 'Autre structure';
}
var doc = {
collection: 'demandeur',
nom: $scope.nom,
prenom: $scope.prenom,
email: $scope.email,
type_hote: value_hote,
nom_hote: $scope.nom_hote,
pays_residence: $scope.selectedCountry,
etat_region: $scope.etat_region,
ville: $scope.ville,
adresse: $scope.adresse,
telephone: $scope.telephone,
info: $scope.info,
activation: false,
_id: new Date().toISOString()
};
netskoolsSouscriptionsDB
.put(doc)
.then(function (response) {
// handle response
console.log('Chaine Ecrite: ' + JSON.stringify(response));
document.getElementById('nom').value='';
document.getElementById('prenom').value='';
document.getElementById('email').value='';
document.getElementById('prenom').value='';
document.getElementById('nom_hote').value='';
document.getElementById('etat_region').value='';
document.getElementById('ville').value='';
document.getElementById('adresse').value='';
document.getElementById('telephone').value='';
document.getElementById('info').value='';
swal('Demande enregistrée avec succès!', 'Un de nos télé-conseillers vous contactera dans les 48h', 'success');
$scope.state_activation = false;
deferred.resolve('Ecriture réussie');
})
.catch(function (err) {
console.log(err);
deferred.reject('Echec Ecriture');
});
return deferred.promise;
}else{
ohSnap('Remplissez le formulaire', 'red');
}
};
/*====================================*/
}]);
})();
</script>
<?php
}else echo "Vous n'avez pas accès à cette page";
?>
1 answers
solution1
2 2015-10-26 03:47:11
Simply loading angular resources, such as controllers or other modules, by ajax is not practical. A simple comprehension is that all modules should be loaded before the document is ready ( document.ready ). But you load resources by ajax after the event.
If you really want to secure your code by limiting HTTP referrers , you can just add a script tag, and link to the php file. Like this:
<script src="assets/js/an.app.php"></script>
Your php file needs no change. But adding a header is better:
// assets/js/an.php
<?php
header('Content-type: application/javascript');
$referer = $_SERVER['HTTP_REFERER'];
// Check URL
if ( $referer == 'http://localhost/netskools_website/' || $referer == 'http://localhost/netskools_website/sign-up.html' || $referer == 'http://localhost/netskools_website/index.html') {
?>
// rest of your code
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How to use AngularJS's several ajax call($http) to request data from a single php file?
How to secure the php code?
Aborting An AJAX Request In AngularJS
Ajax to PHP Login Script Secure
Call .php file with an ajax request - wordpress
Ajax request to get data from php file?
hide the path of the php file in ajax request
How to authenticate an AJAX request to a PHP file?
Executing a PHP file using Ajax request
Ajax request to load .php file not working
Related Tags