1

I am developing an php/html/js desktop app using php desktop , when u runs your app, php desktop run a server and listen on a specified or random port like 127.0.0.1:65543 , if a user open that url inside his/her external browser he/she can access app within browser , i need some trick or tips so my app loads just from embedded browser inside php desktop binary

I could check user agent but it's not safe cause php desktop user agent is

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36

do you know any trick or do you have any experience with php desktop , I would really appreciate any help

Stephan
  • 41,764
  • 65
  • 238
  • 329
Synxmax
  • 2,226
  • 1
  • 22
  • 38
  • by definition, your app is already "running" on their computer, so what's the difference if they access it via the "embedded" browser or a full-blown "outside" browser? – Marc B Jul 15 '14 at 20:23

3 Answers3

1

Using the user-agent is of course not the best solution because people can have every user-agent they want. But if there is no security issue with that you my try to set a custom user agent in your "php desktop" environment like "MyCustomCallUserAgent" and check via PHP if the agent string matches.

When reading the website of the "php desktop" environment it seems as if it is nothing else than an Chrome/IE canvas that calls an local php server. So in this case there simply is no difference between calling the script form Chrome it self or from the chrome canvas so you can't spot the difference. Only chance is reading the global $_SERVER vars and checking if there is anything "unique" that makes it possible to identify the calling client. But that won't be more secure than using the user agent string.

You man want to try TideSDK as an alternative.

Daniel K.
  • 1,189
  • 1
  • 10
  • 26
1

That user agent string is very specific so you're safe to check against it. Users usuwally will have the latest Google Chrome installed on their system.

You may also overwrite that user agent string with your own by setting the "user-agent" switch through the command_line_switches option: https://code.google.com/p/phpdesktop/wiki/ChromeSettings

You may also check through javascript for the "phpdesktop" object. This object will be available only in phpdesktop embedded browser, see: https://code.google.com/p/phpdesktop/wiki/JavascriptApi

Czarek Tomczak
  • 20,079
  • 5
  • 49
  • 56
0

If you really do not want users from browsing phpdesktop app outside executable, I would recommend using javaFx WebView.

With your current php, all you have to do is add it to the javafx WebView. Doing this solves you two problem:

  1. User cannot browse your app outside the executable.

  2. User cannot easily see your codes.

I hope this helps

MACWILCY
  • 1
  • 2