Can I source a php file as javascript? - php

I am using a WP template that allows me to incorporate arbitrary HTML. Unfortunately, I have to use this particular widget and can't use other WP widgets.
I have on my webserver /some/path/serve_image.php that spits out a random HREF'd IMG SRC with a caption and some other info from a MySQL query.
Now...how can I say "take that output and treat it as HTML"? If I just put "/some/path/serve_image.php" I get that literal string.
I tried:
<script type="javascript" src="/some/path/serve_image.php"></script>
but that didn't work. I tried changing everything in serve_image.php to be document.write() calls and that didn't seem to work either. I'm not the world's greatest JS guy...
So if I have a URL on the net that spits out some HTML and I want to include that HTML in my web page, what's the best way to do that? Sort of like what Google does with Adsense - you source their show_ads.js.

Why no? Add
header('Content-Type: application/javascript');
And output JavaScript Like:
echo("var image = \"".$images[array_rand($images)]."\";");
echo("$('img.randim').attr('src', image);

No. JavaScript and PHP are two completely separate languages. In fact, if it was JavaScript, you aren't even loading it the right way.
<script type="text/javascript"></script>
The way you're trying to do it would throw a parse error, because it would try to use the PHP as JavaScript. Some browsers would even reject it, because PHP files have a text/html MIME type, while JavaScript should be application/javascript.
PHP has to be done server side, so loading it in the client just doesn't work.
What I think you're after is this:
<?php
require('/some/path/serve_image.php');
?>
Just place that wherever you want the image to be.

Related

Can we use php in <noscript> tag? Will the code validate?

Is it correct and valid to use something like this:
<noscript>
<?php require_once 'somefile.php'; ?>
</noscript>
I've been searching for this answer a lot but unfortunately not much luck. Here is a quote from one of the answers by #SLaks on this page.
"If you put PHP code inside a tag, it will always execute,
whether Javascript is enabled or not. However, the code's output will
only be visible if Javascript is disabled."
However I am not very clear if it is valid to use php within a <noscript> tag.
PHP operates on a stream of text. It doesn't care what the text is. It is either just outputting the input or (when inside a <?php section) running PHP. It doesn't know about HTML.
Validity (in this context) only matters in the context of the generated HTML. The HTML will be valid if the PHP outputs valid content, and that will depend on what require_once 'somefile.php'; outputs.
Of course it is. <noscript> is evaluated client side, after PHP preprocessing. So whatever you put in your somefile.php, it will be processed, and then the result sent to the client inside the <noscript> tag. However, as said by Slaks, the generated output won't be displayed until JS is disabled.
The way you include PHP in your pages has nothing to do with HTML validation, as long as the generated page is valid HTML.
Oh course you can. Noscript is designed to be used when user has disabled JavaScript, so why not? But be aware that it will always executed while rendering page. Almost all users on the Internet use JS, so it can be a little overhead.
It is valid to use PHP in the tag - PHP is evaluated on the server, and not send to the client.

Using PHP to assign css/js files to an html document

I've created my own templating/viewing engine to use with Codeigniter. In it I'm able to specify certain css/js files to use with a specific view. I assign the file names in an array, which will then get looped through while echoing the necessary <link href="X"..., <script type="X"..., etc for the respective file type in the header file of the template.
The problem is that I can't seem to use the resources I'm trying to include. The CSS/JS files aren't working even though they're being included and embedded and everything looks right in terms of the syntax in the HTML source code.
My theory is that because I'm using echo to actually print the link/script object into the HTML, that it's actually not really an object that HTML can recognize? Kind of like trying to echo an object in PHP - it doesnt work.
Any advise?
It does not matter if you use plain HTML of php generated code. For the browser it is all the same.
You need to check your source code, and check if the scripts you include are accessible. So copy/paste the src="blabla" from your source code from your browser, and paste it in the address-bar and see what happens.
It is definitely not PHP's fault.

How to know php file is loaded from source code

I'm working with my JS files, what i have now is a unique php file with JS header, if a variable is set it includes the real js file, which is fine.
The "home" page has the script tag for the php-js file:
<head>
<script type="text/javascript" language="javascript" src="bootstrap.php"></script>
</head>
the bottstrap.php file has something like:
if(isset($hostData) && !empty($hostData)) {
include('bootstrap.js');
}else {
echo "document.write('<center><bold>PLEASE DO SOMETHING...!</bold></center>');";
}
all that seems to be fine, however when viewing the source code (CTRL+U) the browser shows the "bootstrap.php" part as a link, if clicked it obviously redirects to http://mydomain/bootstrap.php and the js code can be easily seen, which is exactly what i don't want...
So my question is, is there any php-way to know if the file is being loaded from browser's "rendering view" or being loaded from browser's "source code view" ???
Any help is truly appreciated =)
In short, no. You can't hide your script source from your users. The best you can do is obfuscate it using tools like YUICompressor.
There's no way you can hide the javascript code. It needs to be executed by the client, and even if you try to hide it by formatting your code badly, tools like firebug can easily introspect the code and pull out the code.
To be honest I don't think you can actually hide it like that. I'm assuming the best thing you've got to go on is the useragent string but I'm assuming if you "view source" in a browser it would still send the regular headers.
The only way I can think of adding the JS include without it appearing when in view source mode is to actually load the external file via javascript (you could even break the path of the js file into variables so it isn't really human readable) which I would not advise.
If someone wants to get at your javascript they will there no is way of avoiding it.
and the js code can be easily seen, which is exactly what i don't want...
You don't want the JS to be seen, but you do want to use it???
There IS something wrong with your code though if you want the js file to be used in your page.
You need to include / require the file:
<script type="text/javascript" language="javascript" src="<?php include bootstrap.php ?>"></script>
Otherwise the browser will load the contents of the bootstrap file, but you want to run the code inside it (which can only be done at the server).
Also:
change:
include('bootstrap.js');
to
echo bootstrap.js;
EDIT
by re-reading your question (and other answers) that's exactly what you want: make your JS code invisible (correct me if wrong).
The answer to that is: No cannot be done.
You can try to obfuscate the code but it will take someone who wants to see it seconds to 'decode'.
Try using the $_SERVER["HTTP_referer"], which have the url that called this file.
I'm really sorry for disappearing from here...
The best solution I decided to implement is quite simple: don't show ANY URL or PHP files within JS code; so during last months I've used a unique PHP file to do all necessary database queries, a stored procedure generates dynamically all the URL's needed from JS.
In that way URL's vary every time and what I've named "poor logic" goes free for users to view/copy I don't mind that while server data is secure.
THANKS ALL FOR YOUR VALUABLE ANSWERS!!!

Can I load javascript from a php file?

Can I do something like this?
<script src="/js/custom-user.php" type="text/javascript"></script>
The reason behind it is that I want the .php file to die() when the user is not logged in, so that other visitors (not authenticated) cannot see what the javascript looks like. Is it possible/safe to do like this?
Yes, but I do have two recommendations. First, it is better, in your circumstance, to only output the <script> if the user is logged in. Seriously, you don't want the thing which is outputting you js to really know or care about whether the user is logged in.
If you do output js in PHP, then you should include the appropriate header:
header("Content-type: text/javascript");
// either readFile or custom stuff here.
echo "alert('i canz have data!')";
// or, if you're less silly
readFile('/path/to/super-secret.js');
Actually, I once had CSS output by PHP (oh, you can do that too) which completely changed based on the get variable. I literally could have:
rel="stylesheet" type="text/css" href="css.php?v=#FF0000">
And it would use #FF0000 as a base color to completely re-define the color schemes in the website. I even went so far as to hook it in to imagemagick and re-color the site logo. It looked hideous because I'm not a designer, but it was really neat.
Certainly, so long as the php file being reference sends the appropriate content-type header when being downloaded.
Yes, you can do this, and it is safe.
In custom-user.php you will have to set a proper Content-Type header:
header('Content-Type: text/javascript');
And then output the javascript:
readfile('script.js');
Yes, but... You should better do it like this:
<?php
if ($loggedIn) { echo '<script src="/js/custom-user.js" type="text/javascript"></script>'; }
?>
That would prevent loading of empty file. All functions should be put in outer file, if you want some specific javascript changes, make a code in HEAD SCRIPT
Yes, that will work.
That's how JavaScript minifiers are able to dynamically serve minified scripts. (e.g. http://code.google.com/p/minify/)
You can but it will slow down your pages since every time someone accesses your page modphp will have to run your php/javascript script.

Using php as external javascript with CakePHP?

PHP files can be used as external javascript files. Basically make a php file output valid javascript and use that php file as your javascript file: http://www.javascriptkit.com/javatutors/externalphp.shtml . Can this be done with cakephp since we don't specify php files in the browser but rather a directory based on controllers and their actions?
Late answer, but anyway, this is how I did it.
When linking to external javascript file, don't forget to set inline to false like the one shown below:
$this->Html->script('scriptname', array('inline' => false));
Sure, as long as you output valid JS, id does not matter what the URL looks like and what is behind that URL.
When you link a javascript file with
$this->Html->script('scriptname');
all that happens is that a tag is created in the HTML
<script type="text/javascript" src="path/to/webroot/js/scriptname.js"></script>
So, you can link whatever you'd like.

Categories