PHP publishing JavaScript - php

I have a PHP script that publishes customised JavaScript based on the parameter, with header type as text/javascript. This PHP URL is included in the src of a <script> tag. However, there seem to be an issue, because the script seems to be nonfunctional. As in, I have an alert inside the script, which should be executed immediately after inclusion, but it's not happening. Where am I going wrong?
Server Side PHP
<?php
//Exploding the path after the file widget to get user details
$expl = explode("/",$_SERVER['PATH_INFO']);
$c=count($expl);
//Handling the cases as widget/a widget//a etc
switch($c) {
case 2:
if(empty($expl[0]) && !(empty($expl[1]))) pumpValid();
else pumpInvalid();
break;
case 3:
if(empty($expl[2]) && !(empty($expl[1])) && empty($expl[0])) pumpValid();
else pumpInvalid();
break;
default:
pumpInvalid();
break;
}
function pumpValid() {
global $expl;
//Checking for a matching account in the urllist
include('embedUrl/urllist.php');
if(isset($customerList[$expl[1]])) {
header("Content-Type: text/javascript");
//Setting the host path for fetching the JS files later. As in stage or vidteq.com
echo "alert('h');";
echo 'var _serverHostUrl="http://'.$_SERVER["SERVER_NAME"].eregi_replace('widget.*','',$_SERVER["REQUEST_URI"]).'";';
}
else
pumpInvalid();
}
function pumpInvalid() {
//Should redirect to error/home page
echo "Are You Nuts";
}
?>
function init() {
alert('hi');
addJSinHead('jquery-1.3.2.min.js');
addJSinHead('OpenLayers.js');
addJSinHead('json2.js');
addJSinHead('dom-drag.js');
addJSinHead('globals.js');
}
function addJSinHead(fileName) {
var head=document.getElementsByTagName('head');
var new=document.createElement('scrpit');
new.src=_serverHostUrl+'/js'+fileName;
new.type='text/javascript';
head.appendChild(new);
}
init();
Inclusion in client side HTML
<script src='http://rak/cvs/widget/cis/' type='text/javascript'></script>


Is the alert that should be executed inside of a function block? If so then you first need to execute the actual function.
Also try copying and pasting the javascript src url directly into the browser's url bar.
If the above didn't help, some code to analyze would be useful.


You can check with Firebug to see if the output of the script is what you expect and that the headers are being sent as you expect.
You'll need to provide some code for further help.
EDIT:
I don't see anywhere that you output a header in php:
header('Content-Type: text/javascript');
EDIT2:
It looks like you're calling the pumpValid function before it's defined.

Related

How can I pass a variable from PHP to javascript

I have a php page with
<?php echo $_SERVER['DOCUMENT_ROOT']?>
Then my javascript is
var data = "Not Set";
$.get("test.php",function(returnData,requestStatus,requestObject){
data = returnData;
alert(data);
});
If I navigate directly to the php page on the site, it displays the data that I need.
I just can't seem to get the data into my javascript.
Am I on the right track and if so where am I going wrong?
Or is there an easier way to get the full filepath when working with a server?
Currently if I run document.location.href in my javascript it returns .
http ://127.0.0.1/etc

The code below will work on ".php" file. NOT ON ".html" file.
You can use the php variable with echo in javascript. For example
alert('<?=$phpvariable?>');
or
alert('<?php echo $phpvariable ?>');

It seems you are overthinking this. There is hardly any need to use ajax, but of course you can and just append() the data from the ajax call to your $('body') and jquery will automatically execute things inside a <script> tag.
var serverRoot = '<?php echo $_SERVER['DOCUMENT_ROOT']?>';

Try following
Instead of GET send $.post request and file don't return any thing just write
$.post("Requestedfile.php",
{
data :data
},
function(data) {
if(data == false)
{
//do something
}
else
{
//do somthing
}
}
);

Why doesn't browser parse the JS code in the file loaded by AJAX?

I have 2 files, the first file has some HTML and a portion of JS. The second file is the main file, and it loads the first file thru' XmlHttpRequest.
The first file is like this:
<div>
My HTML contents
</div>
<script id="my_js_block">
function my_function() {
alert(9);
}
</script>
The second file is like this:
<div id="div_ajax_content">
</div>
<script>
function load_ajax_content() {
//synchronously with XmlHttpRequest(...,...,false);
//...load and throw the first file into 'div_ajax_content'
}
load_ajax_content();
my_function(); <-- fails here
</script>
How to solve this matter?

Ajax is asynchronous. Your code attempts to call my_function() before the XMLHttpRequest has completed. Do this instead:
<script>
function load_ajax_content() {
//...load and throw the first file into 'div_ajax_content'
// then,
my_function();
}
load_ajax_content();
</script>
Okay, so now your ajax call is synchronous. You can parse the returned HTML for <script> tags, and handle them separately, but it's not pretty:
function load_ajax_content() {
//...load and throw the first file into 'div_ajax_content'
// then grab the script nodes one-by-one
var scriptElts = document.getElementById('div_ajax_content').getElementsByTagName('script'),
scriptElt,
propName; // http://www.quirksmode.org/dom/w3c_html.html#t07
if (scriptElts.length) {
propName = scriptElts[0].textContent ? 'textContent' : 'innerText';
}
for (var i=0; i<scriptElts.length; i++) {
scriptElt = document.createElement('script');
scriptElt[propName] = scriptElts[i][propName];
document.body.appendChild(scriptElt);
}
// finally,
my_function();
}
...or you could just use a library like jQuery, which automagically handles this exact problem (and many others!) for you.

Adding a script via innerHTML does NOT run the script. Therefore your function is not being defined, hence the failure.
Instead, I suggest loading HTML and JS separately, and either appending the JS using DOM methods to put the <script> tag on the page, or eval() to execute the returned file contents.

Following Kolink I found a pretty funny method but it works!
load_ajax_contents();
eval(document.getElementById("my_js_block").innerHTML);
my_function();
However, in order to make those functions evaluated by 'eval()' global, all the functions in the first file must be declared as variables, like this:
//this works!
my_function = function() {
alert(9);
}
and not:
//this makes the function nested in the context where eval() is called
function my_function() {
alert(9);
}
and also not:
//this makes the variable local to the context where eval() is called
var my_function = function() {
alert(9);
}

How can we call Php functions based on the Java script If-else condition?

How can we call Php functions with in the JavaScript If-else condition.
For Example,
if (top == self) {
// not in any kind of frame
} else {
// in a frame
// calling php function
}
</script>
Here, PHP exit() function calling for both if and else conditions. I need to call that function for only in else part.
Please advise me.
Thanks.
Prabhu

Technically not possible. However you can make an AJAX call to a PHP page and get the values returned by it.
PHP (test.php):
<?php
$x = 10;
$y = 20;
$val = $y / $x;
echo $val;
?>
Javascript (jQuery):
$(document).ready(function() {
$.ajax({url: 'test.php',
type: 'POST',
success: function(data){
//takes the value returned by test.php and
//puts it directly into the element with
//id = someElement
$('#someElement').html(data);
}
});
As far as calling exit(); and making the page that holds the JavaScript stop processing, you just can't unless you control the logic on that same page in PHP and call exit(); from there.

Do not try to mix javascript with php.
If you want to stop the page from loading you could also redirect the page to an other (php) page where you simply put exit();
If this javascript is in a function just use : return; or return false;

Change page dynamically

<?php
$go = $_GET['go'];
if(!empty($go)) {
if(is_file("page/$go.html")) include "page/$go.html";
else echo "<h1>Error 404</h1><p>Strona nie odnaleziona</p><p>Warunek ?go jest niepoprawny</p>";
}
else include "page/start.html";
?>
<script>
$.get('go', function(change) {
$('#center').load('page/<?php echo $go ?>.html');
});
</script>
I have somethng like this but it doesn't work. I just want that the page which is loaded (?go=name) won't refresh whole page

Firstly, that's vulnerable to an LFI vulnerability (Local File Inclusion). Consider what happens when someone enters: http://site.com/file.php?go=../../../../../../../../etc/passwd%00
Also, you can't just echo your filename and expect it to print it out...if you want to include the contents of the page in $go and print out $go, then use:
$go = urldecode([$_GET['go']);
$go = str_replace("/", "", $go);
$go = "page/$go.html";
EDIT: Actually, if you use my above code, they could still access files in the local directory, such as .htpasswd and .htaccess, so just don't let your users include any local files. There are better ways to solve the problem you have.
As for the AJAX, follow jeroen's advice.

You are mixing two ajax functions, $.get and .load and you are missing an event handler.
You will need something like this:
$('#go').live('change', function() {
$('#center').load('page/' + $(this).val() + '.html');
});
I have used live instead of change in case the go button is located in the refreshed section of the page.
Note that I am guessing that you want to refresh a section of your page based on a selection, the question / code isn´t exactly clear about that...

Is this what you want to achieve?
<script type="text/javascript">
$(document).ready(function() {
var getgo = '<?php echo $_GET['go']; ?>';
if(getgo.length) {
$('#center').load('page/'+getgo+'.html');
}
});
</script>
<div id="center"></div>
It will load the contents of page/[your go param].html into #center.

Check if JavaScript is enabled with PHP

Is there a way to check if JavaScript is enabled with PHP? If so, how?

perhaps a more simple option...
<html>
<head>
<noscript>
This page needs JavaScript activated to work.
<style>div { display:none; }</style>
</noscript>
</head>
<body>
<div>
my content
</div>
</body>
</html>

No, that is not possible, because PHP is a server side language, it does not access the client's browser in any way or form (the client requests from the PHP server).
The client may provide some meta info through HTTP headers, but they don't necessarily tell you whether the user has JavaScript enabled or not and you can't rely on them anyway,

Technically no because as the other answers have said, PHP is strictly server-side, but you could do this...
In the PHP page on the server, output (a lot of HTML has been deleted for brevity)
<html>
<head>
<script type="text/javascript" src="jquery1.4.4.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$.get("myPage.php");
});
</script>
</head>
</html>
Then in myPage.php set a session variable to indicate the client supports JS
<?php
session_start();
$_SESSION['js'] = true;
?>
But really, just use <script></script><noscript></noscript> tags, much, much less effort...

//Here is a solution:
//it works perfect
<?php
if(!isset($_SESSION['js'])||$_SESSION['js']==""){
echo "<noscript><meta http-equiv='refresh' content='0;url=/get-javascript-status.php&js=0'> </noscript>";
$js = true;
}elseif(isset($_SESSION['js'])&& $_SESSION['js']=="0"){
$js = false;
$_SESSION['js']="";
}elseif(isset($_SESSION['js'])&& $_SESSION['js']=="1"){
$js = true;
$_SESSION['js']="";
}
if ($js) {
echo 'Javascript is enabled';
} else {
echo 'Javascript is disabled';
}
?>
//And then inside get-javascript-status.php :
$_SESSION['js'] = isset($_GET['js'])&&$_GET['js']=="0" ? "0":"1";
header('location: /');

You can't tell if a browser has JS enabled, but you can tell if the browser supports JS http://php.net/manual/en/function.get-browser.php
$js_capable = get_browser(null, true)=>javascript == 1
Having said this, that's probably not of much use. You should reconsider detecting JS from PHP. There should be no need for it if you use progressive enhancement, meaning that JS only adds functionality to what's already on the page.

<noscript>
<?php if(basename($_SERVER['REQUEST_URI']) != "disable.html"){ ?>
<meta http-equiv="Refresh" content="0;disable.html">
<?php } ?>
</noscript>
Place above code in your header file after title tag and set appropriate like[disable.html] for redirection.

before try you have to disable your browsers javascript...
after then
Try This code :
<html>
<head>
<noscript><meta http-equiv="refresh"content="0; url=script-disabled.html">
</noscript>
<h1>congrats ! Your Browser Have Java Script Enabled </h1>
</head>
</html>
Write something in script-disabled.html
its work

You can try with 2 metod:
setting cookies with JS and detecting them from PHP
creating a form with a hidden field and an empty value; and then assigning some value to it with JS, if the field gets the value – JS is ON, otherwise it’s off. But the form had to be submitted first before PHP can request that hidden field’s value.
if you want detect if JS enable enable setting before the loading of the page you can try this (I don't konw if it works):
<?php
if (isset($_POST['jstest'])) {
$nojs = FALSE;
} else {
// create a hidden form and submit it with javascript
echo '<form name="jsform" id="jsform" method="post" style="display:none">';
echo '<input name="jstest" type="text" value="true" />';
echo '<script language="javascript">';
echo 'document.jsform.submit();';
echo '</script>';
echo '</form>';
// the variable below would be set only if the form wasn't submitted, hence JS is disabled
$nojs = TRUE;
}
if ($nojs){
//JS is OFF, do the PHP stuff
}
?>
there is a fine tutorial on this issue on address http://www.inspirationbit.com/php-js-detection-of-javascript-browser-settings/

Here is a small include I made up that I have on top of my pages to detect if js is enabled. Hope this helps out...
<?php
//Check if we should check for js
if ((!isset($_GET['jsEnabled']) || $_GET['jsEnabled'] == 'true') && !isset($_SERVER['HTTP_X_REQUESTED_WITH'])){
//Check to see if we already found js enabled
if (!isset($_SESSION['javaEnabled'])){
//Check if we were redirected by javascript
if (isset($_GET['jsEnabled'])){
//Check if we have started a session
if(session_id() == '') {
session_start();
}
//Set session variable that we have js enabled
$_SESSION['javaEnabled'] = true;
}
else{
$reqUrl = $_SERVER['REQUEST_URI'];
$paramConnector = (strpos($reqUrl, "?"))? "&" : "?";
echo "
<script type='text/javascript'>
window.location = '" . $reqUrl . $paramConnector . "jsEnabled=true'
</script>
<noscript>
<!-- Redirect to page and tell us that JS is not enabled -->
<meta HTTP-EQUIV='REFRESH' content='0; " . $reqUrl . $paramConnector . "jsEnabled=false'>
</noscript>
";
//Break out and try again to check js
exit;
}
}
}
?>

<html>
<head>
<?php
if(!isset($_REQUEST['JS'])){?>
<noscript>
<meta http-equiv="refresh" content="0; url='<?php echo basename($_SERVER['PHP_SELF']);?>?JS='"/>
</noscript><?php
}
?>
</head>
<body>
<?php
if(isset($_REQUEST['JS'])) echo 'JavaScript is Disabled';
else echo 'JavaScript is Enabled';
?>
</body>
</html>

PHP can't be used to detect whether javascript is enabled or not. Instead use <noscript> to display an alternate message / do something.

To get rid of bots with JS disabled:
<?php
session_start();
#$_SESSION['pagecount']++;
?>
<html>
<head>
<?php
if (!isset($_COOKIE['JSEnabled']) || strlen($_COOKIE['JSEnabled'])!=32 ) {
$js_cookie=md5(md5(#$_SESSION['pagecount']) . $_SERVER['REMOTE_ADDR']);
echo '<script language="javascript">';
echo 'document.cookie="JSEnabled=' . $js_cookie . '"';
echo '</script>';
echo '<meta http-equiv="refresh" content="0;url=http://example.com"/>';
}
?>
<?php
$js=$_COOKIE['JSEnabled'];
if ($js!=md5(md5(#$_SESSION['pagecount']-1) . $_SERVER['REMOTE_ADDR'])) {
$js_cookie=md5(md5(#$_SESSION['pagecount']) . $_SERVER['REMOTE_ADDR']);
echo '<script language="javascript">';
echo 'document.cookie="JSEnabled=' . $js_cookie . '"';
echo '</script>';
echo "</head><body>Sorry, this website needs javascript and cookies enabled.</body></html>";
die();
} else {
$js_cookie=md5(md5(#$_SESSION['pagecount']) . $_SERVER['REMOTE_ADDR']);
echo '<script language="javascript">';
echo 'document.cookie="JSEnabled=' . $js_cookie . '"';
echo '</script>';
}
?>
No one can use for example curl -H "Cookie: JSEnabled=XXXXXXXXXXXXXXXXXX"
because they don't know your algo of computing the hash.

This is the way I check whether javascript and cookies are enabled or not http://asdlog.com/Check_if_cookies_and_javascript_are_enabled
I copy/paste it here
<?
if($_SESSION['JSexe']){ //3rd check js
if($_COOKIE['JS']) setcookie('JS','JS',time()-1);//check on every page load
else header('Location: js.html');
} //2nd so far it's been server-side scripting. Client-side scripting must be executed once to set second cookie.
//Without JSexe, user with cookies and js enabled would be sent to js.html the first page load.
elseif($_COOKIE['PHP']) $_SESSION['JSexe'] = true;
else{ //1st check cookies
if($_GET['cookie']) header('Location: cookies.html');
else{
setcookie('PHP','PHP');
header('Location: '.$_SERVER['REQUEST_URI'].'?cookie=1');
}
}
?>
<head>
<script type="text/javascript">document.cookie = 'JS=JS'</script>
</head>

Recently, I had the following dilemma:
I use a PHP function that generates a QR image related to the current URL, which is very useful for mobile devices. The function works fine, but having my site on a shared hosting, there are some limits for CPU and RAM usage. This function is to heavy and it consumes a lot of CPU time and RAM, so the hosting guys asked me to decrease the usage.
After some tries, I finally reached the idea that I can save some CPU & RAM usage from search engine bots. It is difficult to recognize a bot by browser identification, but all the bots have no JS enabled and that's the main criteria I used to detect if it is a real browser or it is a bot. To explain how significant it is to prevent executing code which will not give anything more for Search Engines (QR, in my case, does not affect search engines), I can say that just Google bot for example makes about 16000 crawls a day on my site.
So I've made this very simple thing which helped a lot:
<script language="javascript"><!--
document.write('<?php echo drawQR($_SERVER["REQUEST_URI"]);?>');
//--></script>
This code uses JS to write a line of PHP code, so this line will be written only when JS is enabled.
Of couse you can use 'noscript' tag if you want to show something when JS is disabled, but this method shows how to execute some PHP only when JS is enabled.
Hope this helps.

Create a cookie using JavaScript and read it using PHP.

With this basic ajax you can separate data that the client see based on javascript or not.
index.php
<!DOCTYPE html>
<html>
<body>
<script>
function jsCheck() {
var xhttp;
if (window.XMLHttpRequest) {
// code for modern browsers
xhttp = new XMLHttpRequest();
} else {
// code for IE6, IE5
xhttp = new ActiveXObject("Microsoft.XMLHTTP");
}
xhttp.onreadystatechange = function() {
if (xhttp.readyState == 4 && xhttp.status == 200) {
document.getElementById("demo").innerHTML = xhttp.responseText;
}
};
xhttp.open("GET", "jscheckCon.php", true);
xhttp.send();
}
jsCheck();
</script>
<div id="demo">
no javascript
</div>
</body>
</html>
jscheckCon.php
<?php
echo 'we have javascript!';//you can do that you like to do with js!
?>

Please despite all the people telling you cant check for a client-side scripting technology. If the target technology has http functions, you can do ALWAYS, just write out a verify step. That means literally, the way to check javascript is to run javascript. If javascript is disabled on the browser side it's not possible to check if the client is Javascript capable (like Dillo with it's default config or others)
UPDATED: I've develop this script because i test some of the examples here and seems that everybody does copypasting without any sort of tests. Code is also on the Gist https://gist.github.com/erm3nda/4af114b520c7208f8f3f (updated)
//function to check for session after|before PHP version 5.4.0
function start_session() {
if(version_compare(phpversion(), "5.4.0") != -1){
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
} else {
if(session_id() == '') {
session_start();
}
}
}
// starting the function
start_session();
// create a script to run on the AJAX GET request from :P Javascript enabled browser
echo
'<script src="http://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$.get(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1");
console.log(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1")}
</script>;
// Ajax GET request handle
if ($_REQUEST['sessionstart'] == 1){
$_SESSION['js'] = 1; // save into session variable
} else {
session_destroy(); // force reset the test. otherwise session
}
// If the session variable has not saved by the AJAX call, loads again.
if (!isset($_SESSION['js'])){
header("Refresh: 1"); // thats only for the first load
echo "Javascript is not enabled <br>"; // Return false
} else {
echo "Javascript is enabled <br>"; // Return true
}
This solution do not need more files, just a iteration if you run a Javascript capable browser. The value is passed back to PHP using a GET with a simple variable but anyone can fake the output doing cURL to url + ?sessionstart=1 unless you add more logic to it.

Make your main php page assume jscript is off, and add a <script> to redirect to the jscript-enabled app in the <head>. If the user actually uses your first page, assume jscript is off.

Other option:
If you dont' have to check if JS is enabled at the visitors first view (mainpage) you can set a cookie with js. On the next page you can check with php if the cookie is there...

You can use logic the logic (default/switch) - is this example I printed the variable in php:
PHP:
$js = 'No';
print 'Javascript Enabled: <span id="jsEnabled">'.$js.'</span>';
JS: (in my document ready)
jQuery('#jsEnabled').text('Yes'); or $('#jsEnabled').text('Yes');

You can set a cookie using Javascript and then reload the page using Javascript. Then using PHP you shall check if the cookie is setted, if it is Javascript is enabled!

Its 2013. Simply have your script render the non-js templates inside a body > noscript tag, then inside your CSS keep your main js site container div display: none; After that just put something like <script>$('#container').show();</script> immediately after you close you main #container div and before your noscript tag. (if you're using jquery of course).
Doing it this way will show the HTML for the non-js enabled browsers automatically, and then the js enabled browsers will only see the js site.
If you're worried about over-bloating the page size with too much mark up, then you could do the same but instead leave <div id="content"></div> empty, then with the js code instead of just showing the div use an ajax call to fetch the content for it.
On a side note, I would probably include additional css files for the non-js site within the noscript tag to save on bandwidth.

Since PHP is server side you can't know in PHP whether the client has Javascript enabled unless you use sessions (or some other way to store data across requests) and first send some code to which the client responds.
If you put the following at the start of your PHP file the client is redirected to the same URL with either 'js=0' or 'js=1' appended to the query string, depending on whether they have Javascript enabled or not. Upon receiving the redirected request the script records the result in a session variable and then redirects back to the original URL, i.e. without the appended 'js=0' or 'js=1'.Upon receiving this second redirect the script proceeds as normal, now with the session variable set according to the clients Javascript capability.
If you don't care about how your query string looks in the user's address bar you can skip the second redirect and just set the session variable. While these redirects are taking place the user is shown a short informative message (also something you could skip if you don't care about that).
<?php
session_start();
if (!isset($_SESSION['js']) && !isset($_GET['js'])) {
$url=$_SERVER['SCRIPT_URI'];
$qry='?'.($q=$_SERVER['QUERY_STRING']).($q?'&':'').'js';
die('<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><title>js check</title>'.
'<script type="text/javascript">window.location.href="'.$url.$qry.'=1";</script>'.
'<noscript><meta http-equiv="refresh" content="0; url='.$url.$qry.'=0" /></noscript>'.
'</head><body>Hold on while we check whether you have Javascript enabled.</body></html>');
} elseif (isset($_GET['js'])) {
$_SESSION['js']=$_GET['js'];
$qry = preg_replace('%&?js=(0|1)$%', '', $_SERVER['QUERY_STRING']);
$url = $_SERVER['SCRIPT_URI'].($qry?'?':'').$qry;
die('<!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><title>js check</title>'.
'<meta http-equiv="refresh" content="0; url='.$url.$qry.'" />'.
'</head><body>Hold on while we check whether you have Javascript enabled.</body></html>');
}
if ($_SESSION['js']) {
//Javascript is enabled
} else {
//Javascript is disabled
}
?>

Yes.
Ensure you have the latest jQuery.js
//javascript
$(function(){
$('#jsEnabled2').html('Yes it is')
})
//php
$js - 'No';
$jscheck = 'Javascript Enabled: ';
$jscheck .= '<span id="jsEnabled">'.$js.'</span>';
print $jscheck;

Categories