5

Can I do something like this?

<script src="/js/custom-user.php" type="text/javascript"></script>

The reason behind it is that I want the .php file to die() when the user is not logged in, so that other visitors (not authenticated) cannot see what the javascript looks like. Is it possible/safe to do like this?

Improve this question
1
  • 5
    Yes. You'll want to have header('Content-Type: text/javascript'); in your php file though. Commented Aug 18, 2011 at 19:32

6 Answers 6

Reset to default
8

Yes, but I do have two recommendations. First, it is better, in your circumstance, to only output the <script> if the user is logged in. Seriously, you don't want the thing which is outputting you js to really know or care about whether the user is logged in.

If you do output js in PHP, then you should include the appropriate header:

header("Content-type: text/javascript"); 

// either readFile or custom stuff here.
echo "alert('i canz have data!')";
// or, if you're less silly
readFile('/path/to/super-secret.js');

Actually, I once had CSS output by PHP (oh, you can do that too) which completely changed based on the get variable. I literally could have:

rel="stylesheet" type="text/css" href="css.php?v=#FF0000">

And it would use #FF0000 as a base color to completely re-define the color schemes in the website. I even went so far as to hook it in to imagemagick and re-color the site logo. It looked hideous because I'm not a designer, but it was really neat.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I agree that it makes more sense to have PHP check whether or not the script tag should be output in the first place. However, if for some reason you really, really want to hide your JS, you'd have to put the script outside of the server's web directory, in which case you'd want PHP to read and output the file.
3

Certainly, so long as the php file being reference sends the appropriate content-type header when being downloaded.

Improve this answer

Comments

2

Yes, you can do this, and it is safe.

In custom-user.php you will have to set a proper Content-Type header:

header('Content-Type: text/javascript');

And then output the javascript:

readfile('script.js');
Improve this answer

Comments

1

Yes, but... You should better do it like this:

<?php
if ($loggedIn) { echo '<script src="/js/custom-user.js" type="text/javascript"></script>'; }
?>

That would prevent loading of empty file. All functions should be put in outer file, if you want some specific javascript changes, make a code in HEAD SCRIPT

Improve this answer

Comments

0

Yes, that will work.

That's how JavaScript minifiers are able to dynamically serve minified scripts. (e.g. http://code.google.com/p/minify/)

Improve this answer

Comments

0

You can but it will slow down your pages since every time someone accesses your page modphp will have to run your php/javascript script.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.