.js file as javascript source but acting as php on backend

Question

I see much scripts in traffic exchange services or affiliate programs like the following

<script type="text/javascript" src="http://trafficexchange.com/trafficout/user/300?limit=10"></script>

A source without file extension. How does this work? Is this a javascript file or php file? If this is only javascript how can they access the database to collect stats about who clicked on your link etc (AJAX?)?

The query variable limit=10. Again, is this javascript or php? If it is javascript, how can you access this variable?

Other example from Google Ads

<script type="text/javascript">
    google_ad_client = "xxxxxxx";
    google_ad_slot = "xxxxx";
    google_ad_width = 336;
    google_ad_height = 280;
</script>

<script type="text/javascript"
src="//pagead2.googlesyndication.com/pagead/show_ads.js">
</script>

Again, how can google access their database to display relevant ads with only a .js file?

Answer 1

The client only expects one thing of an included <script> file: to have the proper Content-type: application/javascript header.

So a PHP file like this is valid (although bad form):

<?php
header('Content-type: application/javascript');
?>

var answerToEverything = <?php echo 42; ?>;

And the browser will see it as a valid JavaScript file containing

var answerToEverything = 42;

Even if the file is not explicitly named .js.

A more general approach is to capture all requests to your webserver, do some action, and then include your JavaScript file with the proper header.

Note that including PHP variables directly inside JavaScript files is considered bad practice.

For more information see How to pass variables and data from PHP to JavaScript?

Answer 2

Scripts like this are probably being run by PHP (or similar server-side scripting language).

Doing so is a case of, on an apache server, adding something similar to the following in the .htaccess file:

RewriteCond %{QUERY_STRING} (.*)
RewriteRule ^trafficout/user/(\d+)$ some-script.php?%1&user=$1 [L]

What this is doing is looking for any requests for the above file, then passing in the query string ((.*)) and user id ((\d+)) into a php script.

What are %1 and $1 doing?

In a htaccess file %1 and $1 represent variables retrieved from RewriteConditions and RewriteRules. Specifically, %n represents any variables acquired from a %{QUERY_STRING} condition and $n repesents any variables acquired from rules. In both cases n represents the variable id. In the example above, there is one query string variable and one rewrite rule variable so both are 1.

For the script in your question, this will turn the second part of our rewrite rule into:

some-script.php?limit=10&user=300

How we get the variables from the query string etc is done via Regular Expressions, and is a WHOLE other topic that I am not going to go into right now.

The PHP script will then get the variables using $_GET or similar, for example:

$user = $_GET['user']; //bad example - no validation etc.

[L]?

This is a flag used to tell the server to stop processing any more rewrite rules.

No file extension

It is possible to call for a file without a file extension, as long as the script sets the correct content-type header, then the browser will process the returned file. In PHP, this would be done like:

<?php
header('Content-type: application/javascript');

And is sent before any content.

Google Ads

The original .js script is just a .js script. What the script is doing is generating an ajax call back to the Google Servers replacing local variables with whatever variables you have defined.