is there any way I prevent direct access to my php gage but allow from javascript?
I have this code:
<script type="text/javascript" src="mypage.php?p=a"></script>
on mypage.php I have this code
<?php
Header("content-type: application/x-javascript");
if(!isset($_SERVER['HTTP_REFERER'])) {
header('HTTP/1.1 403 Forbidden');
exit;
}
else
{
$mycode="something here";
echo "document.write(\" $mycode \")";
}
?>
it is work fine if some one type url in browser, but if some one open mypage.php as a link
<a href=http://mywebsite.com/mypage.php>link</a>
, I want to prevent opening the page, is there any way to do that using php or javascript?
Related
I am trying to protect my content from example.php file. Therefore, I need to disallow direct access to this page as well as any iframe point to it without my permission.
I configure a php file called iframe.php loading iframe from example.com. This is how I did:
Code for example.php:
<?php
session_start();
if(!isset($_SESSION['iframe']) || !isset($_GET['internal']) || $_SESSION['iframe'] != $_GET['internal'])
{
die("This page can be accessed just from within an iframe");
}
unset($_SESSION['iframe']);
?>
Code for iframe.php
<?php
session_start();
$_SESSION['iframe'] = md5(time()."random sentence");
?>
<iframe src="example.php?internal=<?php echo $_SESSION['iframe'];?>" width="500" height="100"></iframe>
It works well. However, When I click on any link in iframe.php, I will be redirected to other page. After that, I click the Back button in browser and receive the message: "This page can be accessed just from within an iframe".
Could you please help me keep the page working perfectly after getting back?
Thank you for reading.
Its Simple, you can do it by Javascript.
if(window==window.top) {
// not in an iframe
}
In your file with iframe code just set php cookies:
<?php
setcookie("stackoverflow", 1);
?>
In your php files add code:
<?php
if(isset($_COOKIE['stackoverflow'])){
echo "";
}
else{
die('Good Bye');
}
?>
Best Regards ;)
I have a site https://one.com/go.php that (for example) contains :
session_start();
$_SESSION['id_ad'] = 123456;
header('Location: https://two.com/index.php');
and on https://two.com/index.php user click and go to https://three.com/index.php that contains :
<script type="text/javascript" src="https://one.com/2.php"></script>
and finally 2.php is:
<?php
session_start();
header("Content-Type: application/javascript");
?>
alert("<?=$_SESSION['id_ad']?>");
can i access $_SESSION['id_ad'] in 2.php ?
I tested only on firefox works.
////////EDIT//////
thank you to #Dimash to mention my mistake, but the main question still exists
It works, you just return javascript wrongly. Firefox for some reason works, but other browsers fails.
Here is working code:
<?php
session_start();
header("Content-Type: application/javascript");
?>
alert("<?=$_SESSION['id_ad']?>");
Please note, that code was tested.
expect javascript file, not php with tag, you need return reall js file, so you need add header content type, telling that it is js file + remove script tag, as it is not html but regular js file.
I am using window.location.href in a php function which forces a file download without opening an additional window. The file download works and the rest of the php script executes. However, nothing that I output after the line with the javascript in the function will show up in the iframe. Is there a way to redirect the output back to the original php script?
Here is the javascript line from the php file:
echo "<script>window.location.href='download.php';</script>";
Here is the code from download.php:
<?php
session_start(); // Starts new or resumes existing session
$filename = $_SESSION['filename']; // Creates variable from session variable
header("Content-Type: text/plain"); // Output text file
header("Content-Disposition: attachment; filename=$filename"); // Output file name
readfile($filename); // Outputs the text file
?>
This is an example of something in the php file that will not output to the iframe after the line of javascript:
echo 'Test Output';
Thanks in advance,
Jay
EDIT
I replaced the line of javascript with the following and it works perfectly:
echo "<iframe id='my_iframe' style='display:none;' src='download.php'></iframe>";
You don't need to put the redirect inside the iframe page.
The best way I can think of atm is to use an invisible frame as mentioned in Andrew Dunn's answer to this question
Quoting from that answer:
<iframe id="my_iframe" style="display:none;"></iframe>
<script>
function Download(url) {
document.getElementById('my_iframe').src = url;
};
</script>
Have that inside your main page. url is basically the download url ("download.php" in your case). You can use a button to make the download manual. If you want it forced. Add src=url to the iframe and remove the script.
I would advice researching and using jQuery.
i have 2 php files aff.php and goaff.php
in aff.php i execute some functions and then redirect the user to goaff.php
aff.php code
<?
here some php functions excuted
?>
<head>
<script type="text/javascript">
top.location.replace("http://www.example.com/goaff.php?id=text");
</script>
</head>
in goaff.php also i execute another php code and then redirect to website
goaff.php code
<?
here an php function excuted using id from aff.php then redirect
$url = "http://www.example.com";
header("Location: $url");
?>
my issue is with aff.php , with some users it doesn't redirect to goaff.php at all , i have test it by tracking the id from aff.php and log the results in a database , i need to know if there is something wrong with the redirection method in aff.php or not , i used javascript top.location.replace to prevent embedding the page inside frames and also to get sure javascript is enabled in the user browser but it logs more than 40% from the users are not redirected to goaff.php
I think Your problem is with redirection:
if that's the problem , use:
window.location.href = "http://www.example.com/goaff.php?id=text"
instead of
top.location.replace("http://www.example.com/goaff.php?id=text");
I am having a problem with php header redirect not working on safari
if (!isset($lang))
{
header('Location: http://domain.com/en/home');
}
I have read that this could be done with JS fairly simple, but no idea how to do it with the condition if $lang is set.
Should, I just execute the js within the "php if", or there is a better/clever way to do it.
Thanks.
First off, you should stop the php execution if you set a redirect header:
if (!isset($lang))
{
header('Location: http://domain.com/en/home');
exit;
}
Note: for this to work properly, you need to set this header before any other and before setting any doctype. Also, the exit prevents anything else from being sent to the broswer (content, other headers, etc). Mixing headers can result in unwanted behavior.
Secondly, you can do:
if (!isset($lang))
{
?>
<script>
window.location = "http://domain.com/en/home";
</script>
<?php
}
Using Java Script
if (!isset($lang))
{
?>
<script>
location.href = "http://domain.com/en/home";
</script>
<?php
}
You can try with ob_start()
ob_start()//Define at the top of the php page.
if (!isset($lang))
{
header('Location: http://domain.com/en/home');
exit;
}
You can use echo to print HTML tag <script> and put your JavaScript code inside this tag.
if (!isset($lang)){
echo "
<script>
window.location = "http://domain.com/en/home";
</script>
";
}