I am trying to protect my content from example.php file. Therefore, I need to disallow direct access to this page as well as any iframe point to it without my permission.
I configure a php file called iframe.php loading iframe from example.com. This is how I did:
Code for example.php:
<?php
session_start();
if(!isset($_SESSION['iframe']) || !isset($_GET['internal']) || $_SESSION['iframe'] != $_GET['internal'])
{
die("This page can be accessed just from within an iframe");
}
unset($_SESSION['iframe']);
?>
Code for iframe.php
<?php
session_start();
$_SESSION['iframe'] = md5(time()."random sentence");
?>
<iframe src="example.php?internal=<?php echo $_SESSION['iframe'];?>" width="500" height="100"></iframe>
It works well. However, When I click on any link in iframe.php, I will be redirected to other page. After that, I click the Back button in browser and receive the message: "This page can be accessed just from within an iframe".
Could you please help me keep the page working perfectly after getting back?
Thank you for reading.
Its Simple, you can do it by Javascript.
if(window==window.top) {
// not in an iframe
}
In your file with iframe code just set php cookies:
<?php
setcookie("stackoverflow", 1);
?>
In your php files add code:
<?php
if(isset($_COOKIE['stackoverflow'])){
echo "";
}
else{
die('Good Bye');
}
?>
Best Regards ;)
Related
is there any way I prevent direct access to my php gage but allow from javascript?
I have this code:
<script type="text/javascript" src="mypage.php?p=a"></script>
on mypage.php I have this code
<?php
Header("content-type: application/x-javascript");
if(!isset($_SERVER['HTTP_REFERER'])) {
header('HTTP/1.1 403 Forbidden');
exit;
}
else
{
$mycode="something here";
echo "document.write(\" $mycode \")";
}
?>
it is work fine if some one type url in browser, but if some one open mypage.php as a link
<a href=http://mywebsite.com/mypage.php>link</a>
, I want to prevent opening the page, is there any way to do that using php or javascript?
I have a site https://one.com/go.php that (for example) contains :
session_start();
$_SESSION['id_ad'] = 123456;
header('Location: https://two.com/index.php');
and on https://two.com/index.php user click and go to https://three.com/index.php that contains :
<script type="text/javascript" src="https://one.com/2.php"></script>
and finally 2.php is:
<?php
session_start();
header("Content-Type: application/javascript");
?>
alert("<?=$_SESSION['id_ad']?>");
can i access $_SESSION['id_ad'] in 2.php ?
I tested only on firefox works.
////////EDIT//////
thank you to #Dimash to mention my mistake, but the main question still exists
It works, you just return javascript wrongly. Firefox for some reason works, but other browsers fails.
Here is working code:
<?php
session_start();
header("Content-Type: application/javascript");
?>
alert("<?=$_SESSION['id_ad']?>");
Please note, that code was tested.
expect javascript file, not php with tag, you need return reall js file, so you need add header content type, telling that it is js file + remove script tag, as it is not html but regular js file.
I am using window.location.href in a php function which forces a file download without opening an additional window. The file download works and the rest of the php script executes. However, nothing that I output after the line with the javascript in the function will show up in the iframe. Is there a way to redirect the output back to the original php script?
Here is the javascript line from the php file:
echo "<script>window.location.href='download.php';</script>";
Here is the code from download.php:
<?php
session_start(); // Starts new or resumes existing session
$filename = $_SESSION['filename']; // Creates variable from session variable
header("Content-Type: text/plain"); // Output text file
header("Content-Disposition: attachment; filename=$filename"); // Output file name
readfile($filename); // Outputs the text file
?>
This is an example of something in the php file that will not output to the iframe after the line of javascript:
echo 'Test Output';
Thanks in advance,
Jay
EDIT
I replaced the line of javascript with the following and it works perfectly:
echo "<iframe id='my_iframe' style='display:none;' src='download.php'></iframe>";
You don't need to put the redirect inside the iframe page.
The best way I can think of atm is to use an invisible frame as mentioned in Andrew Dunn's answer to this question
Quoting from that answer:
<iframe id="my_iframe" style="display:none;"></iframe>
<script>
function Download(url) {
document.getElementById('my_iframe').src = url;
};
</script>
Have that inside your main page. url is basically the download url ("download.php" in your case). You can use a button to make the download manual. If you want it forced. Add src=url to the iframe and remove the script.
I would advice researching and using jQuery.
Here is the simple code I have placed before the on the Wordpress site:
<script type="text/javascript"> <!-- if (screen.width <= 800) {
window.location = "http://m.domain.com"; } //--> </script>
This issue is, this redirects all pages of our site to to the landing page. I only want the home page to be redirected. How would I write this?
Put this code in header.php of your theme.
<?php
if (is_front_page()) {
echo '<script type="text/javascript"> <!-- if (screen.width <= 800) {
window.location = "http://m.domain.com"; } //--> </script>';
}
?>
Redirects with javascript can cause your website to be penalized by Google.
You are much better off using a Header redirect with PHP. You can detect mobile users based on their user agent rather that relying solely on the width of the browser window.
If you can't write all the code yourself, this plug-in could be helpful for that.
https://wordpress.org/plugins/equivalent-mobile-redirect/
Put this code right at the top of your themes header.php
<?php
if(is_front_page())
header('Location: http://example.com');
?>
This will only redirect on the front page. Just replace example.com with your desired url.
To setup a redirect for a different but specific page, you can use get_the_ID().
e.g.
<?php
if(is_front_page())
header('Location: http://example.com');
elseif(get_the_ID() == PAGE ID HERE)
header('Location: http://example2.com');
elseif(get_the_ID() == PAGE ID HERE)
header('Location: http://example3.com');
?>
if you want to redirect on all pages but still have homepage go somewhere else and leave some pages alone, use the below code.
<?php
if(is_front_page())
header('Location: http://example.com');
elseif(get_the_ID() != PAGE ID HERE || get_the_ID() != 2ND PAGE ID HERE)
header('Location: http://example2.com');
?>
I have question regarding PHP and redirecting a page. In my HTML I have an iframe.
<iframe class="container" name="content" id="content" src="LandingPage.php" name="contents" scrolling="no" frameborder="0" onload="sizeFrame(this)" ></iframe><!-- CONTENT frame -->
I want to reload the whole document to index.php and not just display index.php in the iframe. Currently all my efforts and searched suggestions load the index.php file in the iframe. How can I force the page to unload the current loggedin.html file and reload only index.php in the same window?
I tested the following at the top of LandingPage.php to make sure the page can be displayed.
It is not the session that is faulty as the index.php file is displayed just not in the correct place.
if(! isset($_SESSION['loginvalid']))
{
//header("Location: index.php");
//exit();
$URL="index.php";
$t = "_top";
echo "<script>window.location.replace='$URL' target= '$t'</script>";
//echo"window.location.href = $URL target= \"_top\"";
exit;
} else {
Any help and suggestions will be appreciated.
Instead of
<script>window.location.replace='$URL' target= '$t'</script>
try
<script>parent.location='$URL'</script>