Develop Reference

how to use php sessions in embeded files?

I have a site https://one.com/go.php that (for example) contains :
session_start();
$_SESSION['id_ad'] = 123456;
header('Location: https://two.com/index.php');
and on https://two.com/index.php user click and go to https://three.com/index.php that contains :
<script type="text/javascript" src="https://one.com/2.php"></script>
and finally 2.php is:
<?php
session_start();
header("Content-Type: application/javascript");
?>
alert("<?=$_SESSION['id_ad']?>");
can i access $_SESSION['id_ad'] in 2.php ?
I tested only on firefox works.
////////EDIT//////
thank you to #Dimash to mention my mistake, but the main question still exists

It works, you just return javascript wrongly. Firefox for some reason works, but other browsers fails.
Here is working code:
<?php
session_start();
header("Content-Type: application/javascript");
?>
alert("<?=$_SESSION['id_ad']?>");
Please note, that code was tested.
expect javascript file, not php with tag, you need return reall js file, so you need add header content type, telling that it is js file + remove script tag, as it is not html but regular js file.

No output to iframe after using window.location.href

I am using window.location.href in a php function which forces a file download without opening an additional window. The file download works and the rest of the php script executes. However, nothing that I output after the line with the javascript in the function will show up in the iframe. Is there a way to redirect the output back to the original php script?
Here is the javascript line from the php file:
echo "<script>window.location.href='download.php';</script>";
Here is the code from download.php:
<?php
session_start(); // Starts new or resumes existing session
$filename = $_SESSION['filename']; // Creates variable from session variable
header("Content-Type: text/plain"); // Output text file
header("Content-Disposition: attachment; filename=$filename"); // Output file name
readfile($filename); // Outputs the text file
?>
This is an example of something in the php file that will not output to the iframe after the line of javascript:
echo 'Test Output';
Thanks in advance,
Jay
EDIT
I replaced the line of javascript with the following and it works perfectly:
echo "<iframe id='my_iframe' style='display:none;' src='download.php'></iframe>";

You don't need to put the redirect inside the iframe page.
The best way I can think of atm is to use an invisible frame as mentioned in Andrew Dunn's answer to this question
Quoting from that answer:
<iframe id="my_iframe" style="display:none;"></iframe>
<script>
function Download(url) {
document.getElementById('my_iframe').src = url;
};
</script>
Have that inside your main page. url is basically the download url ("download.php" in your case). You can use a button to make the download manual. If you want it forced. Add src=url to the iframe and remove the script.
I would advice researching and using jQuery.

Is there a way to include an external .js file in this php code?

Would it be possible to add an external .js file to put in this current image position that I have set up right now? I'm fairly new to javascript and php so any help would be greatly appreciated.
echo "<div style=\"margin-bottom:50px;clear:both\">";
if ($result == 8) {echo "<div style=\"width:300px;height:250px;background-color:#f6f6dd;margin-left:10px;margin-bottom:20px;\">";
**echo "<!-- No script tag -->
<img border=\"0\" width=\"100%\" height=\"auto\" src=\"myadspt.png\" alt=\"Ad spot text goes here\">";**
echo "</div>";}
Sorry I should have mentioned this part before as well. This .php code is for a newsletter with ad positions inside of it. The .js file that needs to be placed in this .php code is an .swf ad uploaded onto an external news site (I'll call it "SITE A") In "SITE A", the ad has it's own .js script that goes with it.
When this ad is uploaded onto "SITE A", I want it to automatically place into the newsletter, that way it's less hassle for me, and also on "SITE A" it will count the amount of clicks the ad gets each time the newsletter is sent out.
This is the .js script below. Hopefully this helps clarify on what I am wanting to do.
<!-- Global Ad Manager javascript file -->
<script type="text/javascript" src="http://www.mysite.js"></script>
<!-- Ad Manager call to display ads for position testa-->
<script type="text/javascript">
TNCMS.AdManager.render
({
domain: 'www.mysite.com',
secureDomain: 'mysite-dot-com.',
section: testa',
region: 'test',
slot: '1'
});
</script>

PHP only prints HTML. So whatever you want to be done using HTML, you just have to echo that HTML using PHP. So for this case:
echo '<script src="http://url.com/path/script.js"></script>';

just break out of the php using the php tags, I wouldn't use echo and just simply use the script tag.
This is an html tag and not php code.
<?php
//your php code here
?>
<script src="http://url.com/path/script.js"></script>
It is recomended to have this into your "head" tag but you can have it in the body of your document (this is not a good practice).

Is it possible to put a javascript function in a php file?

Non-programmer here, trying to figure something out.
I have a javascript function in the header of my document that upon page load it opens another page in an iframe and reveals an svg file on my server for minor online editing. I would like to place my javascript function in a php file, so that these folder locations of the svg files cannot be determined for anyone to download these svg files freely.
Currently I have this on my html header:
<script type="text/javascript">
function loaded()
{
document.getElementById("myiframe").src="http://www.mydomain.com/myfolder/mypage.html?url=myotherfolder/"+window.location.search.substr(1);
}
onload=loaded;
</script>
Since I have heard that php is a server side script and not viewable, I thought this would mask the location of these files on my server.
I want to remove this javascript code from my header and place it in a php file and replace the header code with either of these:
<script src="phpjavafile.php"></script>
or
<?php include ('phpjavafile.php'; ?>
and finally put the javascript into a php file like this:
<?php
<script type="text/javascript">
function loaded()
{
document.getElementById("myiframe").src="http://www.mydomain.com/myfolder/mypage.html?url=myotherfolder/"+window.location.search.substr(1);
}
onload=loaded;
</script>
?>
I have tried both of these methods and neither load properly.
I must be doing something wrong. Am I on the right track, or is there a better way of getting this to work.
Thank you ahead of time.

By using the echo() function
PHP
<?php
echo '<script>
some javascript
</script';
?>
However if you are just trying to load the php on page load without any php args then just write it out of the tags.
If you have the JavaScript is another file then using
PHP
<?php
include 'path/to/javascript/file.php';
?>
Should work.
You cannot hide javascript as it is interpreted browser side and not server side so the users browser has to have accesses to the code.
Here is the code I think you are asking for:
PHP HTML
<?php
$html = file_get_contents("path/to/data.html");
?>
<div>
<?php echo $html; ?>
</div>
doesn't use an iframe but should still work. However any relative links will not work unless both files are in the same dir and there will be no iframe functionality without additional css

You can just output it as text in your PHP file.
<?php
// Some PHP stuff here
?>
<script type="text/javascript">
function loaded(){
....
}
onload=loaded;
</script>
<?php
// Some more PHP stuff here
?>
Alternatively, you can just link to it in the usual way from within the same file:
<script src="path/to/your/file.js"></script>

Redirect IF referrer matches destination

I would like to redirect to a different page if the referrer matches the loaded website. I want to do this because I run a php rotator script running simultaneously on several websites. But IF I have site A being advertised on sites A B C D, I would like site A to show only if the referrer matches site B C or D or not to show if referrer matches site A. This is to prevent showing the same website on itself.
The script is a php script loaded in an iframe. It doesn't have referrer cloaking or anything like that. I can include any javascript or php in the rotator script.
Any ideas or pointers would be appreciated. Thank you!

sorry, this is a little long, but I want to make sure this is well answered.
Let's be clear and use consistent terminology to make sure we're on the same page here:
redirect means to capture the request for the current page and point it at a different page.
For example:
typing "http://gooogle.com" into your address bar will perform a redirect to "http://google.com"
There are multiple kinds of redirects, we'll not got into them here.
referer indicates the URI that linked to the page being requested, as pulled from the HTTP headers
For example:
You're on the page "http://slate.com"
You click a link that leads you to "http://newsweek.com"
your referer is "http://slate.com" in this case.
A redirect may modify the value of the referer, depending on the type of redirect.
In order to accomplish what you wish: to not display an ad in an iframe for the page you are currently on, you are not actually concerned about either of these. You don't need any redirection, and you don't need to be concerned about who linked to the current page.
Consider how your page works:
There is a javascript that executes on page load that inserts an iframe into your document.
That iframe, in turn, loads the PHP file on the server, which displays the ad.
So you have an HTML page that looks something like this:
index.html
<!doctype HTML>
<html>
<head><title>Server A Index</title></head>
<body>
<header>
<section id="top_banner_ad">
<script src="./js/adrotator.js"></script>
</section>
</header>
<!-- Some content... -->
</body>
</html>
Which calls a JavaScript that looks something like this:
/js/adrotator.js
var holder = document.getElementById("top_banner_ad");
var iframe = document.createElement("iframe");
iframe.src = "http://example.com/inc/adrotators.php";
holder.appendChild(iframe);
Which calls, finally, a PHP script that looks something like this:
/inc/adrotators.php
<!doctype HTML>
<html>
<head><title></title></head>
<body>
<?php $advert = get_advert(); ?>
<a href="<?php echo $advert['url']; ?>">
<img src="<?php echo $advert['imgsrc']; ?>">
</a>
</body>
</html>
I'm not sure what you have access to in this scenario, but I'm going to assume you have access to all of these: the page hosting the script (index.html), the javascript that creates the iframe (/js/adrotator.js), and the php script that is called by the iframe (/inc/adrotator.php).
You have at least 2 solutions:
You can either have /js/adrotator.js find out from index.html and tell the /inc/adrotator.php who it is, or you can have /inc/adrotator.php find out who it's parent frame is.
So, the iframe has knowledge of its parent frame (though they can only actually communicate under certain circumstances)
If your iframe loads a page that is on the same domain (subdomains matter), one solution would be to have a javascript in the iframe (in the HTML generated by the PHP) check its parent, like so:
parent.document.location.href
And then request a new ad if the target domain matches the parent.
(preferred) If you can modify the javascript that creates the iframe in your page, then you could have the javascript check the url and add it as a url parameter to the src attribute of the iframe it calls.
For example:
var host_url = window.location.href;
var iframe = document.createElement("iframe");
iframe.src = "http://example.com/ad_rotator.php?host="+ host_url;
document.body.appendChild(iframe);
And then your PHP script would not serve an ad whose target matches $_GET["host"]
<?php
$advert = get_advert();
while ($advert['url'] == $_GET['host']) {
$advert = get_advert();
}
?>
<a href="<?php echo $advert['url']; ?>">
<img src="<?php echo $advert['imgsrc']; ?>">
</a>
all the code here is untested pseudo-code, you will definitely need to modify this, it's just a starter
If you can't modify the PHP that loads the ad, nor can you modify the script that injects the iframe, you're pretty much hosed.