2

This is my code from frame.php

<FRAMESET rows="20, 200" FRAMEBORDER=NO FRAMESPACING=0 BORDER=0>
<FRAME src="menu1.html">
<FRAME src="test1.php">
</FRAMESET>

I am wondering if there's a way to block people from going to "test1.php" directly?

I want people to stay on frame.php and if people try to go to " test1.php " directly, it will give you error. Is there such a way or code?

Before coming to this "frame.php" page, my user needs to login.

I am a newbie and I am trying to move things around from user authenticate and config pages, but don't think anything is working for me.

I include user authenticate and config pages in "menu1.html". This section shows something like " welcome username | logoff | the rests of the menus ". When people sign-in, they can access "frame.php including test1.php"

I found this, but not really sure how to use it. What code do i put in the " proceed " area? Also, should I put " logoff.php " after else? 

if ($_SERVER['HTTP_REFERER'] == 'http://mysite.com/downloadlist.php') {
//proceed
} else {
//kick user out
}

Thank you very much.

piamboon
  • 21
  • 3

3 Answers3

2

use the following javascript snippet in test1.php to determine if test1.php is loaded from an iframe:

if (window.location != window.parent.location) {
    // test1.php is within iframe
} else {
    // test1.php is accessed directly
}
minaz
  • 5,690
  • 1
  • 32
  • 29
2

1.You don't use frameset. Frameset is deprecated and doomed tag. Use iframe instead, imo. In this current page you can use just INCLUDE php function to minimize http requests.

2.The request from url and from frame are the same GET requests. So there's no way you can understand on server, where that request has come from: frame or elsewhere. But you can use js. I don't recommend you this, but it works like this:

<body onLoad="fromFrame">
    // test1.php code here
</body>
<script type="text/javascript">
function fromFrame() {
    if (window.top === window.self)
       document.location.href = "errorRedirectUrl";
}
</script>
Vladislav Qulin
  • 1,872
  • 1
  • 17
  • 20
0
  1. You might want to read this before using frames
  2. The best way to prevent direct access to your php script is to put it in a folder and prevent access to this folder in the .htaccess file. Then use include to access it (from another page which 'okay' for the user to access).
Community
  • 1
  • 1
Nir Alfasi
  • 53,191
  • 11
  • 86
  • 129