0

i need to prevent visitors from opening a page outside iframe

for example

when write on browser :

www.sss.com/index.php

will be open

but when write 

www.sss.com/add_news.php

i need to redirect to home page

KAM MAL
  • 47
  • 4

3 Answers3

3

Since an iframe makes a GET request there isn't really any way to distinguish a GET request coming from the browser itself and one coming from an iframe embedded in a page. In both cases the browser makes the same GET request. You could probably write some JavaScript code in your "iframe" page that detects whether or not it is loaded in the top window and redirects if it isn't.

From the accepted answer on How to identify if a webpage is being loaded inside an iframe or directly into the browser window?

using the window properties top and self

<script type="text/javascript">
    if (top === self) {
        location = '/index.php';
    }
</script>
Community
  • 1
  • 1
tvanfosson
  • 524,688
  • 99
  • 697
  • 795
  • by javascript or what ?? – KAM MAL Dec 27 '12 at 21:06
  • Yes. You'd include this snippet of JavaScript inside the page being loaded into the iframe. – tvanfosson Dec 27 '12 at 21:09
  • @KAMMAL `top` is the top most window in the current tab. `self` is the current frame. If `top` is equal to `self` then the page is loaded in the top most window and you need to redirect to the parent page. If it is loaded in an iframe, then `top` will not be equal to `self` and it won't redirect. – tvanfosson Dec 27 '12 at 21:40
0

I suggest you to generate some token eg. "982h2jruhndjf92", store it on server or in cookie then add it as GET param to the in-frame script.

<iframe src="www.sss.com/add_news.php?token=982h2jruhndjf92" />

if url provides same token you show the right view, otherwise redirect user using header() function.

Pio
  • 31
  • 1
  • 1
    All that requires, though, is that the user inspect the page and enter the url with the token attached. – tvanfosson Dec 27 '12 at 20:55
  • but i open other page on this frame by using target – KAM MAL Dec 27 '12 at 21:07
  • i think there is no way to prevent such a situation. Everything that is on the client side can be inspected and manipulated - DOM and scripts. Probably the simpliest way is to check top===self, but inspecting and copying iframe src attribute then pasting it to browser adres bar is pretty trivial way to do. I think the strongest security would give storing some flag (eq. for 10 seconds) in session while requesting top page, then when client requests frame page and there is flag in session stored you can send the response, redirect otherwise. All the logic should be on server to be safe – Pio Dec 29 '12 at 10:59
-1

using just php you could do it with the header

<?php

   header( 'Location: www.sss.com/index.php' ) ;

?>
Bigup
  • 91
  • 4