PDA

View Full Version : Resolved Redirect if not opened in a popup



newbtophp
01-17-2010, 01:19 PM
Im using the following function to open a pop up:


function popup(){
var w = window.open('/open.php','Open','width=430,height=550,scrollbars=1');
w.targetField = targetField;
w.focus();
return false;
}

But i want to redirect open.php to another page if its not opened in a popup?

Anyone can help?
:rolleyes:

Thnaks.

auriaks
01-17-2010, 01:52 PM
return false;
you got false when pop up is showed?

newbtophp
01-17-2010, 02:32 PM
return false;
you got false when pop up is showed?

:confused:

Not sure, i just do onclick....popup(); on another page; and when i click it opens the open.php in a popup as its supposed too :)

Just wanted to block direct file access to open.php (so it has to open in a popup else it would redirect to another page)

auriaks
01-17-2010, 02:54 PM
in what page is your link with onclick?

maybe you can give me link to your page, to see what you want to do and maybe there is other way...

newbtophp
01-17-2010, 04:42 PM
Its on localhost at the moment, you can test that function anywhere :)

newbtophp
01-17-2010, 06:59 PM
anyone? :(

jscheuer1
01-17-2010, 07:50 PM
In javascript you want to know if the window that open.php opens in was opened via javascript and has the name of 'Open' as your code dictates. First of all, this is extremely unlikely if javascript is disabled, right? For that you could just have an actual link for the anchor tag that otherwise would open the popup (something like):


<a href="someother.php" onclick="return popup();">Link Text or Image Tag</a>

This will take care of folks without javascript enabled, and of folks with javascript who click on the link and use some feature of their browser like "open link" or "open link in a new window", either of which, even with javascript enabled, will either open an empty page, or someother.php.

Finally, let's say someone has somehow bookmarked open.php or decides to try to navigate there directly for some reason. This javascript in the head of that page will redirect them:


<script type="text/javascript">
if(!window.opener || window.name !== 'Open'){
location.replace('someother.php');
}
</script>

But only if javascript is enabled. It would be invalid, but you could also use a noscript tag to insert a meta tag redirect into the head to take care of non-javascript users, who - however they got there - did not get there via your javascript code.

PHP itself may have an equivalent to this last bit, if so it would be preferable.

djr33
01-17-2010, 09:38 PM
PHP would be able to redirect, but only as a header sent before any code, so there would be no way for it to interact with the javascript to check about the window (and PHP would have no information about the window's status). Javascript or a meta redirect would be the only options (unless there's something else, unrelated, that I'm not thinking of).

You could also try the same approach but in reverse:
If it WAS opened by Javascript redirect to the real page. This would eliminate any need for the complex code.
But you would still need something on that page in case Javascript was disabled, so for that I suggest keeping the code above to send them back. It might be simpler just to use the method above, so consider both approaches.

auriaks
01-17-2010, 10:22 PM
if you want to save information or something else, you can hide a link with php, so noone who wasnt supposed to see it will not see it :D ...
also, there is a way to manage this link appearance when someone have to paid for the file from link... if user is registered, you can save authentic generated code to his account and then after checking it on the page - link will appear.

All in all, maybe its hard to understand what im talking about, but i could explain it better if you need something of this kind.

newbtophp
01-18-2010, 01:01 AM
cheers resolved

jscheuer1
01-18-2010, 07:16 AM
PHP would be able to redirect, but only as a header sent before any code

I'm thinking that if PHP can detect javascript enabled/disabled you could do that and redirect if disabled, right? I mean you cannot put any HTML code before it or echo to the page, but a simple detection may be performed, at least I think I've seen that sort of thing elsewhere.

Anyways, I've tested the noscript meta refresh idea and in limited testing it appears to work:


<noscript>
<meta http-equiv="refresh" content="0;URL=someother.php">
</noscript>

But I'm pretty sure it's invalid, and the meta refresh redirect can be disabled in some browsers, others (older browsers) may ignore it, so it's far from ideal.

djr33
01-18-2010, 07:28 AM
PHP executes entirely on the server. The only information available to it is the URL sent, cookies, post data from forms (etc), and the data sent from the browser like user agent string and IP address.

As far as I know, none of this will include any information whatsoever about Javascript. You could potentially try to set some of it, such as a cookie, but that may not be reliable.

Unless there is some special request that can be identified on the server as from Javascript (and in this case probably only in cases like Ajax, etc., that are actually FROM javascript, not just with it enabled), then I don't see any way to know this.

PHP executes while sending information to the browser. This is based on the initial information that is available. Then the code executes and sends any and all headers; then it begins with html (or other text) output. I have never seen a script that responds live to the browser as this is executed/output, though it might be theoretically possible, but, again, this is just generating the html to be served-- Javascript would not execute until the page is served, and even if you could theoretically get it to execute before it had finished processing the PHP, I don't know of any way to force the PHP to do something different-- especially when what you need is a header redirect.

If you have a link, please post it. I'm curious. If so, it's beyond the level at which I've ever used PHP.


As for the noscript idea, I still suggest going about it the opposite way, perhaps via an Ajax request if javascript is enabled (or default to the other page).

jscheuer1
01-18-2010, 08:05 AM
Well fortunately the original question has already been answered to the person's satisfaction. But the problem with "going about it the opposite way" is that whatever is used to do that could either be spoofed or (by disabling javascript) ignored by the user in order to get to the open.php file without it being in the desired pop up window. Even what I wrote can be spoofed by pasting this into the address bar:


javascript:void(open('http://domain.com/path/open.php', 'Open'))

This will, in Firefox with certain settings at least, open the page in a new tab, ignoring the new window settings from the first post in this thread, while at the same time frustrating the javascript detection of a new window named 'Open' as a means to redirect if not opened by the poster's code because it will be a new window named 'Open'.

Any post or get data could be spoofed by creating one's own form locally and using that. If AJAX is used to retrieve the content into open.php, that content has to come from somewhere and that page could be navigated to directly.

All in all though, under most circumstances, and certainly for the vast majority of users surfing about, not actually intending to get to open.php without the designer's specifications, my outlined methods will work just fine.

I fail to see how any of this could be all that crucial though. The specifications of the original post are hardly critical in any way (window size is a throwaway, scrollbars are the default). And like if open.php needs to communicate with it's opener, at that point certain things about the opener could be ascertained, and if lacking the operation aborted at that point. Or if open.php does something secure, it could be setup so that the user must be logged in. So either way it wouldn't matter how they got there. The open.php file would only be of use to them if they got there in the 'proper' manner.

djr33
01-18-2010, 08:09 AM
It could be spoofed any way it's approached. But if you do it via loading the "real" page via ajax if things go correctly, it would work unless they take apart the code to find the 'real' url.