Printable View
Since it would be an include, it can use PHP variables declared on the 'top' page. Just make the include unavailable as I already mentioned (below the root or password protected) and add a PHP variable on the 'top' page that holds the level information and make that variable's value contingent (via a PHP if) to whether or not the include gets included.
wait using a php variable? but how will that check if javascript is turned on?
it will be somewhat like this:
main.php = iframe of fight.php
fight.php = inludes level.php
level.php = script used to level a character
you cannot access fight.php without being on main.php in your browser
if javascript is turned off... you can access fight.php outside of main.php (most of the games scripts wont be working with javascript turned off, but you can still fight and level very quickly
am i able to put javascript in main.php that allows me to access level.php, however going right to fight.php will now allow the access to level.php (through the include)
(if you have answered already, it just means im a bit confused on what you mean, i learn best through examples)
Don't use an iframe. If it's an include you can set just about anything PHP you like on the 'top' page or the include. PHP code on the include can use PHP variables determined on the 'top' page prior to the spot where it's included. Whether or not to actually include the include and/or what GET to send the include can be determined from information (PHP variables) set on the 'top' page prior to where it would be included. This is all basic PHP stuff.
But for javascript, it's easier to just use javascript. Say your include is here:
Then add the highlighted:Code:<div id="fight">
<?php include 'fight.php'; ?>
</div>
Without javascript enabled, they will never see the include.Code:<div id="fight"style="display: none;">
<?php include 'fight.php'; ?>
</div>
<script type="text/javascript">
document.getElementById('fight').style.display = 'block';
</script>
There are fine points to this that may or may not come into play. Like best to avoid putting the above code in a table. If it must be, the script part has to be outside and below the table and any other containing table. This is only an issue in IE. But believe me, it's a major issue.
This could still possibly be frustrated by a user turning off both javascript and css.
If you want to get really tricky, fetch the fight.php via AJAX. That way it cannot be fetched without javascript enabled. But if it has javascript on it, that can get quite complicated.
Or easier if possible - set a post and/or session value for javascript prior to the loading of the top page and use that. There are various schemes for doing so, like forcing the user to submit a form that has a hidden input with a value that connotes javascript that's written by javascript. Without javascript enabled they can still submit the form, but the javascript created hidden input, its name and value will not be there.
I suppose in the mean time i can just make a button invisible using css like you were saying and make it visible with javascript... i just cant believe this is such a big loophole with iframes... the way my game is set up is that players click links to change the iframe without reloading the whole page, it makes it less choppy... thats why i am inclined to use the iframes instead of includes... i could always rewrite the layout but it would just take way too long... thanks for your help
If you really want to use an iframe you could make it and everything related to it on the top page written out via javascript. That way it wouldn't even be there without javascript, example:
On the page itself (fight.php) you could have in the head:Code:<script type="text/javascript">
document.write('<iframe name="fightframe" src="fight.php?level=1" width="300" height="300" scrolling="auto" frameborder="1"></iframe><br>\n');
document.write('<input type="button" value="Level 2" onclick="window.frames.fightframe.location.href = \'fight.php?level=2\';">');
</script>
Code:<noscript>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.yourdomain.com/noscriptpage.html">
</noscript>