Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: iframe question

  1. #1
    Join Date
    Feb 2007
    Location
    Earth
    Posts
    133
    Thanks
    6
    Thanked 1 Time in 1 Post

    Default iframe question

    Ok so I have a file that I do NOT want to be accessed unless it is in an iframe. Like the main page has a frame that changes from page to page depending on whatever menu button is clicked. One of the pages I only want to be accessed in that fashion, otherwise i want the user to get an error message. Like

    main.php = full page, has iframe of fight.php
    fight.php = page i do not want accessed if it is not included in main.php

    i tried doing this:

    in main.php:

    Code:
    $check='1';
    <iframe src=\"fight.php\" id=\"frame\"></iframe>
    in fight.php at the top:

    Code:
    if(!$check){
    echo "Error.";
    exit;
    }
    Is there any way I can make this happen? (Obviously what I tried didnt work or i wouldnt be asking =p)
    Last edited by jscheuer1; 09-12-2010 at 02:20 PM. Reason: format code
    http://www.insanecombat.com << bored? check out ma game

  2. #2
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    30,495
    Thanks
    82
    Thanked 3,449 Times in 3,410 Posts
    Blog Entries
    12

    Default

    What you are trying here is a real time communication between two pages. In PHP communication only occurs via GET COOKIE or POST. SESSION may also be used. However, as far as I can imagine, your top page could set a SESSION variable allowing the fight page to load. But that wouldn't then prevent fight from loading in another window. And I'm pretty sure there would be no reliable way to unset the SESSION variable when the top page unloaded.

    My thoughts are that perhaps you could use the 'HTTP_REFERER'. Look for it under:

    http://www.php.net/manual/en/reserve...les.server.php

    If the 'HTTP_REFERER' is not the top page, you could exit. As noted there though:

    The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
    There is another problem with this, some browsers allow right click on a link on the top page to open it in a new window/tab. In which case the referrer would be as expected, but the page wouldn't be in the iframe. But I'm sure it would be better than nothing.

    Javascript can do this sort of thing (communicate between two pages on the same domain in real time) though, no problem.

    If your fight page depends upon javascript for something anyway, or could be made to, then using javascript would be able to effectively prevent the situation of the fight page being loaded without the top page.
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  3. #3
    Join Date
    Nov 2006
    Location
    Northeast USA
    Posts
    408
    Thanks
    8
    Thanked 30 Times in 28 Posts

    Default

    As jscheuer said above, this is nearly impossible for php to detect this. You could pass a unique id, that was randomly generated each time main.php was loaded, then stored in a database. For the iframe source, "fight.php?id=1jh498cjd9dfjne9" and that would reference the database number. If they don't match, provide an error, if they do, display the page as normal.

    A non-iframe thing that you might try is to include fight.php in main.php. Just chmod fight.php so that it is un-accessible to everyone, or just put it in a non-public folder.

    As for a javascript solution, I recommend you check out this thread: http://www.webmasterworld.com/forum21/12046.htm
    It's just the opposite, they don't want the page to be in an iframe, a simple removal of the "!" before "!=" should make it work as intended, but obviously if the user disables javascript, this won't work.
    Edit:
    More googling made me find this:
    Code:
    <noscript>
    <meta HTTP-EQUIV="REFRESH" content="0; url=http://www.yourdomain.com/noscriptpage.html">
    </noscript>
    put that in the heading and your good to go.
    Last edited by fileserverdirect; 09-12-2010 at 03:39 PM.
    -Ben -- THE DYNAMIC DRIVERS
    My Links: My DD Profile||My Youtube Video Tutorials||DD Helping Coders||DD Coders In Training
    I told my client to press F5, the client pressed F, then 5, *facepalm*

  4. The Following User Says Thank You to fileserverdirect For This Useful Post:

    Demonicman (10-02-2010)

  5. #4
    Join Date
    Feb 2007
    Location
    Earth
    Posts
    133
    Thanks
    6
    Thanked 1 Time in 1 Post

    Default

    thanks that makes sense, i never really thought of giving javascript a try
    http://www.insanecombat.com << bored? check out ma game

  6. #5
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    30,495
    Thanks
    82
    Thanked 3,449 Times in 3,410 Posts
    Blog Entries
    12

    Default

    Quote Originally Posted by fileserverdirect View Post
    As for a javascript solution, I recommend you check out this thread: http://www.webmasterworld.com/forum21/12046.htm
    It's just the opposite, they don't want the page to be in an iframe, a simple removal of the "!" before "!=" should make it work as intended, but obviously if the user disables javascript, this won't work.
    I believe that advice would simply result in an endlessly reloading page.

    You need something like, on fight.php:

    Code:
    if(top.location.href === location.href){
    	location.href = 'http://www.yourdomain.com/main.php';
    }
    or even better:

    Code:
    if(top.location.href !== 'http://www.yourdomain.com/main.php'){
    	location.href = 'http://www.yourdomain.com/main.php';
    }
    This assumes that main.php isn't a default page, like index or home would be, if so, slightly more code would be required.

    If there's another page in that iframe sometimes and fight.php is not the hard coded source for the iframe, you could even combine with PHP to get main.php to load fight.php in its iframe if accessed like:

    Code:
    if(top.location.href !== 'http://www.yourdomain.com/main.php'){
    	location.href = 'http://www.yourdomain.com/main.php?iframe=fight';
    
    Use $_GET on the main.php page to determine what to use as the src attribute for the iframe:
    
    
    }
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  7. #6
    Join Date
    Feb 2007
    Location
    Earth
    Posts
    133
    Thanks
    6
    Thanked 1 Time in 1 Post

    Default

    John, when I tried your idea i ended up with:

    Code:
    Content Encoding Error 
    
    The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression.
    
    *   Please contact the website owners to inform them of this problem.
    That was with a simple

    Code:
    $href=top.location.href;
    echo $href;
    I had the same problem trying to put $_SERVER[] requests into variables as well. Like I found this code online

    Code:
    <?php
    $url="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
    echo $url;
    ?>
    but i continue to get the same error page.

    Do I have something set up wrong? This happened in FF (not sure about other browsers) but I want the site to be available in all browsers... so whether or not its just FF doesnt really matter.
    http://www.insanecombat.com << bored? check out ma game

  8. #7
    Join Date
    Feb 2007
    Location
    Earth
    Posts
    133
    Thanks
    6
    Thanked 1 Time in 1 Post

    Default

    nevermind that post im being stupid and writing the script in the wrong place...

    ok so javascript works... but as you said if javascript is disabled then no luck... so far i have:

    Code:
    echo "
    <script LANGUAGE='javascript'>
    <!--
    if(top.location.href != 'http://example.com/example.php' && top.location.href != 'http://example.com/example.php#non'){
    top.location.href = 'http://example.com/example.php';
    }
    -->
    </script>";
    So how am i now supposed to prevent people from just turning off javascript, opening the page, and clicking away?

    What i have is:

    Code:
    <script language='javascript' type='text/javascript'>
    
    function checkJavaScriptValidity()
    
    {
    
    document.getElementById(\"vischeck\").style.visibility = 'visible';
    document.getElementById(\"vischeck2\").style.visibility = 'hidden';
    
    }
    
    </script>
    <body onload='checkJavaScriptValidity()'>
    and

    Code:
    <div id=vischeck style='visibility:hidden'>javascript on</div><div id=vischeck2 style='visibility:visible'>javascript off</div>
    but people are complaining that even when they have javascript on, they still sometimes see javascript off (obviously i have all the script on the javascript on div) and i COULD just put a javascript refresh in the javascript off div but its choppy enough, i dont think everyone wants me to make it even more choppy... and it just seems really weird that people would randomly see javascript off when they have it on... so im not sure why that would happen... there just HAS to be a better way to go about this other than javascript... even though its really nice and works perfectly, people can turn it off because its not server sided... and that defeats the purpose...
    Last edited by Demonicman; 10-01-2010 at 11:39 AM. Reason: added new code
    http://www.insanecombat.com << bored? check out ma game

  9. #8
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    if you use javascript to load the iframe, you can insure that it won't be seen (at all) if javascript is turned off.

    personally, I think FSD's suggestion of using include() would work better, unless you absolutely must have the content in an iframe.

  10. The Following User Says Thank You to traq For This Useful Post:

    Demonicman (10-02-2010)

  11. #9
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    30,495
    Thanks
    82
    Thanked 3,449 Times in 3,410 Posts
    Blog Entries
    12

    Default

    If you have PHP, just (as others are saying) make it an include instead of the not exactly standard (from the point of view of implementation), in the process of being deprecated iframe. You may even place it below the root of the domain and/or password protect it to ensure no one sees it on its own.

    That said, you could have style on the page in the iframe:

    Code:
    body {
    display: none;
    }
    Then after that have a script:

    Code:
    document.body.style.display = 'block';
    Not foolproof, but they'd have to really, really want to see the page by itself, figure out that they need to turn off css and javascript, and then do so. Not likely to happen by accident as with javascript alone disabled. Except perhaps with a screen reader or a bare bones browser like lynx, but you might want the visually/software impaired to be able to "see" the page anyway.

    You of course have all links and elements with attributes that point to this page marked no follow for SEO, as well as the no index header for the page itself, right?

    I'd go for the include though, much cleaner.
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  12. #10
    Join Date
    Feb 2007
    Location
    Earth
    Posts
    133
    Thanks
    6
    Thanked 1 Time in 1 Post

    Default

    Ok I have a new thought on the approach... if people arent able to level while fighting on the page with javascript turned off, it would defeat the purpose of turning off javascript to access the page by itself.

    So everyone was saying use an include for the original page i wanted available in the iframe but not by itself... So the fight page is fight.php and the level page is level.php... level.php is included if the player has enough experience to level up... How can I make level.php not included if javascript is turned off? Or make it not work in some way? Or make level.php not be included if the URL shows fight.php instead of main.php...
    http://www.insanecombat.com << bored? check out ma game

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •