racertim
08-09-2010, 02:55 PM
I'm guessing that the best way to do this would be with Apache, so I am posting it here.
I have a directory that has thousands of small HTML files. These files can be viewed through a search and are pulled into a PHP page by dynamically changing the iframe source path.
I want to make it so that these files can only be accessed by this page (view.php) and cannot be accessed directly by the user, example.com/html/file1.html.
Thanks!
timgolding
08-09-2010, 03:20 PM
I don't think you can. I pretty sure the request sent by an iframe will be the same as a direct request. The answere here is don't use iframes. Use includes instead. Then you can block access to the folder with an htaccess file.
racertim
08-09-2010, 04:06 PM
I know using iframes is bad, but the HTML files I am pulling in sometimes have body and CSS that can interfere with the container page's tags and styling. And I don't want to remove those pieces from the HTML files.
timgolding
08-09-2010, 04:51 PM
Then I'm not sure what to suggest. You could have separate styles for the iframes?
If you are really adamant that you want to continue using iframes then i might be able to suggest something using sessions in php. Provided you have php running on your server?
racertim
08-09-2010, 05:02 PM
Yes, I have PHP installed and full access to the dedicated server.
timgolding
08-10-2010, 03:07 PM
Well you could have a session variable that defines which iframes are allowed to be viewed then the iframe will only display if that user has them listed in there array
parent file
<?php
// first thing on page (before any output)
session_start();
$_SESSION["pages"]["iframe1.php"] = true;
$_SESSION["pages"]["iframe2.php"] = true;
?>
then the iframe file
<?php
// assuming this frame is iframe1.php
session_start();
if(isset($_SESSION["pages"]["iframe1.php"]))
{
// Render Page
echo "Page";
unset($_SESSION["pages"]["iframe1.php"]);
}
else
die("You do not have permission to access this page.");
?>
racertim
08-10-2010, 03:17 PM
I get that, but it still doesn't protect the HTML files from being viewed directly. Somehow, I need to disable access to all of the files in there, UNLESS they are view through the iframe on view.php.
timgolding
08-10-2010, 03:24 PM
If they're are not viewing it through view.php they will get
"You do not have permission to access this page."
Only a person going on to view.php and setting the session data will be able to see those files.
If you require more security consider not using iframes
