...

View Full Version : Disable access to directory, only allow through iframe?



racertim
08-09-2010, 02:55 PM
I'm guessing that the best way to do this would be with Apache, so I am posting it here.

I have a directory that has thousands of small HTML files. These files can be viewed through a search and are pulled into a PHP page by dynamically changing the iframe source path.

I want to make it so that these files can only be accessed by this page (view.php) and cannot be accessed directly by the user, example.com/html/file1.html.

Thanks!

timgolding
08-09-2010, 03:20 PM
I don't think you can. I pretty sure the request sent by an iframe will be the same as a direct request. The answere here is don't use iframes. Use includes instead. Then you can block access to the folder with an htaccess file.

racertim
08-09-2010, 04:06 PM
I know using iframes is bad, but the HTML files I am pulling in sometimes have body and CSS that can interfere with the container page's tags and styling. And I don't want to remove those pieces from the HTML files.

timgolding
08-09-2010, 04:51 PM
Then I'm not sure what to suggest. You could have separate styles for the iframes?

If you are really adamant that you want to continue using iframes then i might be able to suggest something using sessions in php. Provided you have php running on your server?

racertim
08-09-2010, 05:02 PM
Yes, I have PHP installed and full access to the dedicated server.

timgolding
08-10-2010, 03:07 PM
Well you could have a session variable that defines which iframes are allowed to be viewed then the iframe will only display if that user has them listed in there array

parent file


<?php
// first thing on page (before any output)
session_start();

$_SESSION["pages"]["iframe1.php"] = true;
$_SESSION["pages"]["iframe2.php"] = true;
?>

then the iframe file


<?php
// assuming this frame is iframe1.php
session_start();
if(isset($_SESSION["pages"]["iframe1.php"]))
{
// Render Page
echo "Page";
unset($_SESSION["pages"]["iframe1.php"]);

}
else
die("You do not have permission to access this page.");
?>

racertim
08-10-2010, 03:17 PM
I get that, but it still doesn't protect the HTML files from being viewed directly. Somehow, I need to disable access to all of the files in there, UNLESS they are view through the iframe on view.php.

timgolding
08-10-2010, 03:24 PM
If they're are not viewing it through view.php they will get

"You do not have permission to access this page."

Only a person going on to view.php and setting the session data will be able to see those files.

If you require more security consider not using iframes



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum