Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New to the CF scene
    Join Date
    Mar 2013
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Php frame helping

    I have written a code and having tons of trouble with it.


    Goal: On index.php there is a text box (well call it $text), select box (drop menu)(well call it box, with variable a,b,c,d), and a submit button.

    Below the submit form will be a frame where the select website will load (basically an iframe)

    The select box is essential a list of urls, and the textbox will be added to the ending.

    How do I send the url to the frame without directly redirecting the whole website?
    Does php have a iframe feature?

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    You don't. Frames and iframes are client side code, not server side code. You need to use javascript or HTML to target the frame. Otherwise you can self submit a form and create a new source for the iframe.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #3
    New to the CF scene
    Join Date
    Mar 2013
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    You don't. Frames and iframes are client side code, not server side code. You need to use javascript or HTML to target the frame. Otherwise you can self submit a form and create a new source for the iframe.
    Thank you very much for your reply, I know i am new to this forum (recently just found it)

    The problem with using a html iframe is that lets say I have this:

    <iframe name="iframe2" src="1.php"></iframe>

    the user can just go to: www.mywebsite.com/1.php and view it directly, the whole point of the iframe is out the window.

    what do you mean you can self submit a for m and create a new source for the iframe?



    edit: I tired and put my 1.php file in the root folder outside public_html, but it looks like the iframe can read the file outside in the root access.
    Last edited by geniused; 03-04-2013 at 10:56 PM.

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    I assume you mean that it *can't* read it. Which is normal; iframes are client side technology, so by giving it a source it needs to be resolvable via http, not filesystem access. PHP on the other hand isn't limited to this, so if you have a script accessible by the client, it can load outside of the public_html.
    There's not a whole lot you can do to prevent direct access via url. Since this is a separate request by the client, you can't do things like constants or variable setting since they are outside of the primary page request.
    What you can do is use disposable token requests assuming the primary page and the one in the iframe are both local. This involves simply setting a token for a request, and then the code in the frame retrieves, compares and consumes a token via a get request.
    For a really basic example:
    PHP Code:
    <?php

    session_start
    ();
    // just something to make it unique and randomish.
    $_SESSION['requestToken'] = sha1(uniqid(''));

    printf('<iframe src="mypage.php?requestToken=%s"></iframe>'$_SESSION['requestToken']);
    Then on mypage.php:
    PHP Code:
    <?php

    session_start
    ();
    if (isset(
    $_GET['requestToken']), $_SESSION['requestToken']))
    {
        if (
    strcmp($_GET['requestToken'], $_SESSION['requestToken']) == 0)
        {
            
    // this here says everything is fine and matches up.
            
    unset($_SESSION['requestToken']);
            
    // do whatever else
        
    }
        else
        {
            die(
    'Invalid access token');
        }
    }
    else
    {
        die(
    'Invalid access token');
    }
    Untested, works alright in my "upstairs library".
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #5
    New to the CF scene
    Join Date
    Mar 2013
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    I assume you mean that it *can't* read it. Which is normal; iframes are client side technology, so by giving it a source it needs to be resolvable via http, not filesystem access. PHP on the other hand isn't limited to this, so if you have a script accessible by the client, it can load outside of the public_html.
    There's not a whole lot you can do to prevent direct access via url. Since this is a separate request by the client, you can't do things like constants or variable setting since they are outside of the primary page request.
    What you can do is use disposable token requests assuming the primary page and the one in the iframe are both local. This involves simply setting a token for a request, and then the code in the frame retrieves, compares and consumes a token via a get request.
    For a really basic example:
    PHP Code:
    <?php

    session_start
    ();
    // just something to make it unique and randomish.
    $_SESSION['requestToken'] = sha1(uniqid(''));

    printf('<iframe src="mypage.php?requestToken=%s"></iframe>'$_SESSION['requestToken']);
    Then on mypage.php:
    PHP Code:
    <?php

    session_start
    ();
    if (isset(
    $_GET['requestToken']), $_SESSION['requestToken']))
    {
        if (
    strcmp($_GET['requestToken'], $_SESSION['requestToken']) == 0)
        {
            
    // this here says everything is fine and matches up.
            
    unset($_SESSION['requestToken']);
            
    // do whatever else
        
    }
        else
        {
            die(
    'Invalid access token');
        }
    }
    else
    {
        die(
    'Invalid access token');
    }
    Untested, works alright in my "upstairs library".
    thank you very much man, I end up using just the iframe code (I didn't know you can echo that).

    Everything working great!

    www.geniusv.in


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •