Is there a way to determine whether the user is using a web page in side and iframe or is it normal browsing using PHP?
Using the javascript code that #deceze mentioned above (I pasted it in below),
if (parent.frames.length > 0) { ... }
If the above code noticed the page was displayed within iframe, then call 'IAmInIFRAME.php'(just example) via ajax call.
You can add some GET parameters to the request while using IFRAME.
<iframe src="http://www.example.com/iframe?iframe=1">
But while non-iframe request there wouldn't be this GET parameter.
You can check is this GET parameter presents and define it in the session.
So there would be different sessions for iframe and usual window.
The solution is to see if the parent's location and the current window's location is the same. If it is the same, then the page was loaded normally, if it is different then the page was loaded in an iframe.
var isInIFrame = (window.location != window.parent.location) ? true : false;
This came from this website. http://www.24hourapps.com/2009/01/check-if-page-is-loaded-in-iframe-using.html, and it came from the SO question here Check if site is inside iframe.
NOTE: In one test, I got a cross browser origin error but that would also only come if the two locations were different.
Related
I want to check redirect to another link from our webpage if user clicking on back from browser I must be alert for user such as 'Backword Forbidden ...'
I'm using this code and that not working for me:
$referer = Request::header('referer');
or how to check witch URL user backword to our site?
If you want to get the Referer URL, you can use either Request::header('referer') or native $_SERVER["HTTP_REFERER"]. But there are (at least) 2 problems with that:
It can be spoofed, empty etc.
It will only work if the person got to your page through a link. It won't work when pressing the browser's back button or backspace.
The function you're looking for is Request::server() which functions just like the $_SERVER super global, so to get the page referer you'd do the following.
$referer = Request::server('HTTP_REFERER');
Using Request::header('refer') will only work for POST requests.
GET requests are the one your're looking for.
You can use Request::segment(1) or Request::segment(2), depends on the exact URL you're using.
I have a Wordpress website with Domain: Hello.com which is "ajaxified".
what I want to know is how to redirect user back to Hello.com if they visit Hello.com/ask, Hello.com/cake or anything deeper using the browser address bar.
Even if they go 2 degrees deeper like Hello.com/cake/make, I want them to stay at the root of my website.
I am using Wordpress and my first Idea was to put redirect script at header, but ended up making an infinite redirect loop.
How can I redirect users to homepage without redirecting my ajax requests to the homepage as well?
[If you ask why I would disallow them to go deeper, the answer is: I
am using ajax to load deeper pages and everything else into a div]
By adding a short PHP script somewhere before everything else, I was able to check how my pages were loaded using the condition below.
if(strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest')
It allowed me to check through PHP if it was through Ajax or not.
The value of $_SERVER['HTTP_X_REQUESTED_WITH'] is xmlhttprequest when the request was an ajax request.
For my case, this is how I used it:
if(strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
header("Location: http://". $_SERVER['HTTP_HOST']."/");
}
Which would check if the request was done through ajax, and redirect to the homepage/Main Screen of the website/web App if not.
I got the idea after reading this post
Note: Usage of HTTP_X_REQUESTED_WITH depends on the JavaScript framework you are using, if it sets that header. I am using jQuery and it does it for you.
Also $_SERVER is not entirely a part of PHP so it also depends if your server passes that variable to PHP.
If you are on a Nginx Server and it doesn't work for you, you can try this:
Passing HTTP_X_REQUESTED_WITH from nginx to php
Hope this helps others!
using JS : (in <head> tag)
<script>window.location="https://stackoverflow.com";</script>
using PHP : (in <head> tag)
header('Location: https://stackoverflow.com');
end();
Which one I should use ? or another ?
and what about using <meta>?
<meta http-equiv="refresh" content="0;url=https://stackoverflow.com"/>
Many good answers , I don't know which answer I will accept, Thanks so much
The result is same for all options. Redirect.
<meta> in HTML:
Show content of your site, and next redirect user after a few (or 0) seconds.
Don't need JavaScript enabled.
Don't need PHP.
window.location in JS:
Javascript enabled needed.
Don't need PHP.
Show content of your site, and next redirect user after a few (or 0) seconds.
Redirect can be dependent on any conditions if (1 === 1) { window.location.href = 'http://example.com'; }.
header('Location:') in PHP:
Don't need JavaScript enabled.
PHP needed.
Redirect will be executed first, user never see what is after. header() must be the first command in php script, before output any other. If you try output some before header, will receive an Warning: Cannot modify header information - headers already sent
A better way to set the location in JS is via:
window.location.href = 'https://stackoverflow.com';
Whether to use PHP or JS to manage the redirection depends on what your code is doing and how. But if you're in a position to use PHP; that is, if you're going to be using PHP to send some JS code back to the browser that simply tells the browser to go somewhere else, then logic suggests that you should cut out the middle man and tell the browser directly via PHP.
It depends on how and when you want to redirect the user to another page.
If you want to instantly redirect a user to another page without him seeing anything of a site in between, you should use the PHP header redirect method.
If you have a Javascript and some action of the user has to result in him entering another page, that is when you should use window.location.
The meta tag refresh is often used on download sites whenever you see these "Your download should start automatically" messages. You can let the user load a page, wait for a certain amount of time, then redirect him (e.g. to a to-be-downloaded file) without Javascript.
PHP redirects are better if you can as with the JavaScript one you're causing the client to load the page before the redirect, whereas with the PHP one it sends the proper header.
However the PHP shouldn't go in the <head>, it should go before any output is sent to the client, as to do otherwise will cause errors.
Using <meta> tags have the same issue as Javascript in causing the initial page to load before doing the redirect. Server-side redirects are almost always better, if you can use them.
The first case will fail when JS is off. It's also a little bit slower since JS must be parsed first (DOM must be loaded). However JS is safer since the destination doesn't know the referer and your redirect might be tracked (referers aren't reliable in general yet this is something).
You can also use meta refresh tag. It also requires DOM to be loaded.
window.location.href = 'url';
is beter than
header('location:url');
because the header command is mustly return an error "Warning: Cannot modify header information - headers already sent"
using js window.location.href = 'url';
this is beter
Im new to this and im trying to rewrite URL so that utm_expid is hidden so if my url is:
http://www.myweb.com/?utm_expid=67183125-2
how would i make it so when user visits
myweb.com
it does not show utm_expid in url
Is this possible using PHP/JS?
NOTE: i cant use RUBY or any other languages except PHP/JS/HTML
There is a way. Just redirect the page to base url once the utm_expid=67183125-2 is got. ie,
if($_GET['utm_expid']) { //header to redirect to myweb.com }
Its a tricky way. Hope you are permitted to use it.
Just start a session and store value in session variable. you can regain it even page is re directed.
ie
<?php
session_start();
if($_GET['utm_expid']) {
$_SESSION['variable_name']=$_GET['utm_expid']
//header to redirect to myweb.com
}
?>
Let me add this Javascript trick that is server agnostic.
if (location.search.indexOf('utm_expid') > -1) {
history.replaceState('page', 'Title', '/')
}
I recommend you to place it at the end of the body.
If you wanted a clean URL (as you do for branding and manual sharing purposes), I'd script it so that you load a full page iFrame which loads the gA test queried URL. That way the user see s the clean URL in the address bar and still see the experiment.
You could use PHP to set up your index page (or any server side, or even client side script).
Is it as easy as $ENV{'HTTP_REFERER'}? or is there something else that I need to do?
Example:
My Site: sample.php
Calling Site w/iFrame: somesite.com
I want sample.php when it loads to be able to use "somesite.com" for input as a variable.
There is no difference between an inline frame and a normal page. And loading an inline frame initially with src will send the HTTP referer.
First of all, your page must not depend on the Referer being present nor correct : it is an information that is sent by the browser, and can either :
be disabled (some firewall/antivirus remove that information, for instance -- or did sometime ago)
or be altered / faked (if you search a bit, there must be some firefox extension that allow you to fake this pretty easily, for instance)
For more informations, see, for instance :
Determining Referer in PHP
How do you get the ‘referer’ header in PHP?
These posts both "agree" with me ^^
Now, you can enventually use it to add some feature ; but you must not rely on it for your website to work ;-)
For a truly reliable way to access the parent URL, you can add a GET parameter to the iframe src containing the parent URL when you embed it. You can use Javascript to add this automatically along with the embed.
Here's an example that embeds the iframe at the end of the <body> tag:
var iframe = document.createElement('iframe');
iframe.src = '/sample.php?parent=' + window.location;
document.body.appendChild(iframe);
You can then access the parent URL reliably from PHP with:
$parent_url = $_GET['parent'];
As Pascal MARTIN mentioned, you shouldn't trust the Referer value absolutely.
Expanding on Gumbo's answer: since the Referer is transmitted as a header within an HTTP Request retrieving it within a script loaded in an <iframe> is exactly the same as retrieving it for any other script.
When the browser requests the page specified by the src attribute in the <iframe> it will submit an HTTP request like that for any other resource and will include the Referer header value.
The value of the Referer header will contain the URL of the page hosting the <iframe>. So if you had a PHP script named page-with-iframe.php and it contained <iframe src="sample.php" /> the HTTP request for sample.php might look something like:
GET /sample.php HTTP/1.1
Host: somesite.com
...
Referer: http://somesite.com/page-with-iframe.php
In sample.php you would use $ENV{'HTTP_REFERER'} to retrieve the value and from there you can parse out the hotname somesite.com.