php check open through iframe - php

I want to check using php if the current page is called by an iframe and not directly in the browser.
It's a page that gets some $_POST parameters while the sending form's target is an iframe, so the page will display in an iframe.
I want to check that using PHP, How?
Thanks.

You can't. PHP runs serverside. It is for all intents and purposes the same thing as the webserver -- it sees HTTP requests and returns responses. An iframe is a clientside mechanism implemented by the browser that simply allows you to display 2 or more html pages (the response payload).

You can use the SERVER HTTP_REFERER
$_SERVER['HTTP_REFERER'];

Related

Where is header('location:url') redirect takes place?

If I have the following code, the browser will take this to the specified location.
<script>window.location = "https://google.com";</script>
But what happens when header('location:$url'); is used. Does the browser receive the headers and makes the redirection from client side ?
It depends on how and when you want to redirect the user to another page.
If you want to instantly redirect a user to another page without him seeing anything of a site in between, you should use the PHP header redirect method.
If you have a Javascript and some action of the user has to result in him entering another page, that is when you should use window.location.
The meta tag refresh is often used on download sites whenever you see these "Your download should start automatically" messages. You can let the user load a page, wait for a certain amount of time, then redirect him (e.g. to a to-be-downloaded file) without Javascript.
The browser will process the header redirect right away, whereas the Javascript redirect will not be executed until the page has loaded (or at least enough of it to run the Javascript). Also, it will be the Javascript engine executing the redirect instead of the browser itself.
Doing it via the header will perform better. (slightly anyway...)
<script>window.location = "https://google.com";</script>
This is how a user is redirected to a site using JS. This is done on client side.
header is a function in PHP, you can redirect user based on your logic from server side to a new url.
When you put this code into your code
<script>window.location = "https://google.com";</script>
It will being send to client's browser, then when the DOM was fully loaded it will being executed by browser and redirect to google.com
But when you put header('location:$url'); to your php code. The server will send 302 Response to redirect client browser to the new URL directly without being executed by javascript..

How to get the content of another page without loading in browser

Context:
There is an asp page in another web site that contains a search form. After submitting this form with the search value, the page displays the results of the search in an iframe.
Question:
I want to use the returned result in my page without loading that page in browser. I have got permission from the other web site administrator. I know php and jQuery. How should I proceed?
Example:
abcd.asp contains a form which contains <input name="regno"/> and a submit button. The form submits to itself and results Name, date of birth and Marks is returned in table format in an iframe.
Notes:
I have a page with same <input> and upon submitting it will use the above asp page and get details and display it in my page.
Easiest way:
Use jQuery to submit your page via AJAX to a local PHP file.
When the local PHP file gets the request, do a curl post request to your remote page and fetch the results.
Return these results in your local PHP script so that these will be available to your AJAX request
Your ajax request now has the remote contents, so just use jQuery to push them into the document.
You should use AJAX to perform this task. It loads a particular section of data without reloading a page. More info about what is ajax is here
Your best option is to use jQuery's ajax method. To make this work with different domains you need to enable crossdomain support. This is very easy in jQuery:
$.support.cors = true; // enable cross domain support
Now you can make a request to another domain. Of course the server on that domain must also accept cross-domain requests. ;)
Option 1 - HTTP GET & JSONP
As Twisted1919 pointed out you have to use jsonp if you want to make a HTTP GET request. If you're not familiar with jsonp It requires a bit of reading to understand the concept. But there is excellent support for this in jQuery (as described in jQuery.ajax()).
Option 2 - HTTP POST
If you're using http post to make your request you can simply use jQuery.post() for this. With cros domain enabled an the server accepting your request this should work out of the box.

Block direct access to PHP file except from AJAX request?

I wish to have a webpage that uses AJAX to access a PHP file in ./ajax/file.ajax.php
Trouble is, I don't want people to be able to type the address in their browser to access that PHP file directly.
Is there a way I can make it so that only AJAX requests can access the file?
Is there something I can check for in the PHP file to achieve this?
If you're using jQuery to make the XHR, it will set a custom header X-Requested-With. You can check for that and determine how to serve your response.
$isXhr = isset($_SERVER["HTTP_X_REQUESTED_WITH"])
AND strotlower($_SERVER["HTTP_X_REQUESTED_WITH"]) == "xmlhttprequest";
However, this is trivial to spoof. In the past, I've used this to decide whether to render a whole page (if not set) or a page fragment (if set, to be injected into current page).
If you're not using jQuery or you are not interested/you can't use custom headers (to go with what alex has offered), you may just simple POST some data with your Ajax request, and in that specific file check if that data has sent or not. If you send by GET it would be visible on the address bar, that's why I suggest POST.
<?php
if (empty($_POST['valid_ajax']))
header('Location: /');
?>
It's not solid as you can fool that with providing handmade data, however that's better than nothing if your problem is not that critical.

PHP Ajax return source

I've got the following problem, I send some value from jQuery to PHP via AJAX. My PHP script receives those value, and I would like that this script prints values in iframe in my www site. But instead, the script response contains all its source code to AJAX as response to the alert message. Does anybody know how can I stop returning code to AJAX and execute it by returning the values to be used in my iframe?
EDIT:
further details: the problem is that my application has got two iframes from different servers, and I need to send values from one iframe to another. Because of cross domain restrictions, I cant do this via JS directly, so I figured out to send values via AJAX from one iframe to PHP on first server and PHP from first server to PHP on another server which is in iframe on my main page, and then show the data. so I must use AJAX to send it.
You can't. PHP doesn't know about the iframe.
You are, presumably, using XHR to make the request, therefore XHR will receive the response.
If you want to load a document into an iframe, then load a document into the iframe (e.g. by setting its src to the URI for the document), don't play around with Ajax.

Can you post data from PHP

I need to cause a user's browser to post data using PHP to another site.
Example: You go to start.com/auto-login-hack (via GET)... then PHP sets the right headers etc. and causes the browser to, via POST, go to 3rdparty.com/login.php with login credentials.
I have done this is the past by having an HTML form and an onload script that submits the form to the destination.
I don't know enough about headers and etc. Is this possible? Can anyone link an example? My search skills just turned up how to use $_POST.
Thanks.
Yes, you can submit POST requests from PHP.
One of your choices is to use curl as shown in this SO question.
However, you cannot do redirects.
You cannot redirect to a POST; this is a limitation of HTTP. You'd have to use JavaScript to cause the browser to post a form.

Categories