Solved

identify when a url changes

Posted on 2013-11-22
8
198 Views
Last Modified: 2013-11-23
I load a login web page: https://docmein.com/app/page/12801944916418372/login into a frame. I do not have programming rights of this page. When a user successfully logs in, the page changes to: https://docmein.com/app/page/12801944916418372/secure/home. I would like to identify when the page changes so I can then load instructions in other frames. Is there a way to identify the new page? TIA
0
Comment
Question by:thenelson
  • 3
  • 3
  • 2
8 Comments
 
LVL 16

Expert Comment

by:HagayMandel
ID: 39669037
If you do have programming rights on the second page (the one to which the loggedin user is directed to), then, you can check which page is the referer:
if ($_SERVER['HTTP_REFERER'] == "https://docmein.com/app/page/12801944916418372/secure/doLogin"){
  // Show (redirect to) the instructions page
}

Open in new window

0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 39669364
What Hagay suggested should be fine as long as the page is from the same domain as the parent page.

If the loaded page is from another domain, then you cannot use javascript to reference the internals, because it would be a security violation (cross-domain scripting).

Cd&
0
 
LVL 39

Author Comment

by:thenelson
ID: 39670243
I do not have programming rights on the second page and the page is not the same domain as the parent page.
0
 
LVL 16

Assisted Solution

by:HagayMandel
HagayMandel earned 250 total points
ID: 39670276
In that case, you can't.
Any trick to bypass this obstacle requires knowledge of what privileges you do have. For example can you manipulate the .htaccess file? if so, you can force all traffic through a filtering page that checks, the referrer or the existence of a certain cookie and redirect the user accordingly.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 53

Accepted Solution

by:
COBOLdinosaur earned 250 total points
ID: 39670594
If you are accessing a page that belongs to someone else the correct approach is to contact them and see if they have an API you can use, or work out a protocol you can use for access server side, and return the result from your own server.  

Trying to do what you want without the permission of the owner of the target page could be viewed as an attack, and in some jurisdiction might result in legal action.

Cd&
0
 
LVL 39

Author Comment

by:thenelson
ID: 39671889
So there is no way to determine what page is being viewed in an iframe in a cross domain situation?

The reason I am try to do this is the website docmein.com is poorly designed so our patients are confused on how to accomplish what they need to do. For example, assume you want to schedule a new appointment and cancel an old appointment, what would you do at the page: https://docmein.com/app/page/12801944916418372.  I have explained this to my contact at docmein.com and made suggestions but got no response. So my next best solution is to provide instructions alongside the web page loaded in an iframe.
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 39672038
If the owner of the target page is not willing to co-operate, then the best you can do is give instructions on how to fill out the form.  Generally a badly designed form lives a long time because instead of complaining people just find another place to do business; and site owners don't respond unless they get as lot of complaints because they think everything is just fine "the way they have always done it".

Sorry I don't have any real solution.

Cd&
0
 
LVL 39

Author Closing Comment

by:thenelson
ID: 39672113
Oh well, not the answer I wanted but....
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Find out what you should include to make the best professional email signature for your organization.
In this tutorial viewers will learn how to style transparent/translucent elements using alpha transparency in CSS Start with a normal styled element, such as a div.: Define its "background-color" property as "rgba (255, 255, 255, .5): The numbers in…
In this tutorial viewers will learn how to code links for mobile sites that, once clicked, send a call or text to a specified number. For a telephone link (once clicked, calls a number), begin with a normal "<a href=" link tag. For the href, specify…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now