Link to home
Create AccountLog in
Avatar of Ashraf Hassanein
Ashraf Hassanein

asked on

PHP session status change the content of another frame

I have my index page a frameset as follow:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
   "http://www.w3.org/TR/html4/frameset.dtd">
<HTML>
<HEAD>

</HEAD>
<FRAMESET cols="10%, 90%">
  <FRAMESET rows="10%, "90%">
      <FRAME name="status" id="status" src="no-status.html" scrolling="no" noresize="noresize" frameborder="0">
      <FRAME  name="menu" id="menu" src="no-menu.html"  scrolling="no" noresize="noresize" frameborder="0">
  </FRAMESET>
  <FRAMESET rows="20%, "80%">
      <FRAME name="logo" id="logo" src="logo.php"  scrolling="no" noresize="noresize" frameborder="0">
      <FRAME  name="main" id="main" src="login.php"  scrolling="yes" noresize="noresize" frameborder="0">
  </FRAMESET>
  <NOFRAMES>
      Sorry, your browser does not handle frames!
  </NOFRAMES>
</FRAMESET>
</HTML>

Open in new window


In the "main" frame I run a login php page which logs the user in.
I understood from the php documentation that once a user is logging in and execute session_start() a user session is created which can keep on going.
Now in the other frames I want to change the content of these frames once the user is logged in, I am able to do this by keeping the the username once he logged in  a special  table in the postgres db and create different pages for the other frames once the user is logged in, but that is a bit too much data transfer to keep reloading new pages for every user who logs in, plus with much pages to be created graphics won't be rendered identically.
  I want instead to create one page for every frame which has everything these are only shown once the user is logged in, for example, I have the page below, where it includes a banner and a menu, and I want to show the menu only if the user is logged, how can I do this?
Here is the page:

<?php

?>
<html>
    <head>
        <link rel="stylesheet" href="css/jquery.ui.all.css">
        <link rel="stylesheet" href="css/ribbon.css">
        <link rel="stylesheet" href="css/demos.css">
        <style>
           #toolbar {
                        padding: 4px;
                        background: #FFFFFF;
                        display: inline-block;
                }
                /* support: IE7 */
            *+html #toolbar {
                        display: inline;
                }
            .ui-menu {
                      width: 150px;
                      background: #FFFFFF;
                     }
        </style>
        <meta charset="utf-8">
                <script src="js/jquery-1.10.1.min.js"></script>
                <script src="js/jquery-ui-1.10.3.custom.min.js"></script>
                <script>
                 $(function() {
                  $( "#logout" ).button({
                   text: false,
                   icons: {
                     primary: "ui-icon-key"
                     }
                    });
                   $( "#settings" ).button({
                   text: false,
                   icons: {
                     primary: "ui-icon-gear",
                     secondary: "ui-icon-triangle-1-s"
                     }
                     })
                     .click(function() {
                      var menu = $( this ).parent().next().show().position({
                      my: "left top",
                      at: "left bottom",
                      of: this
                      });
                      $( document ).on( "click", function() {
                      menu.hide();
                      });
                      return false;
                      })
                      .parent()
                        .buttonset()
                          .next()
                           .hide()
                           .menu();
                      $("menu").mouseout( function(){
                        $("menu").hide();
                      });
                 });
                </script>



 </head>
 <body bgcolor="white">
<div id="header">
<div class="ribbon"><div class="ribbon-stitches-top"></div>
<strong class="ribbon-content">Welcome</strong>
<div class="ribbon-stitches-bottom"></div></div>
<div id="menu"  style="text-align: right">
<div id="toolbar" class="ui-widget-header ui-corner-all">
<button id="logout">Logout</button>
<button id="settings">Settings</button>
</div>
  <ul id="menu" >
    <li><a href="#">Open...</a></li>
    <li><a href="#">Save</a></li>
    <li><a href="#">Delete</a></li>
  </ul>
</div>
</div>
 </body>
</html>

Open in new window


I want also to make sure that these pages if they are requested directly from outside the frame without a user is logged he will see only the banner (even if I have more users already logged and they are seeing the full page within the frame) in other words I want to protect this page based on a user has logged or not, how can I do so?
I believe I wrote too much which made it very complicated sorry for that :-(
SOLUTION
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of Ashraf Hassanein
Ashraf Hassanein

ASKER

Thank you all for your help that has helped alot, but my question was more about to hide or show some part of a page in a different frame based on either ther user is logged in, typically in my case hiding or show jquery elements, I want to do that in a way that page if it called with no login the hacker would not see that there is a script to enable these elements using ajax can be easily edited.
The login is on the server though and that means that you need to start it in PHP on the server.  You can't do this just in javascript / jquery.  You can use AJAX to talk to the server though to get the login status.
Hi David I agree that the login must be done in PHP, and I can not use javascript, but my main question is the jquery menu which resides in adifferent frame how to make it hiding or displaying based on the login status in a way which can not be hacked, and also automatically reloaded once the use logs in, if the user is logging in using different different form how to force this page to reload?
Hi Ray I read your articles but one piece of the codes are not clear to which is here:
// DEFINE THE ACCESS CONTROL FUNCTION
function access_control($test=FALSE)
{
    // REMEMBER HOW WE GOT HERE
    $_SESSION["entry_uri"] = $_SERVER["REQUEST_URI"];

    // IF THE UID IS SET, WE ARE LOGGED IN
    if (isset($_SESSION["uid"])) return $_SESSION["uid"];

    // IF WE ARE NOT LOGGED IN - RESPOND TO THE TEST REQUEST
    if ($test) return FALSE;

    // IF THIS IS NOT A TEST, REDIRECT TO CALL FOR A LOGIN
    header("Location: RAY_EE_login.php");
    exit;
}

Open in new window


   I can see that you have passed already the variable $test=False to function in the begining
 and then later you are checking if it is set to true or not, but I do not see at which step of the code this is might have to changed to true, can you please  explain it to me?
  I also assume that the UID is any identifier I send to the session array which can be the username correct?

Furthermore you said that the
session_start()

Open in new window

has to be placed at the top of every page, in the first login form I execute this command after checking the $_POST['username'],$_POST['password'],$_POST['captcha'], and if they are valid I fire the command, of course before firing it I do not print anything to html, the reason I am not using it at the top of the page, is that I do not want to flood the memory with garbage of invalie access trials, is that a valid argument?

However my main question still there how to force a page in a different to reload showing some extra contents in a different frame based on the logining action?
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
I can see here you called the session_start in the html making the frame but these should be visible for everyone until a user enters his credentials the contrnts of the frames change so do we still need to call the session start here?
That's a really loaded question with about a bachelor's degree of deep background information required to give a thorough answer.  So I'm going to take the easy way out.

Rule: Always start the session on every page right at the top every time without any conditions or exceptions.
If you make any exceptions to this rule you will find that your scripts may behave unpredictably with run-time failures.  I can't begin to tell you how many scripts I've had to debug because the author embedded the session_start() function inside an if() control structure.  There is no measurable performance penalty for starting the PHP session.
Thak you so much for your help I will read the article.
Good luck with it, and I think you may find that the iFrame concept is not as useful as the <div> and jQuery.  It will depend to some degree on the nature of the application, of course, but I see lots of jQuery and <div> work these days and less iFrame.
Woow Ray you jsut opened to me a new challenge, using Div instead of frames but that is another question I will open, for now when I added <? session_start(); ?> at the start of all my files I am getting errors:

A session had already been started - ignoring session_start()

Open in new window


I searched in the internet and I found that we need to replace it with :

if(!isset($_SESSION)){
    session_start();
}

Open in new window


What do you think?
If you're getting a message about the session already started, there is more code somewhere that is using the session_start() function.  Your if() statement looks OK, but there is an inherent issue with the PHP session.  You can access the $_SESSION array without starting the session!  It's idiotic, but that's just a fact of life.  So I would look into the code base and determine where the session gets started, and make sure it's done on every page.  Then you will be able to trust $_SESSION.
Ok Ray, I know it is a very long question, and consuming too much of your time, but I am extremely sorry I am really lost, now I will be more specific in my question as I am jumping from one point to another.
My question in short:
What is the php command which forces a different frame to reload or refresh its content?
To explain it more (I hope I am not confusing you):
First my index page is normal frames, changing it to iframe or div is not an option for me for the moment as it requires a lot of work.
Now:
1- Have created a an Ajax in logo.php (logo frame) where it checks if there is a session or not depending on this it will show or hide different element.
2- I have in the login.php which is located (main frame) where the user enters his credentials, and that is sent to a back end server side php script this script has check to user  and create the session once the session is created it has to trigger the logo frame to reload its content so the Ajax is executed.

I can reload or forward to a different page in the same frame using the header command.
I have been through the articles and searched the internet, and I found only speaking about using the header command with window-target, so here the php script which is triggering the reload of the php pages (It does not work):
 <?php
   session_start();
   header('Window-target: header');
   header('Location: header.php');
   header('Window-target: status');
   header('Location: status.php');
?>

Open in new window


I tried as well:

<?php
   session_start();
//   print_r($_SESSION);
//   echo $_SESSION['username'];
//   header('Window-target: _header');
   header('Location: header.php; target: header');
//   header('Window-target: _status');
   header('Location: status.php; target: status');
?>

Open in new window


My Frame file is:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
   "http://www.w3.org/TR/html4/frameset.dtd">
<HTML>
<HEAD>
</HEAD>
<FRAMESET cols="10%, 90%">
  <FRAMESET rows="10%, "90%">
      <FRAME name="status" id="status" src="status.php" scrolling="no" noresize="noresize" frameborder="0" target="status" >
      <FRAME  name="menu" id="menu" src="menu.php"  scrolling="no" noresize="noresize" frameborder="0" target="menu" >
  </FRAMESET>
  <FRAMESET rows="20%, "80%">
      <FRAME name="header" id="header" src="header.php"  scrolling="no" noresize="noresize" frameborder="0" target="header">
      <FRAME  name="main" id="main" src="login.php"  scrolling="yes" noresize="noresize" frameborder="0" traget="main">
  </FRAMESET>
  <NOFRAMES>
      Sorry, your browser does not handle frames!
  </NOFRAMES>
</FRAMESET>
</HTML>

Open in new window

 So the question which I am looking really for an answer is:
What is the php command which forces a different frame to reload or refresh its content?
Again sorry for all this disturbance.
Sorry, I'm just not getting it.  I'll sign off now.  Maybe one of the other Experts can help.
Sorry Ray for confusing you, but My question why the command
 
header (location: satus.php; target: status); 

Open in new window

does not cause the reload of the status.php in the status frame?
Hi Ray, I know now where is my mistake thanks for your help.
Experts were extremely helpful and patient
Thanks for the points, and best of luck with your project, ~Ray