Solved

PHP session status change the content of another frame

Posted on 2013-12-27
20
795 Views
Last Modified: 2013-12-30
I have my index page a frameset as follow:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
   "http://www.w3.org/TR/html4/frameset.dtd">
<HTML>
<HEAD>

</HEAD>
<FRAMESET cols="10%, 90%">
  <FRAMESET rows="10%, "90%">
      <FRAME name="status" id="status" src="no-status.html" scrolling="no" noresize="noresize" frameborder="0">
      <FRAME  name="menu" id="menu" src="no-menu.html"  scrolling="no" noresize="noresize" frameborder="0">
  </FRAMESET>
  <FRAMESET rows="20%, "80%">
      <FRAME name="logo" id="logo" src="logo.php"  scrolling="no" noresize="noresize" frameborder="0">
      <FRAME  name="main" id="main" src="login.php"  scrolling="yes" noresize="noresize" frameborder="0">
  </FRAMESET>
  <NOFRAMES>
      Sorry, your browser does not handle frames!
  </NOFRAMES>
</FRAMESET>
</HTML>

Open in new window


In the "main" frame I run a login php page which logs the user in.
I understood from the php documentation that once a user is logging in and execute session_start() a user session is created which can keep on going.
Now in the other frames I want to change the content of these frames once the user is logged in, I am able to do this by keeping the the username once he logged in  a special  table in the postgres db and create different pages for the other frames once the user is logged in, but that is a bit too much data transfer to keep reloading new pages for every user who logs in, plus with much pages to be created graphics won't be rendered identically.
  I want instead to create one page for every frame which has everything these are only shown once the user is logged in, for example, I have the page below, where it includes a banner and a menu, and I want to show the menu only if the user is logged, how can I do this?
Here is the page:

<?php

?>
<html>
    <head>
        <link rel="stylesheet" href="css/jquery.ui.all.css">
        <link rel="stylesheet" href="css/ribbon.css">
        <link rel="stylesheet" href="css/demos.css">
        <style>
           #toolbar {
                        padding: 4px;
                        background: #FFFFFF;
                        display: inline-block;
                }
                /* support: IE7 */
            *+html #toolbar {
                        display: inline;
                }
            .ui-menu {
                      width: 150px;
                      background: #FFFFFF;
                     }
        </style>
        <meta charset="utf-8">
                <script src="js/jquery-1.10.1.min.js"></script>
                <script src="js/jquery-ui-1.10.3.custom.min.js"></script>
                <script>
                 $(function() {
                  $( "#logout" ).button({
                   text: false,
                   icons: {
                     primary: "ui-icon-key"
                     }
                    });
                   $( "#settings" ).button({
                   text: false,
                   icons: {
                     primary: "ui-icon-gear",
                     secondary: "ui-icon-triangle-1-s"
                     }
                     })
                     .click(function() {
                      var menu = $( this ).parent().next().show().position({
                      my: "left top",
                      at: "left bottom",
                      of: this
                      });
                      $( document ).on( "click", function() {
                      menu.hide();
                      });
                      return false;
                      })
                      .parent()
                        .buttonset()
                          .next()
                           .hide()
                           .menu();
                      $("menu").mouseout( function(){
                        $("menu").hide();
                      });
                 });
                </script>



 </head>
 <body bgcolor="white">
<div id="header">
<div class="ribbon"><div class="ribbon-stitches-top"></div>
<strong class="ribbon-content">Welcome</strong>
<div class="ribbon-stitches-bottom"></div></div>
<div id="menu"  style="text-align: right">
<div id="toolbar" class="ui-widget-header ui-corner-all">
<button id="logout">Logout</button>
<button id="settings">Settings</button>
</div>
  <ul id="menu" >
    <li><a href="#">Open...</a></li>
    <li><a href="#">Save</a></li>
    <li><a href="#">Delete</a></li>
  </ul>
</div>
</div>
 </body>
</html>

Open in new window


I want also to make sure that these pages if they are requested directly from outside the frame without a user is logged he will see only the banner (even if I have more users already logged and they are seeing the full page within the frame) in other words I want to protect this page based on a user has logged or not, how can I do so?
I believe I wrote too much which made it very complicated sorry for that :-(
0
Comment
Question by:Ashraf Hassanein
  • 10
  • 7
  • 2
20 Comments
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 100 total points
ID: 39743036
Every page needs to have session_start() at the top of the page so that you can identify the particular user.  The login page should set the Session-cookie and some $_SESSION variables that you can use in the other page.   When you refresh the page in the other frame (which also has session_start()), you will be able to tell if that person is logged in by checking the $_SESSION variables that you set on the login page.

There are some details to be worked out but that is basically what you need to do.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39743045
0
 

Author Comment

by:Ashraf Hassanein
ID: 39743075
Thank you all for your help that has helped alot, but my question was more about to hide or show some part of a page in a different frame based on either ther user is logged in, typically in my case hiding or show jquery elements, I want to do that in a way that page if it called with no login the hacker would not see that there is a script to enable these elements using ajax can be easily edited.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 39743094
The login is on the server though and that means that you need to start it in PHP on the server.  You can't do this just in javascript / jquery.  You can use AJAX to talk to the server though to get the login status.
0
 

Author Comment

by:Ashraf Hassanein
ID: 39743195
Hi David I agree that the login must be done in PHP, and I can not use javascript, but my main question is the jquery menu which resides in adifferent frame how to make it hiding or displaying based on the login status in a way which can not be hacked, and also automatically reloaded once the use logs in, if the user is logging in using different different form how to force this page to reload?
0
 

Author Comment

by:Ashraf Hassanein
ID: 39743216
Hi Ray I read your articles but one piece of the codes are not clear to which is here:
// DEFINE THE ACCESS CONTROL FUNCTION
function access_control($test=FALSE)
{
    // REMEMBER HOW WE GOT HERE
    $_SESSION["entry_uri"] = $_SERVER["REQUEST_URI"];

    // IF THE UID IS SET, WE ARE LOGGED IN
    if (isset($_SESSION["uid"])) return $_SESSION["uid"];

    // IF WE ARE NOT LOGGED IN - RESPOND TO THE TEST REQUEST
    if ($test) return FALSE;

    // IF THIS IS NOT A TEST, REDIRECT TO CALL FOR A LOGIN
    header("Location: RAY_EE_login.php");
    exit;
}

Open in new window


   I can see that you have passed already the variable $test=False to function in the begining
 and then later you are checking if it is set to true or not, but I do not see at which step of the code this is might have to changed to true, can you please  explain it to me?
  I also assume that the UID is any identifier I send to the session array which can be the username correct?

Furthermore you said that the
session_start()

Open in new window

has to be placed at the top of every page, in the first login form I execute this command after checking the $_POST['username'],$_POST['password'],$_POST['captcha'], and if they are valid I fire the command, of course before firing it I do not print anything to html, the reason I am not using it at the top of the page, is that I do not want to flood the memory with garbage of invalie access trials, is that a valid argument?

However my main question still there how to force a page in a different to reload showing some extra contents in a different frame based on the logining action?
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 400 total points
ID: 39743587
I'm not sure I completely understand the question, but I think some of the issues may exist in the nature of the Client/Server relationship.

Clients make requests and servers make responses.  Without a request there cannot be a response.  You can think of each iFrame as its own browser, capable of making a request and receiving a response.  Once the response is made and sent to the browser the server "goes back to sleep" and waits for the next request.

If a browser running in any given iFrame makes a request including a login, the PHP session settings can be adjusted to show that the login has occurred.  But the information on the browser screen for the other iFrame(s) will not change until a request is made by the other iFrames.  If you want a contemporaneous change, you probably will need to use jQuery/AJAX to reload a <div>.  This would need to be part of the same browser window.

You can see something of how the iFrames relate here.  There are two scripts involved.
http://www.laprbass.com/RAY_iframe.html

HTML script to define the iFrames:
<?php // RAY_iframe.html
error_reporting(E_ALL);
session_start();
?>

<a target="frame_number_one" href="/RAY_iframe.php?n=1">SET FRAME ONE</a><br/>
<a target="frame_number_one" href="/RAY_iframe.php">CLEAR FRAME ONE</a><br/>
<br/>
<a target="frame_number_two" href="/RAY_iframe.php?n=2">SET FRAME TWO</a><br/>
<a target="frame_number_two" href="/RAY_iframe.php">CLEAR FRAME TWO</a><br/>


<!-- PUT UP SOME HTML TO DEFINE THE IFRAMES -->
<iframe name="frame_number_one" src="/RAY_iframe.php">one</iframe>
<br clear="all" />
<iframe name="frame_number_two" src="/RAY_iframe.php">two</iframe>
<br clear="all" />

<!-- SHOW THE PHP SCRIPT THAT RUNS THE IFRAMES -->
<a href="/RAY_iframe.php?n=3">CLICK HERE TO SEE THE IFRAME SOURCE CODE</a>

Open in new window

PHP script to load data into the iFrames:
<?php // RAY_iframe.php
error_reporting(E_ALL);

// ALWAYS START THE SESSION ON EVERY PAGE
session_start();

// BUMP THE COUNTER UP BY ONE
if (!isset($_SESSION["kounter"])) $_SESSION["kounter"] = 0;
$_SESSION["kounter"]++;

if (empty($_GET['n']))
{
    echo "NO IFRAME NUMBER SELECTED<br/>";
    echo "THE SESSION COUNTER IS {$_SESSION["kounter"]}<br/>";
    echo "THE REFERRER IS {$_SERVER["HTTP_REFERER"]}<br/>";
    die();
}

// WRITE SOME HTML INTO THE FRAMES
if ($_GET['n'] == '1')
{
    echo "SELECTED IFRAME NUMBER ONE<br/>";
    echo "THE SESSION COUNTER IS {$_SESSION["kounter"]}<br/>";
    echo "THE REFERRER IS {$_SERVER["HTTP_REFERER"]}<br/>";
    die();
}

if ($_GET['n'] == '2')
{
    echo "SELECTED IFRAME NUMBER TWO<br/>";
    echo "THE SESSION COUNTER IS {$_SESSION["kounter"]}<br/>";
    echo "THE REFERRER IS {$_SERVER["HTTP_REFERER"]}<br/>";
    die();
}

// SHOW THE SOURCE CODE FOR THIS SCRIPT
if ($_GET['n'] == '3')
{
    highlight_file(__FILE__);
    die();
}

Open in new window

An article showing how you can use jQuery/AJAX to reload a <div> is available here:
http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Jquery/A_10712-The-Hello-World-Exercise-with-jQuery-and-PHP.html

Best regards, ~Ray
0
 

Author Comment

by:Ashraf Hassanein
ID: 39743653
I can see here you called the session_start in the html making the frame but these should be visible for everyone until a user enters his credentials the contrnts of the frames change so do we still need to call the session start here?
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39743678
That's a really loaded question with about a bachelor's degree of deep background information required to give a thorough answer.  So I'm going to take the easy way out.

Rule: Always start the session on every page right at the top every time without any conditions or exceptions.
If you make any exceptions to this rule you will find that your scripts may behave unpredictably with run-time failures.  I can't begin to tell you how many scripts I've had to debug because the author embedded the session_start() function inside an if() control structure.  There is no measurable performance penalty for starting the PHP session.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:Ashraf Hassanein
ID: 39743704
Thak you so much for your help I will read the article.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39743736
Good luck with it, and I think you may find that the iFrame concept is not as useful as the <div> and jQuery.  It will depend to some degree on the nature of the application, of course, but I see lots of jQuery and <div> work these days and less iFrame.
0
 

Author Comment

by:Ashraf Hassanein
ID: 39744779
Woow Ray you jsut opened to me a new challenge, using Div instead of frames but that is another question I will open, for now when I added <? session_start(); ?> at the start of all my files I am getting errors:

A session had already been started - ignoring session_start()

Open in new window


I searched in the internet and I found that we need to replace it with :

if(!isset($_SESSION)){
    session_start();
}

Open in new window


What do you think?
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39744947
If you're getting a message about the session already started, there is more code somewhere that is using the session_start() function.  Your if() statement looks OK, but there is an inherent issue with the PHP session.  You can access the $_SESSION array without starting the session!  It's idiotic, but that's just a fact of life.  So I would look into the code base and determine where the session gets started, and make sure it's done on every page.  Then you will be able to trust $_SESSION.
0
 

Author Comment

by:Ashraf Hassanein
ID: 39745071
Ok Ray, I know it is a very long question, and consuming too much of your time, but I am extremely sorry I am really lost, now I will be more specific in my question as I am jumping from one point to another.
My question in short:
What is the php command which forces a different frame to reload or refresh its content?
To explain it more (I hope I am not confusing you):
First my index page is normal frames, changing it to iframe or div is not an option for me for the moment as it requires a lot of work.
Now:
1- Have created a an Ajax in logo.php (logo frame) where it checks if there is a session or not depending on this it will show or hide different element.
2- I have in the login.php which is located (main frame) where the user enters his credentials, and that is sent to a back end server side php script this script has check to user  and create the session once the session is created it has to trigger the logo frame to reload its content so the Ajax is executed.

I can reload or forward to a different page in the same frame using the header command.
I have been through the articles and searched the internet, and I found only speaking about using the header command with window-target, so here the php script which is triggering the reload of the php pages (It does not work):
 <?php
   session_start();
   header('Window-target: header');
   header('Location: header.php');
   header('Window-target: status');
   header('Location: status.php');
?>

Open in new window


I tried as well:

<?php
   session_start();
//   print_r($_SESSION);
//   echo $_SESSION['username'];
//   header('Window-target: _header');
   header('Location: header.php; target: header');
//   header('Window-target: _status');
   header('Location: status.php; target: status');
?>

Open in new window


My Frame file is:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
   "http://www.w3.org/TR/html4/frameset.dtd">
<HTML>
<HEAD>
</HEAD>
<FRAMESET cols="10%, 90%">
  <FRAMESET rows="10%, "90%">
      <FRAME name="status" id="status" src="status.php" scrolling="no" noresize="noresize" frameborder="0" target="status" >
      <FRAME  name="menu" id="menu" src="menu.php"  scrolling="no" noresize="noresize" frameborder="0" target="menu" >
  </FRAMESET>
  <FRAMESET rows="20%, "80%">
      <FRAME name="header" id="header" src="header.php"  scrolling="no" noresize="noresize" frameborder="0" target="header">
      <FRAME  name="main" id="main" src="login.php"  scrolling="yes" noresize="noresize" frameborder="0" traget="main">
  </FRAMESET>
  <NOFRAMES>
      Sorry, your browser does not handle frames!
  </NOFRAMES>
</FRAMESET>
</HTML>

Open in new window

 So the question which I am looking really for an answer is:
What is the php command which forces a different frame to reload or refresh its content?
Again sorry for all this disturbance.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39745348
Sorry, I'm just not getting it.  I'll sign off now.  Maybe one of the other Experts can help.
0
 

Author Comment

by:Ashraf Hassanein
ID: 39745397
Sorry Ray for confusing you, but My question why the command
 
header (location: satus.php; target: status); 

Open in new window

does not cause the reload of the status.php in the status frame?
0
 

Author Comment

by:Ashraf Hassanein
ID: 39746810
Hi Ray, I know now where is my mistake thanks for your help.
0
 

Author Closing Comment

by:Ashraf Hassanein
ID: 39746812
Experts were extremely helpful and patient
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39746831
Thanks for the points, and best of luck with your project, ~Ray
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

How to build a simple, quick and effective accordion menu using just 15 lines of jQuery and 2 css classes
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now