PHP session status change the content of another frame

I have my index page a frameset as follow:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
   "http://www.w3.org/TR/html4/frameset.dtd">
<HTML>
<HEAD>

</HEAD>
<FRAMESET cols="10%, 90%">
  <FRAMESET rows="10%, "90%">
      <FRAME name="status" id="status" src="no-status.html" scrolling="no" noresize="noresize" frameborder="0">
      <FRAME  name="menu" id="menu" src="no-menu.html"  scrolling="no" noresize="noresize" frameborder="0">
  </FRAMESET>
  <FRAMESET rows="20%, "80%">
      <FRAME name="logo" id="logo" src="logo.php"  scrolling="no" noresize="noresize" frameborder="0">
      <FRAME  name="main" id="main" src="login.php"  scrolling="yes" noresize="noresize" frameborder="0">
  </FRAMESET>
  <NOFRAMES>
      Sorry, your browser does not handle frames!
  </NOFRAMES>
</FRAMESET>
</HTML>

Open in new window


In the "main" frame I run a login php page which logs the user in.
I understood from the php documentation that once a user is logging in and execute session_start() a user session is created which can keep on going.
Now in the other frames I want to change the content of these frames once the user is logged in, I am able to do this by keeping the the username once he logged in  a special  table in the postgres db and create different pages for the other frames once the user is logged in, but that is a bit too much data transfer to keep reloading new pages for every user who logs in, plus with much pages to be created graphics won't be rendered identically.
  I want instead to create one page for every frame which has everything these are only shown once the user is logged in, for example, I have the page below, where it includes a banner and a menu, and I want to show the menu only if the user is logged, how can I do this?
Here is the page:

<?php

?>
<html>
    <head>
        <link rel="stylesheet" href="css/jquery.ui.all.css">
        <link rel="stylesheet" href="css/ribbon.css">
        <link rel="stylesheet" href="css/demos.css">
        <style>
           #toolbar {
                        padding: 4px;
                        background: #FFFFFF;
                        display: inline-block;
                }
                /* support: IE7 */
            *+html #toolbar {
                        display: inline;
                }
            .ui-menu {
                      width: 150px;
                      background: #FFFFFF;
                     }
        </style>
        <meta charset="utf-8">
                <script src="js/jquery-1.10.1.min.js"></script>
                <script src="js/jquery-ui-1.10.3.custom.min.js"></script>
                <script>
                 $(function() {
                  $( "#logout" ).button({
                   text: false,
                   icons: {
                     primary: "ui-icon-key"
                     }
                    });
                   $( "#settings" ).button({
                   text: false,
                   icons: {
                     primary: "ui-icon-gear",
                     secondary: "ui-icon-triangle-1-s"
                     }
                     })
                     .click(function() {
                      var menu = $( this ).parent().next().show().position({
                      my: "left top",
                      at: "left bottom",
                      of: this
                      });
                      $( document ).on( "click", function() {
                      menu.hide();
                      });
                      return false;
                      })
                      .parent()
                        .buttonset()
                          .next()
                           .hide()
                           .menu();
                      $("menu").mouseout( function(){
                        $("menu").hide();
                      });
                 });
                </script>



 </head>
 <body bgcolor="white">
<div id="header">
<div class="ribbon"><div class="ribbon-stitches-top"></div>
<strong class="ribbon-content">Welcome</strong>
<div class="ribbon-stitches-bottom"></div></div>
<div id="menu"  style="text-align: right">
<div id="toolbar" class="ui-widget-header ui-corner-all">
<button id="logout">Logout</button>
<button id="settings">Settings</button>
</div>
  <ul id="menu" >
    <li><a href="#">Open...</a></li>
    <li><a href="#">Save</a></li>
    <li><a href="#">Delete</a></li>
  </ul>
</div>
</div>
 </body>
</html>

Open in new window


I want also to make sure that these pages if they are requested directly from outside the frame without a user is logged he will see only the banner (even if I have more users already logged and they are seeing the full page within the frame) in other words I want to protect this page based on a user has logged or not, how can I do so?
I believe I wrote too much which made it very complicated sorry for that :-(
Ashraf HassaneinAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Ray PaseurConnect With a Mentor Commented:
I'm not sure I completely understand the question, but I think some of the issues may exist in the nature of the Client/Server relationship.

Clients make requests and servers make responses.  Without a request there cannot be a response.  You can think of each iFrame as its own browser, capable of making a request and receiving a response.  Once the response is made and sent to the browser the server "goes back to sleep" and waits for the next request.

If a browser running in any given iFrame makes a request including a login, the PHP session settings can be adjusted to show that the login has occurred.  But the information on the browser screen for the other iFrame(s) will not change until a request is made by the other iFrames.  If you want a contemporaneous change, you probably will need to use jQuery/AJAX to reload a <div>.  This would need to be part of the same browser window.

You can see something of how the iFrames relate here.  There are two scripts involved.
http://www.laprbass.com/RAY_iframe.html

HTML script to define the iFrames:
<?php // RAY_iframe.html
error_reporting(E_ALL);
session_start();
?>

<a target="frame_number_one" href="/RAY_iframe.php?n=1">SET FRAME ONE</a><br/>
<a target="frame_number_one" href="/RAY_iframe.php">CLEAR FRAME ONE</a><br/>
<br/>
<a target="frame_number_two" href="/RAY_iframe.php?n=2">SET FRAME TWO</a><br/>
<a target="frame_number_two" href="/RAY_iframe.php">CLEAR FRAME TWO</a><br/>


<!-- PUT UP SOME HTML TO DEFINE THE IFRAMES -->
<iframe name="frame_number_one" src="/RAY_iframe.php">one</iframe>
<br clear="all" />
<iframe name="frame_number_two" src="/RAY_iframe.php">two</iframe>
<br clear="all" />

<!-- SHOW THE PHP SCRIPT THAT RUNS THE IFRAMES -->
<a href="/RAY_iframe.php?n=3">CLICK HERE TO SEE THE IFRAME SOURCE CODE</a>

Open in new window

PHP script to load data into the iFrames:
<?php // RAY_iframe.php
error_reporting(E_ALL);

// ALWAYS START THE SESSION ON EVERY PAGE
session_start();

// BUMP THE COUNTER UP BY ONE
if (!isset($_SESSION["kounter"])) $_SESSION["kounter"] = 0;
$_SESSION["kounter"]++;

if (empty($_GET['n']))
{
    echo "NO IFRAME NUMBER SELECTED<br/>";
    echo "THE SESSION COUNTER IS {$_SESSION["kounter"]}<br/>";
    echo "THE REFERRER IS {$_SERVER["HTTP_REFERER"]}<br/>";
    die();
}

// WRITE SOME HTML INTO THE FRAMES
if ($_GET['n'] == '1')
{
    echo "SELECTED IFRAME NUMBER ONE<br/>";
    echo "THE SESSION COUNTER IS {$_SESSION["kounter"]}<br/>";
    echo "THE REFERRER IS {$_SERVER["HTTP_REFERER"]}<br/>";
    die();
}

if ($_GET['n'] == '2')
{
    echo "SELECTED IFRAME NUMBER TWO<br/>";
    echo "THE SESSION COUNTER IS {$_SESSION["kounter"]}<br/>";
    echo "THE REFERRER IS {$_SERVER["HTTP_REFERER"]}<br/>";
    die();
}

// SHOW THE SOURCE CODE FOR THIS SCRIPT
if ($_GET['n'] == '3')
{
    highlight_file(__FILE__);
    die();
}

Open in new window

An article showing how you can use jQuery/AJAX to reload a <div> is available here:
http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Jquery/A_10712-The-Hello-World-Exercise-with-jQuery-and-PHP.html

Best regards, ~Ray
0
 
Dave BaldwinConnect With a Mentor Fixer of ProblemsCommented:
Every page needs to have session_start() at the top of the page so that you can identify the particular user.  The login page should set the Session-cookie and some $_SESSION variables that you can use in the other page.   When you refresh the page in the other frame (which also has session_start()), you will be able to tell if that person is logged in by checking the $_SESSION variables that you set on the login page.

There are some details to be worked out but that is basically what you need to do.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
Ashraf HassaneinAuthor Commented:
Thank you all for your help that has helped alot, but my question was more about to hide or show some part of a page in a different frame based on either ther user is logged in, typically in my case hiding or show jquery elements, I want to do that in a way that page if it called with no login the hacker would not see that there is a script to enable these elements using ajax can be easily edited.
0
 
Dave BaldwinFixer of ProblemsCommented:
The login is on the server though and that means that you need to start it in PHP on the server.  You can't do this just in javascript / jquery.  You can use AJAX to talk to the server though to get the login status.
0
 
Ashraf HassaneinAuthor Commented:
Hi David I agree that the login must be done in PHP, and I can not use javascript, but my main question is the jquery menu which resides in adifferent frame how to make it hiding or displaying based on the login status in a way which can not be hacked, and also automatically reloaded once the use logs in, if the user is logging in using different different form how to force this page to reload?
0
 
Ashraf HassaneinAuthor Commented:
Hi Ray I read your articles but one piece of the codes are not clear to which is here:
// DEFINE THE ACCESS CONTROL FUNCTION
function access_control($test=FALSE)
{
    // REMEMBER HOW WE GOT HERE
    $_SESSION["entry_uri"] = $_SERVER["REQUEST_URI"];

    // IF THE UID IS SET, WE ARE LOGGED IN
    if (isset($_SESSION["uid"])) return $_SESSION["uid"];

    // IF WE ARE NOT LOGGED IN - RESPOND TO THE TEST REQUEST
    if ($test) return FALSE;

    // IF THIS IS NOT A TEST, REDIRECT TO CALL FOR A LOGIN
    header("Location: RAY_EE_login.php");
    exit;
}

Open in new window


   I can see that you have passed already the variable $test=False to function in the begining
 and then later you are checking if it is set to true or not, but I do not see at which step of the code this is might have to changed to true, can you please  explain it to me?
  I also assume that the UID is any identifier I send to the session array which can be the username correct?

Furthermore you said that the
session_start()

Open in new window

has to be placed at the top of every page, in the first login form I execute this command after checking the $_POST['username'],$_POST['password'],$_POST['captcha'], and if they are valid I fire the command, of course before firing it I do not print anything to html, the reason I am not using it at the top of the page, is that I do not want to flood the memory with garbage of invalie access trials, is that a valid argument?

However my main question still there how to force a page in a different to reload showing some extra contents in a different frame based on the logining action?
0
 
Ashraf HassaneinAuthor Commented:
I can see here you called the session_start in the html making the frame but these should be visible for everyone until a user enters his credentials the contrnts of the frames change so do we still need to call the session start here?
0
 
Ray PaseurCommented:
That's a really loaded question with about a bachelor's degree of deep background information required to give a thorough answer.  So I'm going to take the easy way out.

Rule: Always start the session on every page right at the top every time without any conditions or exceptions.
If you make any exceptions to this rule you will find that your scripts may behave unpredictably with run-time failures.  I can't begin to tell you how many scripts I've had to debug because the author embedded the session_start() function inside an if() control structure.  There is no measurable performance penalty for starting the PHP session.
0
 
Ashraf HassaneinAuthor Commented:
Thak you so much for your help I will read the article.
0
 
Ray PaseurCommented:
Good luck with it, and I think you may find that the iFrame concept is not as useful as the <div> and jQuery.  It will depend to some degree on the nature of the application, of course, but I see lots of jQuery and <div> work these days and less iFrame.
0
 
Ashraf HassaneinAuthor Commented:
Woow Ray you jsut opened to me a new challenge, using Div instead of frames but that is another question I will open, for now when I added <? session_start(); ?> at the start of all my files I am getting errors:

A session had already been started - ignoring session_start()

Open in new window


I searched in the internet and I found that we need to replace it with :

if(!isset($_SESSION)){
    session_start();
}

Open in new window


What do you think?
0
 
Ray PaseurCommented:
If you're getting a message about the session already started, there is more code somewhere that is using the session_start() function.  Your if() statement looks OK, but there is an inherent issue with the PHP session.  You can access the $_SESSION array without starting the session!  It's idiotic, but that's just a fact of life.  So I would look into the code base and determine where the session gets started, and make sure it's done on every page.  Then you will be able to trust $_SESSION.
0
 
Ashraf HassaneinAuthor Commented:
Ok Ray, I know it is a very long question, and consuming too much of your time, but I am extremely sorry I am really lost, now I will be more specific in my question as I am jumping from one point to another.
My question in short:
What is the php command which forces a different frame to reload or refresh its content?
To explain it more (I hope I am not confusing you):
First my index page is normal frames, changing it to iframe or div is not an option for me for the moment as it requires a lot of work.
Now:
1- Have created a an Ajax in logo.php (logo frame) where it checks if there is a session or not depending on this it will show or hide different element.
2- I have in the login.php which is located (main frame) where the user enters his credentials, and that is sent to a back end server side php script this script has check to user  and create the session once the session is created it has to trigger the logo frame to reload its content so the Ajax is executed.

I can reload or forward to a different page in the same frame using the header command.
I have been through the articles and searched the internet, and I found only speaking about using the header command with window-target, so here the php script which is triggering the reload of the php pages (It does not work):
 <?php
   session_start();
   header('Window-target: header');
   header('Location: header.php');
   header('Window-target: status');
   header('Location: status.php');
?>

Open in new window


I tried as well:

<?php
   session_start();
//   print_r($_SESSION);
//   echo $_SESSION['username'];
//   header('Window-target: _header');
   header('Location: header.php; target: header');
//   header('Window-target: _status');
   header('Location: status.php; target: status');
?>

Open in new window


My Frame file is:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
   "http://www.w3.org/TR/html4/frameset.dtd">
<HTML>
<HEAD>
</HEAD>
<FRAMESET cols="10%, 90%">
  <FRAMESET rows="10%, "90%">
      <FRAME name="status" id="status" src="status.php" scrolling="no" noresize="noresize" frameborder="0" target="status" >
      <FRAME  name="menu" id="menu" src="menu.php"  scrolling="no" noresize="noresize" frameborder="0" target="menu" >
  </FRAMESET>
  <FRAMESET rows="20%, "80%">
      <FRAME name="header" id="header" src="header.php"  scrolling="no" noresize="noresize" frameborder="0" target="header">
      <FRAME  name="main" id="main" src="login.php"  scrolling="yes" noresize="noresize" frameborder="0" traget="main">
  </FRAMESET>
  <NOFRAMES>
      Sorry, your browser does not handle frames!
  </NOFRAMES>
</FRAMESET>
</HTML>

Open in new window

 So the question which I am looking really for an answer is:
What is the php command which forces a different frame to reload or refresh its content?
Again sorry for all this disturbance.
0
 
Ray PaseurCommented:
Sorry, I'm just not getting it.  I'll sign off now.  Maybe one of the other Experts can help.
0
 
Ashraf HassaneinAuthor Commented:
Sorry Ray for confusing you, but My question why the command
 
header (location: satus.php; target: status); 

Open in new window

does not cause the reload of the status.php in the status frame?
0
 
Ashraf HassaneinAuthor Commented:
Hi Ray, I know now where is my mistake thanks for your help.
0
 
Ashraf HassaneinAuthor Commented:
Experts were extremely helpful and patient
0
 
Ray PaseurCommented:
Thanks for the points, and best of luck with your project, ~Ray
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.