Elxis CMS Forum
Support => General => Topic started by: rentasite on November 16, 2008, 22:14:14
-
Hi, i've been thinking of this many days. But i don't know if it can be done. So i thought i should post a question :)
I want to wrap a url. This specific URL is going to be password protected through cPanel. Is there a way, to be opened by the wrapper in someway giving the username/password automatically by Elxis... ???
I want to limit the direct access to the wrapped URL but to remain open for the Wrap Item.
Is this possible?
-
The only way to open a password protected by htaccess url is by providing within the url the username and the password.
Example:
http://username:password@www.mysite.com/wrapped-page.html
So, if you write the wrapped URL like above this will do the trick you want (If I understood well what you really want...).
Of course the username/password are not protected as they are visible in the source code and search engines might list your wrapped page with that username/password.
If I was in your position i would do it with in an other way and i would never write username/password in clear text even if I dont care about them. Maybe by checking if the wrapped page has a parent frame for example (I must think of it to give you the best solution). You could also do this with a cookie or a session than is set in the parent page and if this cookie/session does not exist in the wrapped page (direct access) then the page is not being displayed.
Here is a solution I found in the internet with some javascript that checks the parent frame (the method I described you above):
http://javascript.internet.com/navigation/force-frames.html (http://javascript.internet.com/navigation/force-frames.html)
of course it is not the absolute protection, because it works only if you have javascript enabled, but it is something...
The most secure method is to check using a session variable.
[attachment deleted by admin]
-
Here is a solution I found in the internet with some javascript that checks the parent frame (the method I described you above):
http://javascript.internet.com/navigation/force-frames.html (http://javascript.internet.com/navigation/force-frames.html)
of course it is not the absolute protection but it is something...
Thank you Yianni i will take a look into this. Thanks
-
I thought of it better...
The method I described you with the session is good enough. Here is a last trick that will make it absolutely perfect. In the wrapped page unset the session! This way even those that have the session wont be able to direct access the wrapped page. The wrapped page will be accessible only via the Elxis wrapper. The session will live for just some milliseconds, enough time to allow you to access the page using the elxis wrapper and to decline you the direct access. The best solution ever!
//Elxis:
$_SESSION['accessframe'] = 1;
//Wrapped page:
session_start();
if (!isset($_SESSION['accessframe'])) { die('You are not allowed to access this page!'); }
unset($_SESSION['accessframe']);
....your wrapped page content here...........
-
Ok i inserted this in the wrapped page:
//Elxis:
$_SESSION['accessframe'] = 1;
//Wrapped page:
session_start();
if (!isset($_SESSION['accessframe'])) { die('You are not allowed to access this page!'); }
unset($_SESSION['accessframe']);
and i get the "You are not allowed to access this page!" message with direct access to that page. But i get it also through the wrapper.
-
The "//Elxis" part you must insert it in elxis after the session start
-
Oh thanks dude it was also troubling me i hope now i get a good suggestion....