This is my code from frame.php

    <FRAME src="menu1.html">
    <FRAME src="test1.php">

I am wondering if there's a way to block people from going to "test1.php" directly?

I want people to stay on frame.php and if people try to go to " test1.php " directly, it will give you error. Is there such a way or code?

Before coming to this "frame.php" page, my user needs to login.

Thank you very much.

I'm not aware of a definitive method for preventing direct access to the test1.php script.

The issue is that it is being requested from the client side by the frame, in the same way as it would be accessed via a direct request. If you were including it on the server side, then you could check that it wasn't being accessed directly.

You could add a query string parameter, e.g. test1.php?frame to the frame source URL and check for the existence of that parameter within test1.php before returning the content. But this could be easily bypassed by anyone that views the page source.

// test1.php

if(! isset($_GET['frame'])
    die('Access denied');

Why do you feel you need to use frames anyway? They're not especially user friendly, so there might be a more friendly alternative you could use.

you could add something in the controller to check the url segment...

say somethin like ..

<if($this->uri->segment('3') != 'pagewithframe.php'){


 } ?>

that checks segment 3 (ie:
and check if its a certain value
if not (!=) then redirect to an error page you specify.