Hi everyone,

I really haven’t found much that would be fitting in a half
decent or secure way on this issue, but...

Let’s say I have a website called mysupportsystem.com and I've incorporated
a third party cloud based ticketing system which is fed into the index page
via iframe at mysupportsystem.com/index.php.

The user also has to sign in through a fairly simple log in form which is
also made available through the same iframe.

Once the user signs in, the uri of the iframe simply changes to the
below uri; (not a real link - just an example only)

techportal.ticketsupport.com/protected/examplelandingpage.aspx

From there on, the user has a choice between a handful of forms that they
can fill out and send into the third party ticketing system.

If the user chooses, he or she also has the option to access a dynamic or custom
form which does not have an iframe embedded in a seperate custom page:

mysupportsystem.com/customform_01.php

The problem is, I don’t want to make these custom pages on the
mysupportsystem.com site available if the user has not signed in via
the third party ticketing system.

The other problem is that I do not have access to the database in which the
cloud based ticketing system is utilizing to keep the user information, so
this is not an option to harness as a session reference either.

My thought was that perhaps I could somehow utilize PHP to reference
the url as shown below:

techportal.ticketsupport.com/protected/examplelandingpage.aspx

In the way that the code works below is that when a user receives a
notification in thier email after filling out a ticket, a ticket reference link
is also embedded.

When the user clicks on that reference link, it will take them right to
the techportal.ticketsupport.com website and also resolve the
organizationID as well as TicketID after login. (See “$iframe_url”).

After that, the URL in the iframe remains as such, no matter where
the user navigates within the iframe;

techportal.ticketsupport.com/protected/examplelandingpage.aspx

in a basic sense of what I'm trying to accomplish is, if the url is
“true”, this would allow the user to access the custom form pages
outside from the index page that is serving the iframe.

If it is false, it would prevent the user to access the custom form
pages.

To put this in another thought, the original idea I had was to treat the “$iframe_url” or
the above URL as a session requirement and perhaps use a php “include” and/or
requirement based on the URL session in each custom page referencing it,
but I’m not sure on how to or if that would be even possible or the best
way to treat this scenario?

I’m almost thinking; would I need to use cookies to accomplish this? If the
user has cookies disabled, (which some do) they won’t have access, so I’m
trying to avoid this too.

Any solutions, references, code samples and/or directions that any of you
can point me out to would be so much appreciated.

To all of you, thank you ahead of time for taking a peak and most of
all - for all of your help!

<?php

$qs = create_qs("all");

if($_GET['iframe_test'] == 1){
    $iframe_url = 'iframe_test.php';
}
else if($_GET == array() || !$_GET){ 
    $iframe_url = 'https://techportal.ticketsupport.com?OrganizationID=xxxx';
}else if($_GET['TicketNumber'] !=""){
    $iframe_url = 'https://techportal.ticketsupport.com/protected/ticketdetail.aspx'.$qs;
}else{
    $iframe_url = 'https://techportal.ticketsupport.com'.$qs;
}

function create_qs($vars,$addvar=""){
    if($vars == "all"){ $vars = array_keys($_GET); }
    $queryString = "";

    if(!is_array($addvar)){ 
        $addvar = explode(",",$addvar); 
        $ta = array(); 
        foreach($addvar as $keyval){ 
            $temp = explode("=",$keyval); 
            $k = $temp[0];
            $ta[$k] = $temp[1];
        } 
        $addvar = $ta;
    }
    $addKeys = array_keys($addvar);

    if(!is_array($vars)){
        $vars = explode(",",$vars); 
        foreach($vars as $key => $value){ 
            $vars[$key] = trim($value); 
        } 
    }
    foreach($vars as $key){    
        if(in_array($key,$addKeys)){ continue; }    
        if($queryString == ""){ $q_a = "?"; }else{ $q_a = "&"; }
        if($_GET[$key] == ""){ $x = ""; }else{ $x = $q_a.$key."=".$_GET[$key]; }
        $queryString .= $x;
    }
    if($addvar != ""){
        foreach($addvar as $key => $value){            
            if($queryString == ""){ $q_a = "?"; }else{ $q_a = "&"; }                
            if($value == ""){ $x = ""; }else{ $x = $q_a.$key."=".$value; }
            $queryString .= $x;
        }            
    }
    return $queryString;
}

?>

<html>
    <head>
        <title>My Iframe Page</title>
    </head>
<body>

<iframe name="myframe" id="myframe" src="<?php echo $iframe_url; ?>" width="950" height="1200" align="center"></iframe>

</body>
</html>

Recommended Answers

All 3 Replies

Member Avatar for iamthwee

iframes just complicate the security issues. Anyway you can avoid using them?

Hi DW, I can't agree with you more... If it was my choice, I would have never chosen the current route taken, but unfortunately, my client has chosen this route so I'm really digging in deep to put my best foot forward. I really dislike the Iframes just beceause of the security issues - being anywhere from Ddos attacks to anything else under the sun really...

Thank you for the reply too, DW!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.