Making $_Request only available inside a frame

TheMayhem

I have this page called

if ($_REQUEST['mapid'] )
{
// Contents inside
}

And it is working perfectly fine because I call upon this page multiple times inside this nice little frame I use. I have types of security setup and everything, works perfectly fine 🙂 Here is the problem if a person manually types in there browser myurl.com/map.php?mapid=X
They can get around certain securities which makes my script work ineffectively. The only way I want that $_Request['mapid'] to work is if I call upon it in the page map.php?action=view where the frame and so forth is located.

So my question is if I'm using the same document as a whole, how can I make it so the only way a request page can be loaded is if it's in the contents of the frame area. If your still somewhat confused, I attached my small little file that is the script that I'm trying to block access of a person manually typing it in their browser. Any ideas?

kburger

I'd suggest using sessions. Set a session variable in your parent frame and verify the existence of that session variable in the child frame -- if it doesn't exist bounce them to your login page, whatever that is.

TheMayhem

Originally posted by kburger
I'd suggest using sessions. Set a session variable in your parent frame and verify the existence of that session variable in the child frame -- if it doesn't exist bounce them to your login page, whatever that is.

These are logged in users already using sessions and if I implied sessions they simply could login again with a new window to get around it. Or just visit the page with the frame, then type it into the browser to get around right afterwards.