So im getting a blank page when loading this page within an iFrame on Internet explorer, every other browser works fine..
I have also tried using p3p headers as other people have suggested, but to no avail.
<?php
require ("connect.php");
require ("config.php");
require ("fb_config.php");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Login handler</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="css/login.css" type="text/css">
</head>
<body>
<?//=$user?>
<?php
if($user == 0) {
echo "You are not logged into facebook. Nice try.";
}else{
$query = "SELECT id,fb_id,login_ip,login_count,activated,sitestate FROM login WHERE fb_id='".mysql_real_escape_string($user)."'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
if (mysql_num_rows($result) == 0) {
$sql = "INSERT INTO login SET id = '', fb_id ='" .mysql_real_escape_string($user). "', name = '" .rand(10000000000000000,99999999999999999999). "', signup =NOW() , password = '" .mysql_real_escape_string($pass). "', state = '0', mail = '" .mysql_real_escape_string($_POST['mail']). "',location='".mysql_real_escape_string($randomlocation)."',location_start='".mysql_real_escape_string($randomlocation)."', signup_ip='".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."',ref='".mysql_real_escape_string($_POST['ref'])."', activation_id = '" .mysql_real_escape_string($activation_link). "',activated='2', killprotection = '$twodayprot',gender='" .mysql_real_escape_string($_POST["gender"]). "'";
$res = mysql_query($sql);
}
//if($row['fb_id'] != $user){
//echo "Your facebook ID: $user is NOT in the MW DB.";
//exit();
//}else{
if(empty($row['login_ip'])){
$row['login_ip'] = $_SERVER['REMOTE_ADDR'];
}else{
$ip_information = explode("-", $row['login_ip']);
if (in_array($_SERVER['REMOTE_ADDR'], $ip_information)) {
$row['login_ip'] = $row['login_ip'];
}else{
$row['login_ip'] = $row['login_ip']."-".$_SERVER['REMOTE_ADDR'];
}
}
$update_login = mysql_query("UPDATE login SET login_count=login_count+'1' WHERE name='".mysql_real_escape_string($_POST['username'])."'")
or die(mysql_error());
$_SESSION['user_id'] = $row['id'];
$result = mysql_query("UPDATE login SET userip='".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."',login_ip='".mysql_real_escape_string($row['login_ip'])."',login_count='0' WHERE id='".mysql_real_escape_string($_SESSION['user_id'])."'")
or die(mysql_error());
if ($row['sitestate'] == 0){
header("location: home.php");
} elseif ($row['sitestate'] == 2) {
header("location: killed.php?id={$row['id']}&encrypted={$row['password']}");
} else {
header("location: banned.php?id={$row['id']}&encrypted={$row['password']}");
}
}// id check.
?>
</body>
</html>