raknuth
Posts: 67
|
| Posted: 06/22/2011, 7:44 AM |
|
Hi. I have a CCS page with a button named openModalWindow that opens a modal window. The modal window presents the contents of an external PHP page. In the external page, after I've confirmed that a session is active and a user is logged on, I would like to test to see if the button was pushed.
* if it was pushed, allow the page to execute.
* if it was not pushed, redirect the user to the calling CCS form.
I tried creating a session variable when the button is pushed - I placed code in a couple of different events for the button, but none of these events seem to be able to set a session variable.
Any ideas? Thank you.
|
 |
 |
jjrjr2
Posts: 131
|
| Posted: 06/22/2011, 8:20 AM |
|
Hi
A little more info would help.
1st U gotta realize opening a modal window is all client side.. In other words it is javascript opening the modal window.
Is the modal window using AJAX to get the external page???
A little more info here would help.
I am not exactly sure what U R trying to do..
What button do you want the external program to look for???
I will try to help when I understand a little better as to how U have this working now..
John
BTW don't you know the button was pushed just because the modal opened???
_________________
John Real - More CodeCharge Studio Support at - http://CCSElite.com
Real Web Development At: http://RealWebDevelopment.us |
|
|
|
raknuth
Posts: 67
|
| Posted: 06/22/2011, 9:28 AM |
|
Hi John. The modal window is created by a 3rd-party app - Likno Modal Window Builder. Using a GUI, I define the window look-and-feel and give it an ID. A parameter defines the nature of the window's content - I elect to display an external page (my PHP page) within the modal window. The user's interaction with the PHP page contents within the modal window is identical to his interaction of the PHP page in a normal browser window.
The modal window responds to a function named after the ID. On my CCS page, I created a button. The onclick() event of the button executes the function. Press the button and the modal window opens.
In the external PHP page, I have continued the PHP session and I check to ensure that a user has logged in. If a user has not logged in, he is redirected to the login page. This prevents someone from running the external page without logging in.
But once logged in, I want to remove his ability to open a new browser window and type in the page's URL. To deny this action, I had hoped to create a session variable when the button is pushed and then test for that variable and value in the external page. If the variable and value exist, then the button must have been pushed. If not, then the button was not pushed and the external page must have been called from another browser window.
The name of the button is openModalWindow. I had thought about naming the session variable modalWindowOpened. It's value would be logical.
Here's a little more background: the external page runs a nifty little script that uses a jQuery sortable routine that writes back to a MySQL table. Something in the jQuery code doesn't want to work right if I write the code directly into the modal window. But it works flawlessly in the external page. The external page doesn't know that the modal window exists - I am trying to inform the page via the presence of a session variable.
Is there any hope for me, John.
|
|
|
|
jjrjr2
Posts: 131
|
| Posted: 06/23/2011, 6:15 AM |
|
Good Morning
Now I understand a little better.
First of all It looks like your 3rd party builder must be creating the Modal Window code and calling your external page with AJAX (or maybe an iFrame).
You also need to realize that your button is only executing the onclick() function also created by your 3rd party tool. It does not submit the page to the server so a session variable can be set.
If you are just wanting to prevent external access to the page outside the Modal Window.. I would experiment with using the HTTP_REFERER value.
Maybe Like So in your external page.
$ref = $_SERVER['HTTP_REFERER'];
//echo "Refering Page ".$ref;die(); //Uncomment for debugging & See HTTP_REFERER.
if(!stristr($ref,'thecallingpagename')){
Do what you want to do if not called as a modal from your page
}
What this will do is allow you to take action if the Modal Window External PHP program is not being called from the page using it in the modal window.
I think this is the effect you are looking for.
Although I have never looked at the HTTP_REFERER in a script being called with AJAX. I do think the AJAX called page should have the calling page in the HTTP_REFERER value.
if you have probs you can try debugging by putting an echo $ref;die(); into the external page to see the value of HTTP_REFERER.
Let me know if this works.
And yes there is hope for all of us who try new things..
 John
_________________
John Real - More CodeCharge Studio Support at - http://CCSElite.com
Real Web Development At: http://RealWebDevelopment.us |
|
|
|
raknuth
Posts: 67
|
| Posted: 06/23/2011, 10:03 AM |
|
John, you are GOLD. It appears that HTTP_REFERER is not always reliable, as referers can be modified by 'htaccess' files. But I'll take that chance.
Here is my code:
$path = explode('/', $_SERVER['HTTP_REFERER']); // disassembles the REFERER at the slashes
$filename = $path[count($path)-1]; // stores everything after the final slash as $filename
$params = strstr($path[count($path)-1], "?"); // stores parameters, if any, found in the filname
$paramslen = strlen($params); // counts the number of characters in $params
if ($paramslen > 0) {
$filename = substr($filename, 0, -$paramslen);
} // strips parameters off end of $filename, if any
if ($filename != "calling_page.php") {
header('location: ../redirect_page.php');
} // if calling page is incorrect (button was not pushed), redirects user to desired page
I placed this code after the code that verifies that a user is logged on.
Thanks, John. I am almost finished with my project. Your help is invaluable.
|
|
|
|
jjrjr2
Posts: 131
|
| Posted: 06/23/2011, 1:05 PM |
|
Hi Again..
Glad that worked and I was able to help in a small way.
If you're gonna use htaccess on your target server and the referer will be changed (URL Rewrite),
Maybe try $_SERVER['REQUEST_URI']; (on Second thought this probably will not work, but worth testing.)
But unless U have the rewrite engine turned on and re-naming URLs there should be no problem.. U could consider excluding the page from URL Re-Write...
I am also not sure why you did all the gymnastics on the referer URL...
stristr() would have returned true if the filename was found in the HTTP_REFERER string ($ref in this case), false if not.
But as always.... There is more than one way to skin a cat.
BTW. Again I think U should put an exit(); after setting the header location. Without that I think the PHP script will keep running. This could cause some undesired effects.
Take care.
 John
_________________
John Real - More CodeCharge Studio Support at - http://CCSElite.com
Real Web Development At: http://RealWebDevelopment.us |
|
|
|
|
