SOS: PHP Form, secure popup

[lokeshv]

here i have put same code on my server. it working alright.

http://jppjaipur.com/lokesh/master.php

if it doesnt work for you then your browser is not accepting session cookies.

btw which version of PHP is on server ?

try with some other machine..

Thanks

 

[lokeshv]

and make sure you have session_start() on top of both files.

 

[iosoft]

SOLVED​

This is what the PROBLEM was hyeah:

when testing with master.php and client.php is was working, but when putting the same code in the project master, it fails.

The REASON -

This master.php file is not totally master, it is actually called by master-master.php

in master-master.php, there is a line -

ini_set('session.save_path','/home/vol4/domain.in/i/iosoft/www/cache');

It defines - which DIR is for CACHE.

and this master-master.php is calling master.php using if(...) include_once()

But client.php is an independent PHP-HTML form. When I am calling the SESSION, as I didn't defined the changed CACHE DIR, it is looking at /tmp DIR for CACHE information which is NULL.

I put the same code ini_set('session.save_path','..... in client.php and it worked :clap:

I am sharing this so that you wont face similar problem

 

[iosoft]

Now that the SESSION problem is solved, now lets talk about the main problem.

How to make sure that child.php is opened (JavaScript popup) only by master.php and not by direct access ?

(note that, user can by mistake close the child.php, so I should allow to re-click (the JavaScript LINK ) again.

BTW: one of my friend suggested me to use .htaccess the same way it blocks hot-linking. the child form is in private directory along with its IMG, CSS files.

any idea on that ??

 

[iosoft]

The final sample CODE :hap2: ​

Master.php -

<html>
<head>
<Title>PHP Session Test: MASTER</Title>
<script language="Javascript">
function showForm(mID)
{
      var w=window.open("child.php?mID="+mID,"PollForm", "width=450,status=yes,resizeable=no,scrollbars=1");
      if(w.opener == null) w.opener = self;
            
   return;
}
</script>
</head>
<body>
<?php
if(!session_id()) session_start();
$Key=uniqid();
$_SESSION['kEy']=$Key;
?>
<input type="hidden" name="sysKey1" id="sysKey1" value="<?php echo md5($Key); ?>">

[url="#"]Click Me[/url]
</body>
</html>

Client.php -

<html>
<head>
<Title>PHP Session Test: CHILD</Title>
<?php
if(!session_id()) session_start();
$token=md5($_SESSION['kEy']);
?>
<script language="javascript">
function validateMe()
{
if(window.opener==null || window.opener.document.getElementById("sysKey1").value!="<?php echo $token; ?>")
   document.getElementById("form_content").innerHTML="Error";
else
   document.getElementById("form_content").innerHTML="Ok";
document.getElementById("form_content").style.visibility="visible";
}
</script>
</head>
<body onload="validateMe();">
<div id="form_content" style="visibility: hidden;">
Empty
</div>
</body>
</html>

Suggestions Welcome