tags:

views:

64

answers:

4
+1  Q: 

PHP create cookie and only show website if cookie exists

I want to protect a website from being accessed until a user has agreed to something. The basic idea is that at the top of each page it will check if the cookie exists if not then exit and include a php page that contains the message and two buttons one which will create the cookie and the other simply moving them off the site e.g. google.com

EDIT:

This is what I ended up with:

The warning include would look something like this:

 <?php

function pageURL() {
    $pageURL = 'http';
     if ($_SERVER["HTTPS"] == "on") {
        $pageURL .= "s";
    }
     $pageURL .= "://";
     if ($_SERVER["SERVER_PORT"] != "80") {
          $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
     } 
    else {
          $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
     }
 return $pageURL;
}

$pageRedirect = pageURL();

    if (
        isset($_POST['agree_button']) && ($_POST['agree_button'] == 'I agree')
    ) {
        setcookie('agreed', 'true');
        header("Location:$pageRedirect",303);
    }
?>


<form action="<?php echo pageURL(); ?>" method="post">
    <p>INSERT MESSAGE HERE (User must agree)</p>
    <input type="submit" value="I agree" name="agree_button" />
    <input type="button" value="I disagree" />
</form>

and the at the top of pages something like this:

<?php

    if(!isset($_COOKIE['agreed']) || ($_COOKIE['agreed'] != 'true'))
    {
        include('warning.php'); exit;
    }

?>
+1  A: 

Use Sessions instead Cookies, because cookies can be disabled by user. And Sessions are more secure than Cookies

to set session use:

session_start();
$_SESSION['session_exists'] = 1;

and to check use this:

if($_SESSION['session_exists'] != 1) { include('warning.php'); exit; }

If you have any problems let me know I'll edit.

Centurion  2010-08-19 21:03:05
Sessions are most often stored in cookies, though... anyhow, if that was the case - cookies were diabled - then they wouldn't see the site unless they enabled cookies. So, the effect would be the same as not having the cookie/ saying disagree.
Alex JL  2010-08-19 21:04:42
Can you show me how do to the above using Sessions then? Thanks.
Cameron  2010-08-19 21:06:31
sessions use cookies for storing session id. if cookies are disabled, session can only when session id is appended to _every_ url... making sessions unusable
kgb  2010-08-19 21:06:47
@Alex JL, But what if they don't know that they can not access the site because the cookies are disabled (they can even don't know what the cookie mean), they have to have possibility to access your application.
Centurion  2010-08-19 21:07:26
Session data can be passed using a URL parameter instead of cookies. http://www.php.net/manual/en/session.idpassing.php
Peter Ajtai  2010-08-19 21:08:34
Either way lets pretend the user understands what cookies are and has them enabled. Can you show me how to do this. Thanks.
Cameron  2010-08-19 21:09:27
How do I get the button to create the session.
Cameron  2010-08-19 21:12:18
@Cameron, If you want a button to set the session then most probably this button will redirect to a page where you set the session session_start();$_SESSION['session_exists'] = 1;and when you are back the session variable is already set so you can check for this using if($_SESSION['session_exists'] != 1) { include('warning.php'); exit; }this check if session variable is not set then do what you want (even if I don't understand why you include('warning.php'); exit;)
Centurion  2010-08-19 21:16:58
I'm using the cookie version below, but want to use a php form to create the cookie, can you help?
Cameron  2010-08-19 21:25:07
Please enlighten us - why are "sessions more secure than cookies". Do you know something the guys who wrote PHP don't? Sessions are implemented using ccokies unless you use the URL as a carrier for the SID: e.g. "Use of trans sid may risk your users security" http://docs.moodle.org/en/Cookieless_Sessions, "URL based session management has additional security risks compared to cookie based session management" http://www.php.net/manual/en/session.configuration.php#ini.session.use-trans-sid
symcbean  2010-08-19 21:26:14
to set cookie use http://md.php.net/manual/en/function.setcookie.php .This will create cookie, just make sure in your situation where to use it (I suppose when user press the button).
Centurion  2010-08-19 21:28:31
If they don't know what cookies are, why or how did they disable them? You could also just have that information on the page ('Please make sure cookies are enabled in your browser, here's a link to the docs for common browsers').
Alex JL  2010-08-19 21:38:09
+1  A: 

i would do it client-side...

<script src="js/jquery.cookie.js" type="text/javascript"></script>
<form>
    <p>INSERT MESSAGE HERE (User must agree)</p>
    <input type="submit" value="I agree" onclick="$.cookie('agreed', 'true'); location.href='/'" />
    <input type="button" value="I disagree" />
</form>

and the check would be...

if (
    !isset($_COOKIE['agreed'])||
    ($_COOKIE['agreed'] != 'true')
) {
    include('warning.php');
    exit;
}

if you want to set the cookie on server side, you need to...

<?php
    if (
        isset($_POST['agree_button'])&&
        ($_POST['agree_button'] == 'I agree')
    ) {
        setcookie('agreed', 'true');
        header('Location: /'); // redirect to main page
    }
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
    <p>INSERT MESSAGE HERE (User must agree)</p>
    <input type="submit" value="I agree" name="agree_button" />
    <input type="button" value="I disagree" />
</form>

see setcookie() man page

kgb  2010-08-19 21:14:58
Love the PHP but what about using PHP for the create cookie part too? Don't want to use JavaScript for this. Thanks.
Cameron  2010-08-19 21:18:56
When I click the button the cookie is set but I still see the form and message unless I refresh the page which is weird as this is included within the page and is posting back so surely it should hide upon a user clicking the button without the need for a redirect? What would the code be for the redirect anyways If I need one? thanks
Cameron  2010-08-19 21:37:27
added a redirect example
kgb  2010-08-20 08:08:46
+1  A: 

Here's a server side method.

You have to reload the page after setting the cookie for it to take effect - hence the redirection using Location. This is a good practice for POST forms, anyway, to use HTTP 303 to avoid the 'Did you want to resubmit?' if the user reloads the page.

<?php 
  $redir=false;
  if($_POST['agreed']){ setcookie('allow','yes',time()+3600); $redir=true;}
  elseif($_POST['refused']) { setcookie('allow','no',time()+3600); $redir=true;}
  if($redir){ header("Location: thispage.php",303); }
?>


<form method='post' action='thispage.php'>
 <p>Do you agree to our voluminous and vast list of preconditions?</p>
 <input type="submit" name='agreed' value="I agree" />
 <input type="submit" name='refused' value="I disagree" />
</form>

<?php

 if($_COOKIE['allow']=='no'){ echo 'Not authorized'; exit; }
 elseif($_COOKIE['allow']=='yes'){ echo 'Welcome to my amazing site - thanks for bein$
 else{ echo 'Please read our terms and select your choice to continue'; exit; }

See PHP setcookie docs, and the cookie main section. Cookies are accessed thorugh the '$_COOKIE superglobal'.

Alex JL  2010-08-19 21:32:29
+1  A: 

I'd go with something like:

<form>
    <p>INSERT MESSAGE HERE (User must agree)</p>
    <input type="submit" name="conditional_access_agree" value="I agree" />
    <input type="button" name="conditional_access_disagree" value="I disagree" />
</form>

Then

if(($_COOKIE['agreed'] != 'true')
    && ($_POST['conditional_access_agree'] != "I agree")) { 
    include('warning.php'); 
    exit; 
} elseif (($_COOKIE['agreed'] != 'true')
    && ($_POST['conditional_access_agree'] == "I agree")) {
    setcookie('agreed', 'true', time()+60*60*24*30, '/');
}

C.

symcbean  2010-08-19 21:33:46

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases