a script that will check subsequent pages w/o login

[Lizzard]

May 1st, 2007, 10:48 am

Hi.
I've a bit of a quandry. I need code that will check to see if a user has accepted the "terms of agreement" prior to viewing certain pages in the site without a log-in. IE - I don't want them bookmarking a page behind the agreement at the initial visit and then returning without viewing the terms and conditions again. But I don't want to know who they are or have a login.
I have a little java thing to do the terms...

if(!document.form1.agree.checked){alert("Please Read the guidelines and check the box below");
return false; }


return true;
}
</script>
But not all the pages that follow.
Any ideas? PS Love your site.

May 1st, 2007, 11:46 am

Guess the easiest way to archive that is to use cookies. Set a cookie when the user has read the terms, and on every subsequent page, read out the cookie. If the cookie i.e. has no or the value 0, the user didn't read the terms and so force him to do so by redirecting him to the page with the terms.

[Lizzard]

May 2nd, 2007, 4:10 am

I did think of that but wondered if there was another way as many of the users have their cookies turned off.
I thought about a php session but everytime I tried it I couldn't get it to work. So I went to the trusty PHP manual and it said ... well my basic understanding of what it said was , Yep! those darn PHP sessions can sure act a little crazy when you are dealing with sub-domains. I am dealing with building and replicating strictly subdomains on some templates I have and am in the process of building. Kind of like "Oh - ok well you do business with us and we will give you this sub domain that is attached to our databases and hooked up to these certain links that normally you'd have to pay an arm and a leg for."
See my problem?

May 2nd, 2007, 4:34 am

Yes - you made it clear

Hm, even if you want to use sessions - isn't a session cancelled latest when the browser is closed? It will loose it's session state, as far as I know, so this is also not working. ( When I use sessions I give them always a timeout of 1 h, so I can't name it exactly. )

Using a DB and the IP of the referrer is also crap, as IP's change frequently, the referrer is not always present, and now I run out of ideas how to do such a thing without putting anything on the users pc or creating a login section.

[joebert]

May 2nd, 2007, 4:55 am

You might be supprized just how many of the people who have cookies turned off, will turn them on for certain sites that appeal to them.

May 2nd, 2007, 5:00 am

Even if that is true, you cannot rely on that. As the vast majority turn cookies off for some special reason, you cannot automatically consider that they will turn on. That way you might be missing a lot of people visiting your site.

In my opinion it is still the easiest way to have a login somewhere, as people can save their passwords and just have to click on ok to enter the page. Guess this is not too much work to enter a site worth it.

[Lizzard]

May 2nd, 2007, 5:57 am

Right. Which made me think that a session would be fine. To test it, I bookmarked the index page past the "terms of agreement." I closed the browser and restarted my computer. (I need to be absolutely sure) and sure enough, I could pull up the page.
I can get all my little redirects to work if they click "No!" or whatnot, but I am stumped on this session/cookie/no login business.

[Lizzard]

May 2nd, 2007, 5:59 am

"In my opinion it is still the easiest way to have a login somewhere, as people can save their passwords and just have to click on ok to enter the page. Guess this is not too much work to enter a site worth it."
True - but my boss doesn't want it done this way.
The head of the IT department suggested a "generic, invisible login" - meaning once they checked yes - they were issued that generic login name that the user never sees - but would expire when they leave. I am not sure how to do that 100 percent.

May 2nd, 2007, 6:08 am

So can't you save a session variable in this session to authenticate the user then?

[Lizzard]

May 2nd, 2007, 6:43 am

I tried to do that - but that is (I think) where my subdomain issue comes in.

They give the example of this in the PHP Manual
"something that wasn't made clear to me here and totally confused me for a while was that domain names must contain at least two dots (.), hence 'localhost' is invalid and the browser will refuse to set the cookie! instead for localhost you should use false.

to make your code work on both localhost and a proper domain, you can do this:

<?php

$domain = ($_SERVER['HTTP_HOST'] != 'localhost') ? $_SERVER['HTTP_HOST'] : false;
setcookie('cookiename', 'data', time()+60*60*24*365, '/', $domain, false);

?>"

http://us2.php.net/setcookie

But I could not get it to work. I think because I am passing (and parsing) thru many subfolders within a subdomain but I am not sure.

May 2nd, 2007, 6:56 am

So, you say your domain listens at localhost instead of a server name ( i.e. test.com ) ? Yet, it's a production server or just a local test server?

[Lizzard]

May 2nd, 2007, 7:15 am

Oh no. I just copied that out of the PHP Manual so that you could see WHAT they said in case I was misintrepreting. Right now I am trying to run it on a test that is internal only... beth.mycompany.com.
Our subdomains are like if you would do business you would be http://ecuador.mycompany.com.
Then I would copy all of the file structure that would apply to your company on thru as far as product lines/
so you could have; http://ecuador.mycompany.com/product/services/index.php or http://ecuador.mycompany.com/commission ... /index.php
or it could be as simple as; http://ecuador.mycompany.com/index.php It would entirely depend on which page you want to look at - at any given time.
I think that is where I am losing my session cookie. It won't pass thru all of the structures, so it doesn't plant at all.

May 2nd, 2007, 7:34 am

Hm, it's a bit hard to follow if you can't see the appropriate code... I suggest you try to dump on each page the session ( var_dump($_SESSION) ) to see what is happening.

[Lizzard]

May 2nd, 2007, 9:38 am

Let me see if I can recreate it and get it on for you tomorrow(ish). I have since tried so many different things I am not sure which end is up.

[Lizzard]

May 8th, 2007, 6:52 am

Sorry that took so long. I have been given another project with a due date of this week. So this one is on the back burner until next week. But here was my cookie plant code that I couldn't get to work.

<?php
function _check_auth($_COOKIE)
{ if(isset($_POST['submit']));

elseif
($_GET["http://beta.homepage.php"]);

else
die ("You must accept the disclaimer terms before proceeding.");
}
?>