CODEWITHSUNDEEP
phpcookies
Cameron
Cameron

Reputation: 28803

PHP create cookie and only show website if cookie exists

I want to protect a website from being accessed until a user has agreed to something. The basic idea is that at the top of each page it will check if the cookie exists if not then exit and include a php page that contains the message and two buttons one which will create the cookie and the other simply moving them off the site e.g. google.com

EDIT:

This is what I ended up with:

The warning include would look something like this:

 <?php

function pageURL() {
    $pageURL = 'http';
     if ($_SERVER["HTTPS"] == "on") {
        $pageURL .= "s";
    }
     $pageURL .= "://";
     if ($_SERVER["SERVER_PORT"] != "80") {
          $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
     } 
    else {
          $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
     }
 return $pageURL;
}

$pageRedirect = pageURL();

    if (
        isset($_POST['agree_button']) && ($_POST['agree_button'] == 'I agree')
    ) {
        setcookie('agreed', 'true');
        header("Location:$pageRedirect",303);
    }
?>


<form action="<?php echo pageURL(); ?>" method="post">
    <p>INSERT MESSAGE HERE (User must agree)</p>
    <input type="submit" value="I agree" name="agree_button" />
    <input type="button" value="I disagree" />
</form>

and the at the top of pages something like this:

<?php

    if(!isset($_COOKIE['agreed']) || ($_COOKIE['agreed'] != 'true'))
    {
        include('warning.php'); exit;
    }

?>

Upvotes: 2

Views: 8351

Answers (4)

Sergey Eremin
Sergey Eremin

Reputation: 11080

i would do it client-side...

<script src="js/jquery.cookie.js" type="text/javascript"></script>
<form>
    <p>INSERT MESSAGE HERE (User must agree)</p>
    <input type="submit" value="I agree" onclick="$.cookie('agreed', 'true'); location.href='/'" />
    <input type="button" value="I disagree" />
</form>

and the check would be...

if (
    !isset($_COOKIE['agreed'])||
    ($_COOKIE['agreed'] != 'true')
) {
    include('warning.php');
    exit;
}

if you want to set the cookie on server side, you need to...

<?php
    if (
        isset($_POST['agree_button'])&&
        ($_POST['agree_button'] == 'I agree')
    ) {
        setcookie('agreed', 'true');
        header('Location: /'); // redirect to main page
    }
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
    <p>INSERT MESSAGE HERE (User must agree)</p>
    <input type="submit" value="I agree" name="agree_button" />
    <input type="button" value="I disagree" />
</form>

see setcookie() man page

Upvotes: 3

symcbean
symcbean

Reputation: 48357

I'd go with something like:

<form>
    <p>INSERT MESSAGE HERE (User must agree)</p>
    <input type="submit" name="conditional_access_agree" value="I agree" />
    <input type="button" name="conditional_access_disagree" value="I disagree" />
</form>

Then

if(($_COOKIE['agreed'] != 'true')
    && ($_POST['conditional_access_agree'] != "I agree")) { 
    include('warning.php'); 
    exit; 
} elseif (($_COOKIE['agreed'] != 'true')
    && ($_POST['conditional_access_agree'] == "I agree")) {
    setcookie('agreed', 'true', time()+60*60*24*30, '/');
}

C.

Upvotes: 1

JAL
JAL

Reputation: 21563

Here's a server side method.

You have to reload the page after setting the cookie for it to take effect - hence the redirection using Location. This is a good practice for POST forms, anyway, to use HTTP 303 to avoid the 'Did you want to resubmit?' if the user reloads the page.

<?php 
  $redir=false;
  if($_POST['agreed']){ setcookie('allow','yes',time()+3600); $redir=true;}
  elseif($_POST['refused']) { setcookie('allow','no',time()+3600); $redir=true;}
  if($redir){ header("Location: thispage.php",303); }
?>


<form method='post' action='thispage.php'>
 <p>Do you agree to our voluminous and vast list of preconditions?</p>
 <input type="submit" name='agreed' value="I agree" />
 <input type="submit" name='refused' value="I disagree" />
</form>

<?php

 if($_COOKIE['allow']=='no'){ echo 'Not authorized'; exit; }
 elseif($_COOKIE['allow']=='yes'){ echo 'Welcome to my amazing site - thanks for bein$
 else{ echo 'Please read our terms and select your choice to continue'; exit; }

See PHP setcookie docs, and the cookie main section. Cookies are accessed thorugh the '$_COOKIE superglobal'.

Upvotes: 1

Centurion
Centurion

Reputation: 5291

Use Sessions instead Cookies, because cookies can be disabled by user. And Sessions are more secure than Cookies

to set session use:

session_start();
$_SESSION['session_exists'] = 1;

and to check use this:

if($_SESSION['session_exists'] != 1) { include('warning.php'); exit; }

If you have any problems let me know I'll edit.

Upvotes: 1

Related Questions