[SOLVED] need to restrict access to a page before first accepting terms & conditions by c

[walrus111]

Hi there. Does anyone know how I create a page that can't be accessed unless a checkbox has been checked stating that they have read the terms and conditions. I don't need any usernames , passwords, database etc so I thought it would be easy to find a tutorial somewhere but haven't had any luck. I really don't know much about PHP and was going to use javascript but that didn't help if javascript was disabled and also didn't stop people accessing the page directly. I guess I would need the user to be redirected back to the terms and conditions page if they hadn't been and agreed to the terms page first. Hope that is all the info someone needs to point me in the right direction for a tute or something. Any help much appreciated.

[zenag]

it will enable submit button only if check box is checked...
<form action=""><tr ><td><input  type="checkbox" id="agree" name="agree" value="yes"   onClick="javascript:if(this.checked) 
this.form.submit.disabled=false; else this.form.submit.disabled=true;">I have read and accept the terms and conditions</td></tr>

<tr><td align=center colspan=2><input type="submit" id="submit" name="submit" value="Create Account"  onClick="return check();" disabled></td></tr></form>

[walrus111]

Thanks Zenag. Great little piece of script. I am trying to avoid javascript in this case and also need to stop people accessing the topic page before thaey accept the terms and conditions. Any other suggestions?

[conker87]

Use a session.

 

<?php

if ($_SESSION['tac'] == true)
{ //true
}
else
{
//not accepted.
}

?>

[miracle_potential]

Use your PHP to set a session and add at the top of the page you want to restrict

 

<?
if(!isset($_SESSION['sessionname'])){
header("Location: www.url.com");
}
else{
session_start();
session_name("sessionname");
}
?>

 

Or something like that

[haku]

Sessions are an ok solution, but if the person has cookies turned off on their machine it wont work.

 

If you have no logins or anything like that, you can set it up this way not using sessions. First, you set up a form on the page with the terms and conditions. Include the checkbox in this form:

 

terms.php:

<form action="display_page.php" method="post">
<input type="checkbox" name="terms" />
<input type="submit" name="submit" />
</form>

 

Where display_page.php is the page that will have the information for which the person is agreeing to the terms and conditions.

 

Then, on display_page.php you set your code like this:

 

display_page.php

<?php
    if(!isset($_POST['terms'] || $_POST['terms'] != "checked" || $_SERVER['HTTP_REFERER'] != "terms.php")
    {
        header ("Location: terms.php");
    }
?>
// add your code here

 

This code has to be at the VERY top of your page, with no spaces or anything at all before it. If there is even a space before the opening php tag, it wont work.

 

What this does is check on the display page that the person has indeed come from the terms and conditions page, and that they have checked the box that says they agree to the terms and conditions. If they haven't, then it automatically forwards them to that page.

 

This will work in that there is no way to see the page without agreeing to the terms and conditions. But it wont keep any record of their having agreed to them, so even if someone were to break those terms and conditions, its possible that you may not have much legal recourse.

[walrus111]

Thanks Guys. Can't believe how much help you've all been. Will go and give it a shot.

[walrus111]

Thanks Haku and good advice about the legal recourse too. I guess another notice on the "display page" as a further warning won't help. When I tested your script live I get this error Parse error: syntax error, unexpected T_BOOLEAN_OR, expecting ',' or ')' in /public/www/website/testingpage.php on line 2. I have checked that it is placed exactly as you have said with no spaces. Any ideas? Do I need to change the 'HTTP_REFERER' part?

[conker87]

Just change

 

if(!isset($_POST['terms'] || $_POST['terms'] != "checked" || $_SERVER['HTTP_REFERER'] != "terms.php")

 

to

 

if(!isset($_POST['terms']) || $_POST['terms'] != "checked" || $_SERVER['HTTP_REFERER'] != "terms.php")

Was missing a ) here    ^

[haku]

Sorry about that. I typed it off the top of my head. Untested!

[walrus111]

Thanks again guys. Was looking great but discovered I can't access the page at all now. Stiil having a play around to make sure I haven't made any mistakes but can't find anything yet.

[haku]

1) what do you mean? It just keeps forwarding back to the first page?

2) Post your code from both pages

[walrus111]

Yeah, it just keeps forwarding back to the terms page named testingentrance.php??

 

testingentrance.php:

 

<head>

<title>Test</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<link href="styles/text.css" rel="stylesheet" type="text/css">

</head>

<body>

<p> </p>

<div align="center">

<p>

<p><form action="testingpage.php" method="post">

<input type="checkbox" name="terms" />

<input type="submit" name="submit" />

</form>

</div>

</body>

</html>

 

 

 

testingpage.php:

 

 

if(!isset($_POST['terms']) || $_POST['terms'] != "checked" || $_SERVER['HTTP_REFERER'] != "testingentrance.php")

{

header ("Location: testingentrance.php");

}

?>

<html>

<head>

<title>Test</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<link href="styles/text.css" rel="stylesheet" type="text/css">

</head>

<body>

<div align="center">

<p> </p>

<p><span class="text">Testing Page

</span>

</p>

</div>

</body>

</html>

 

[conker87]

Try:

 

<input type="checkbox" name="terms" value="checked" />

[walrus111]

Now when I check it and hit submit the check disappears. Still stays on the same page. Are those last 2 .php pages at the end of the php script supposed to both be testingentrance.php? Does the form need to have a name? My 2 cents worth lol

[haku]

Try this:

 

<input type="checkbox" name="terms" />
if(!isset($_POST['terms']) || $_POST['terms'] != "on" || $_SERVER['HTTP_REFERER'] != "testingentrance.php")

 

(split the two lines between the two pages.

 

I think the problem is the value of the checkbox when its posted. I couldn't remember if it was checked, it looks like its not. I think it may be 'on' then.

 

If the code I am posting doesnt work, try deleting the three things in the 'if' statement one at a time, until the page doesnt redirect back to the original page. Then come back here and tell us which statement it was that caused that.

[walrus111]

Thanks for persevering with this guys. I tried deleting each of the 3 things one at a time but no luck but then I wasn't too sure how to seperate them to keep them still functioning?? The checkbox should be unchecked to start with so I have given it a value as "checked" when ticked. Another weird thing is that my submit button reads "Submit Query" although I only have a label as "Submit"??? 

[walrus111]

Please ignore my last comment about the submit button.... 

[ohdang888]

sessions are stored on the server. they have no coordination with the computer settings. So they can't turn them off.

 

 

also, these days, pretty much everyone has cookies enabled. They were first seen as a security risk, but now most major web sites use them.

[haku]

And the session ID is stored as a cookie on the users machine. That session ID is sent with the headers to the server. If the user has cookies turned off, the cookie with the session ID isn't stored on the users computer, which means the ID isn't sent with the headers, which means that the server has no way of connecting the user with the session.

 

ALTHOUGH, there is a way around this - sending the session ID in the URL. But this isnt the most secure way.

 

A visitor accessing your web site is assigned a unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL.

php.net

 

also, these days, pretty much everyone has cookies enabled. They were first seen as a security risk, but now most major web sites use them.

 

While this is true, the fact that users can turn them off with a simple browser setting means that its not a reliable method. As such, its better to use a more reliable method if one exists.

[haku]

Ok, I tried and tested the code. Sorry, I didn't have time until now. The problem was that in the code I gave, I was testing the referring page against the page name only, instead of the absolute link. Anyways, here is the working code:

 

first_page.php

<form action="second_page.php" method="post">
<input type="checkbox" name="terms" value="agree" />
<input type="submit" name="submit" />
</form>

 

second_page.php

<?php
if(!isset($_POST['terms']) || $_POST['terms'] != "agree" || $_SERVER['HTTP_REFERER'] != "http://www.sitename.com/first_page.php")
{
	header ("Location: first_page.php");
}
?>

 

You will have to adjust the script by changing the following three values:

 

1) first_page.php - make this the page name of the first page. As long as they are in the same folder, you can use the page name only, and it can be any extension.

2) second_page.php - make this the name of the second page. Again, as long as they are in the same folder, you can just include the page name. This HAS to have a file extension of PHP (unless your server is configured to parce non-php files as php).

3) http://www.sitename.com/first_page.php - you have to change this to the absolute address of the first page. You must include the entire address including the http://

[ohdang888]

i don't use session id's

 

just use something like

 

$_SESSION['clicked'] = 'yes';

 

if($_SESSION['clciked'] == 'yes'){

display page

}

 

[walrus111]

Thanks for all your help Haku, Conker and everyone else. It's working great. Sorry to have taken up so much of your time.

[haku]

i don't use session id's. just use something like

 

$_SESSION['clicked'] = 'yes';

 

Not using session IDs is not something you have a choice on when you are using sessions. If you are using sessions, you are using session IDs. When you call session_start(), it creates a session ID whether you like it or not. And that session ID is stored on the users computer. You cant use sessions without calling session start, and as a result if you are using sessions you are also using session IDs.

[ohdang888]

oh, alright,

 

thanks!