Jump to content

HELP to explanation the script

Sho6tyBby

By Sho6tyBby
in PHP Coding Help

 Share

Recommended Posts

Sho6tyBby Newbie

Sho6tyBby

Posted
Posted

I have found an age verification code on the web. I would like to know if someone will help me to say what exact happens in the code? I'm kind a newbie to this and would like to know how it all works before I use it.

Here comes the code.

 

verify.php (page that will serve as the yes / no to the user)

<?php
session_start();

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['YES'])) {
$redirect = isset($_GET['return']) ? urldecode($_GET['return']) : './';
$expire = isset($_GET['x']) && is_numeric($_GET['x']) ? intval($_GET['x']) : -1;
if ($expire == - 1) {
$_SESSION['verified'] = "yes";
header("location: " . $redirect);
exit(0);
}

if ($expire == 0) {
setcookie("verified", "yes", mktime(0, 0, 0, 01, 01, date("Y") + 30));
$_SESSION['verified'] = "yes";
header("location: " . $redirect);
exit(0);
}

setcookie("verified", "yes", (time() + $expire));
$_SESSION['verified'] = "yes";
header("location: " . $redirect);
exit(0);
}
else {
header("location: http://www.youtube.com/watch?v=gppbrYIcR80");
exit(0);
}
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>
Alcohol Age Verification Example Page
</title>
<link href="style.css" type="text/css" rel="stylesheet" />
</head>
<body>
<form action="" method="POST">
<p id="textVerify">
PLEASE VERIFY THAT YOU ARE OVER AGE 21 BEFORE ENTERING THIS SITE
</p>
<input name="NO" id="no" type="Submit" value="NO - Leave" />
<input name="YES" id="yes" type="Submit" value="Yes - Enter" />
</form>
</body>
</html>

add to existing pages (at the top of each .html or .php page in your site,)

<?php

function verified(){
$redirect_url = 'http://www.YOURSITEROOT.com/verify.php';
$expires = - 1;
session_start();
$validated = false;

if (!empty($_COOKIE["verified"])) {
$validated = true;
}

if (!$validated && isset($_SESSION['verified'])) {
$validated = true;
}

if (is_numeric($expires) && $expires == - 1 && !isset($_SESSION['verified'])) {
$validated = false;
}

if ($validated) {
return;
}
else {
$redirect_url = $redirect_url . "?return=" . $_SERVER['REQUEST_URI'] . "&x=" . $expires;
Header('Location: ' . $redirect_url);
exit(0);
}
}

verified();
?>
Link to comment
Share on other sites
requinix Prolific Member

requinix

Posted
Posted 


// use sessions

session_start();


// if the form was submitted

if ($_SERVER['REQUEST_METHOD'] == 'POST') {

// if they clicked the YES button

if (isset($_POST['YES'])) {

// this script supports a ?return= in the URL for where to return the user

// default of whatever the current "directory" is (like /foo/verify.php -> /foo)

$redirect = isset($_GET['return']) ? urldecode($_GET['return']) : './';

// also supports a custom expiration time (in seconds)

// default of "only during this session"

$expire = isset($_GET['x']) && is_numeric($_GET['x']) ? intval($_GET['x']) : -1;


// only lasts during this session

if ($expire == - 1) {

$_SESSION['verified'] = "yes";

header("location: " . $redirect);

exit(0);

}


// cookie that doesn't expire for a long time

if ($expire == 0) {

setcookie("verified", "yes", mktime(0, 0, 0, 01, 01, date("Y") + 30));

$_SESSION['verified'] = "yes";

header("location: " . $redirect);

exit(0);

}


// otherwise a regular expiration time

setcookie("verified", "yes", (time() + $expire));

$_SESSION['verified'] = "yes";

header("location: " . $redirect);

exit(0);

}


// clicked NO

else {

header("location: http://www.youtube.com/watch?v=gppbrYIcR80");

exit(0);

}

}


?>

...



// checks that the user has verified themselves already

function verified(){

$redirect_url = 'http://www.YOURSITEROOT.com/verify.php';

$expires = - 1;

session_start();

$validated = false;


// different cases to check for...


if (!empty($_COOKIE["verified"])) {

$validated = true;

}


if (!$validated && isset($_SESSION['verified'])) {

$validated = true;

}


if (is_numeric($expires) && $expires == - 1 && !isset($_SESSION['verified'])) {

$validated = false;

}


if ($validated) {

return;

}

else {

$redirect_url = $redirect_url . "?return=" . $_SERVER['REQUEST_URI'] . "&x=" . $expires;

Header('Location: ' . $redirect_url);

exit(0);

}

}


verified();

?>
Code's a little amateurish, a little buggy, and could definitely benefit from formatting and indentation.
Link to comment
Share on other sites
Sho6tyBby Newbie

Sho6tyBby

Posted
  • Author
Posted

Thank you, really useful! (:

But I have a few more questions i: (:

The variable $redircet. I don't understand what ?urldecode ($ _GET ['return']): '. /' exactly do?

Also i don't understand the variable $expire what it exactly do? What do you mean by "supports a custom expiration time"? And i don't understand ($ _GET ['x']), what is x? And is_numeric, and the rest of the variable?

And what do ($ expire == -1) and if ($ expire == 0)?

And how long is mktime (0, 0, 0, 01, 01, date ("Y") + 30));?
And why is cookie set twice? And what do you mean by "regular expiration time"?

And at the function verified script.
What do $ expires = - 1;?
And why after the session_start (); are $ validated = false;?
And at the different cases to check if cookie for verified is there, can you just delete the others and keep one of them?

Link to comment
Share on other sites
boompa Newbie

boompa

Posted
Posted (edited)

Regarding $redirect:

 

If there is a variable named "return" in the URL,

http://www.example.com/myscript.php?return=http%3A%2F%2Fwww.example.com%2Flanding.php

(note that the %3A and %2F symbols are url-endoded values of ':' and '/' respectively) then the url-decoded value of that variable will be used as the location to which the user will be redirected; in the case above this would be

http://www.example.com/landing.php

If there is no "return" variable in the url, then they would be redirected to the root of the site, i.e.,

http://www.example.com

The ?: operator is called the ternary operator.

 

It seems like you need to read a PHP tutorial from the start; a lot of your questions seem pretty basic. People have to stop just cutting and pasting code they find and not understanding it; I applaud you for looking for answers on how it works, but much of what you ask would be covered by basic tutorials. Better to go read there and learn rather than expect contant hand-holding.

Edited by boompa
Link to comment
Share on other sites
requinix Prolific Member

requinix

Posted
Posted (edited)

Also i don't understand the variable $expire what it exactly do? What do you mean by "supports a custom expiration time"? And i don't understand ($ _GET ['x']), what is x? And is_numeric, and the rest of the variable?

Take a look at the code: it uses is_numeric and intval. Even just guessing at what those functions do based on their names, they show $expire is supposed to be a number.

If it's used then it gets added to time. That's the current number of seconds since a point in the past, so the number being added to it must also be in seconds.

 

And what do ($ expire == -1) and if ($ expire == 0)?

Since those two values get special treatment they have special meanings besides the general case. The code for -1 involves $_SESSION so that special case is to store the verification in the session (which typically only lasts as long as the browser is open). The code for 0 involves creating an expiration point in the future that's 30 years ahead so that special case is to store the validation, for all intents and purposes, indefinitely.

 

And how long is mktime (0, 0, 0, 01, 01, date ("Y") + 30));?

Check the manual for what mktime() does.

 

And why is cookie set twice? And what do you mean by "regular expiration time"?

It's not. It is set two different ways in two different places, but it is not set twice.

 

And at the function verified script.

What do $ expires = - 1;?

Presumably a default value for $expires. Seems like you're supposed to change it to suit how and when you want the validation to expire.

 

And why after the session_start (); are $ validated = false;?

Doesn't matter. You might as well ask why $redirect_url is set before $expires.

 

And at the different cases to check if cookie for verified is there, can you just delete the others and keep one of them?

If you want to allow "remembering" the validation in only one particular way then sure.

 

 

Like boompa said you need to learn PHP and programming in general. If you keep up your strategy of copy and pasting things you find on the Internet then you're gonna have a bad time.

Edited by requinix
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.