Jump to content

Recommended Posts

I have found an age verification code on the web. I would like to know if someone will help me to say what exact happens in the code? I'm kind a newbie to this and would like to know how it all works before I use it.

Here comes the code.

 

verify.php (page that will serve as the yes / no to the user)

<?php
session_start();

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['YES'])) {
$redirect = isset($_GET['return']) ? urldecode($_GET['return']) : './';
$expire = isset($_GET['x']) && is_numeric($_GET['x']) ? intval($_GET['x']) : -1;
if ($expire == - 1) {
$_SESSION['verified'] = "yes";
header("location: " . $redirect);
exit(0);
}

if ($expire == 0) {
setcookie("verified", "yes", mktime(0, 0, 0, 01, 01, date("Y") + 30));
$_SESSION['verified'] = "yes";
header("location: " . $redirect);
exit(0);
}

setcookie("verified", "yes", (time() + $expire));
$_SESSION['verified'] = "yes";
header("location: " . $redirect);
exit(0);
}
else {
header("location: http://www.youtube.com/watch?v=gppbrYIcR80");
exit(0);
}
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>
Alcohol Age Verification Example Page
</title>
<link href="style.css" type="text/css" rel="stylesheet" />
</head>
<body>
<form action="" method="POST">
<p id="textVerify">
PLEASE VERIFY THAT YOU ARE OVER AGE 21 BEFORE ENTERING THIS SITE
</p>
<input name="NO" id="no" type="Submit" value="NO - Leave" />
<input name="YES" id="yes" type="Submit" value="Yes - Enter" />
</form>
</body>
</html>

add to existing pages (at the top of each .html or .php page in your site,)

<?php

function verified(){
$redirect_url = 'http://www.YOURSITEROOT.com/verify.php';
$expires = - 1;
session_start();
$validated = false;

if (!empty($_COOKIE["verified"])) {
$validated = true;
}

if (!$validated && isset($_SESSION['verified'])) {
$validated = true;
}

if (is_numeric($expires) && $expires == - 1 && !isset($_SESSION['verified'])) {
$validated = false;
}

if ($validated) {
return;
}
else {
$redirect_url = $redirect_url . "?return=" . $_SERVER['REQUEST_URI'] . "&x=" . $expires;
Header('Location: ' . $redirect_url);
exit(0);
}
}

verified();
?>
Link to comment
https://forums.phpfreaks.com/topic/278899-help-to-explanation-the-script/
Share on other sites


// use sessions
session_start();

// if the form was submitted
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// if they clicked the YES button
if (isset($_POST['YES'])) {
// this script supports a ?return= in the URL for where to return the user
// default of whatever the current "directory" is (like /foo/verify.php -> /foo)
$redirect = isset($_GET['return']) ? urldecode($_GET['return']) : './';
// also supports a custom expiration time (in seconds)
// default of "only during this session"
$expire = isset($_GET['x']) && is_numeric($_GET['x']) ? intval($_GET['x']) : -1;

// only lasts during this session
if ($expire == - 1) {
$_SESSION['verified'] = "yes";
header("location: " . $redirect);
exit(0);
}

// cookie that doesn't expire for a long time
if ($expire == 0) {
setcookie("verified", "yes", mktime(0, 0, 0, 01, 01, date("Y") + 30));
$_SESSION['verified'] = "yes";
header("location: " . $redirect);
exit(0);
}

// otherwise a regular expiration time
setcookie("verified", "yes", (time() + $expire));
$_SESSION['verified'] = "yes";
header("location: " . $redirect);
exit(0);
}

// clicked NO
else {
header("location: http://www.youtube.com/watch?v=gppbrYIcR80");
exit(0);
}
}

?>
...


// checks that the user has verified themselves already
function verified(){
$redirect_url = 'http://www.YOURSITEROOT.com/verify.php';
$expires = - 1;
session_start();
$validated = false;

// different cases to check for...

if (!empty($_COOKIE["verified"])) {
$validated = true;
}

if (!$validated && isset($_SESSION['verified'])) {
$validated = true;
}

if (is_numeric($expires) && $expires == - 1 && !isset($_SESSION['verified'])) {
$validated = false;
}

if ($validated) {
return;
}
else {
$redirect_url = $redirect_url . "?return=" . $_SERVER['REQUEST_URI'] . "&x=" . $expires;
Header('Location: ' . $redirect_url);
exit(0);
}
}

verified();
?>
Code's a little amateurish, a little buggy, and could definitely benefit from formatting and indentation.

Thank you, really useful! (:

But I have a few more questions i: (:

The variable $redircet. I don't understand what ?urldecode ($ _GET ['return']): '. /' exactly do?

Also i don't understand the variable $expire what it exactly do? What do you mean by "supports a custom expiration time"? And i don't understand ($ _GET ['x']), what is x? And is_numeric, and the rest of the variable?

And what do ($ expire == -1) and if ($ expire == 0)?

And how long is mktime (0, 0, 0, 01, 01, date ("Y") + 30));?
And why is cookie set twice? And what do you mean by "regular expiration time"?

And at the function verified script.
What do $ expires = - 1;?
And why after the session_start (); are $ validated = false;?
And at the different cases to check if cookie for verified is there, can you just delete the others and keep one of them?

Regarding $redirect:

 

If there is a variable named "return" in the URL,

http://www.example.com/myscript.php?return=http%3A%2F%2Fwww.example.com%2Flanding.php

(note that the %3A and %2F symbols are url-endoded values of ':' and '/' respectively) then the url-decoded value of that variable will be used as the location to which the user will be redirected; in the case above this would be

http://www.example.com/landing.php

If there is no "return" variable in the url, then they would be redirected to the root of the site, i.e.,

http://www.example.com

The ?: operator is called the ternary operator.

 

It seems like you need to read a PHP tutorial from the start; a lot of your questions seem pretty basic. People have to stop just cutting and pasting code they find and not understanding it; I applaud you for looking for answers on how it works, but much of what you ask would be covered by basic tutorials. Better to go read there and learn rather than expect contant hand-holding.

Edited by boompa

Also i don't understand the variable $expire what it exactly do? What do you mean by "supports a custom expiration time"? And i don't understand ($ _GET ['x']), what is x? And is_numeric, and the rest of the variable?

Take a look at the code: it uses is_numeric and intval. Even just guessing at what those functions do based on their names, they show $expire is supposed to be a number.

If it's used then it gets added to time. That's the current number of seconds since a point in the past, so the number being added to it must also be in seconds.

 

And what do ($ expire == -1) and if ($ expire == 0)?

Since those two values get special treatment they have special meanings besides the general case. The code for -1 involves $_SESSION so that special case is to store the verification in the session (which typically only lasts as long as the browser is open). The code for 0 involves creating an expiration point in the future that's 30 years ahead so that special case is to store the validation, for all intents and purposes, indefinitely.

 

And how long is mktime (0, 0, 0, 01, 01, date ("Y") + 30));?

Check the manual for what mktime() does.

 

And why is cookie set twice? And what do you mean by "regular expiration time"?

It's not. It is set two different ways in two different places, but it is not set twice.

 

And at the function verified script.

What do $ expires = - 1;?

Presumably a default value for $expires. Seems like you're supposed to change it to suit how and when you want the validation to expire.

 

And why after the session_start (); are $ validated = false;?

Doesn't matter. You might as well ask why $redirect_url is set before $expires.

 

And at the different cases to check if cookie for verified is there, can you just delete the others and keep one of them?

If you want to allow "remembering" the validation in only one particular way then sure.

 

 

Like boompa said you need to learn PHP and programming in general. If you keep up your strategy of copy and pasting things you find on the Internet then you're gonna have a bad time.

Edited by requinix
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.