Jump to content

Really easy, but...Assign a constant if a particular link on a page is clicked ?

OriginalMacBabe

By OriginalMacBabe
in PHP Coding Help

 Share

Recommended Posts

OriginalMacBabe Newbie

OriginalMacBabe

Posted
Posted

Sorry, but I've gone blind from trying to find the answer to what I know is a simple question.  ???

 

I want all visitors to my site to have to agree to enter from a front screening page by clicking a specific link (akin to how we agree to the terms of use for a forum.)  I want to assign a value=true to a constant when this is done.

 

I will then put a query at the top of every other page in the site to see if this variable is set.  If it is I want the page to continue to load.  If not, I will redirect them to the screening page.

 

I found the redirect <?php header ('Location: http://mysite.com/screening-page.php'); ?> and I can use the isset function.

 

How do I set the constant?

 

Thank you

 

OMB

 

Link to comment
Share on other sites
Wuhtzu Member

Wuhtzu

Posted
Posted

I was doing the exact same thing a year ago and it was impossible to find a solution anywhere, but eventually I got something which "worked".

 

Since the following:

 

http://mysite.com/screening-page.php?agreed=true

 

would be amusingly easy to bypass this isn't the solution. Some may say JavaScript, but it's client side and can easily be turned off. So I decided to use a <form>:

 

<?PHP
session_start();

if(isset($_POST['agree'])){
  $_SESSION['haveagreed'] = true;
  header("Location: mypage.php");
  exit;
}
else {
?>

<form action="screening-page.php" method="post">
  <input type="submit" name="agree" value="I agree, let me through to the site">
</form>

<?PHP
}
?>

This will kind of work, but if someone wants to enter your site without clicking the actual button he can just do this:

 

<form action="http://yoursite.com/screening-page.php" method="post">
<input type="submit" name="agree" value="I'm h4x0r">
</form>

 

Then your screening page will see that $_POST['agree'] is set and therefore set $_SESSION['haveagreed'] = true. So to make work 100% you have to find a way to establish if th user actually click _your_ button (came from your screening page). This could be done with $_SERVER['HTTP_REFERER'] which holds the address/url of the page which send you / referred you to where you are now. But since the http referer header is set by the user agent (browser) it can be manipulated or not set at all.

 

Back when I did this I thought I solved the problem by adding some random numbers to a hidden field and check if those where set ect., but I just realized that the method doesn't work ;) If I come up with something more than "just to use a form" I'll let you know :)

 

 

 

 

 

Link to comment
Share on other sites
OriginalMacBabe Newbie

OriginalMacBabe

Posted
  • Author
Posted

Ok, no wonder I was having trouble finding it then, I really thought I was losing it.  Why is it that things that seem so logically simple often turn out to be "impossible"?

 

I am not so concerned about people bypassing the system ... if someone wants to look at my pages that badly, they can.  I would, however, like to make sure that they have at least seen the screening page.  Even if they don't actually click the "agree" button, at least I know that they have seen it, so any attempt they make to circumvent the system and still enter will be the equivalent of having clicked the "accept" button ~ this is an issue of informed consent; it would be hard to argue that they didn't know where they were going if they went to the trouble of deliberately foiling the system.

 

I'm sure there will be some shmo whose life is filled with the joy of hacking through others' intentions, but I honestly believe that most people would rather just click the button than go to the trouble of circumventing the process.

 

I'll give what you suggest a try ~ I think I understand it.

 

I hadn't thought of using session information.  Is there a way to just check if the screen page has been loaded in a session?  If so, this will suffice.  Then I could just check to see if that variable is true or if the refere page is some other page in the site, either of which will be sufficient to have the next desired page load??

 

Thank you

 

OMB

Link to comment
Share on other sites
AndyB Regular Member

AndyB

Posted
Posted

How about on every page you check that a particular session value is true:

 

<?php
session_start();
if ($_SESSION['agreed']!="yes") {
    header('Location: index.php');
}
... rest of every page

 

On the opening page, set a session variable and have the 'agree' form.  Process the form to check for both 'yes, I agree' AND the session variable you set on the opening page. That prevents someone just copying the html form as a way in.  If your session var is set AND 'yes, I agree' is true then set $_SESSION['agreed'] to "yes".

Link to comment
Share on other sites
Wuhtzu Member

Wuhtzu

Posted
Posted

You almost have to use session in order to verify that the user have done something, e.g. logged in or clicked "I agree", each time he/she/it changes page.

 

Do something like the following:

 

screening-page.php:

<?PHP
session_start();

if( something ) {
  $_SESSION['agreed'] = true;
}
else {
.........
?>

 

 

anyotherpage.php:

<?PHP
start_session();

if($_SESSION['agreed' != true){
  do something when the user haven't agreed
}
else{
  show the page
}
?>

 

That's pretty much a simple login system... set a session variable on some condition (e.g. a successful login or click on a button) and then check if that session variable have a certain value on other pages :)

 

A feature which you could add to your system is the ability to remember what page the user requested. A user/visitor could click a link somewhere http://yoursite.com/somepage.php?id=2 but since he/she haven't view the screening-page, haven't agreed and haven't got the session variable set, he/she will be redirected to screening-page.php and then he/she has to navigate back to the link he/she clicked... annoying.

 

<?PHP
session_start();
$_SESSION['REQUEST_URI'] = $_SERVER['REQUEST_URI'];
?>

 

The above code should be used on top of every page you have. It will remember the URI/URL the user requested and then in case he/she is later redirected to the screening-page.php you will have that URI/URL stored in a session ready to use when he/she is redirected back to the page:

 

screening-page.php

<?PHP
session_start();

if(isset($_POST['agree'])){
  $_SESSION['haveagreed'] = true;
  if(isset($_SESSION['REQUEST_URI'])){
    header("Location: " . $_SESSION['REQUEST_URI']);
    exit;
  }
  else{
    header("Location: index.php");
    exit;
  }
}
else {
  view the agreement...

 

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.