The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.
|
 |
|
Dev Shed Forums
> Programming Languages
> PHP Development
|
Ensuring cookies are enabled and preventing false positives
Discuss Ensuring cookies are enabled and preventing false positives in the PHP Development forum on Dev Shed.
Ensuring cookies are enabled and preventing false positives PHP Development forum discussing coding practices, tips on PHP, and other PHP-related topics. PHP is an open source scripting language that has taken the web development industry by storm.
|
|
 |
|
|
|
|
Dev Shed Forums Sponsor:
|
|
|
November 26th, 2012, 12:39 PM
|
|
|
|
Ensuring cookies are enabled and preventing false positives
I am using the followings script to ensure that cookies are enabled. If enabled is false, then displayForm() will display a warning message.
My difficulty is should the user inadvertantly included _c in their URL, it would incorrectly appear to the server that this is the second pass and cookies are not enabled.
How can this be changed? Thanks
PHP Code:
if(empty($_COOKIE) && !isset($_GET['_c']))
{
syslog(LOG_INFO,'$_GET[_c] not received so set cookie.');
setcookie('remember_user', 1, time()+3600);
header('Location:'.$_SERVER['REQUEST_URI'].((strpos($_SERVER['REQUEST_URI'],'?') === false)?'?':'&').'_c=1');
}
else
{
$enabled=!empty($_COOKIE);
syslog(LOG_INFO,'$_GET[remember_user] received and cookie '.(($enabled)?NULL:'not ').'received.');
//rememberUser() will be true if user previously indicated that he wanted to be remembered
if($enabled && rememberUser()){header('Location: '.$_SERVER['REQUEST_URI']);}
else {displayForm($enabled);}
}
|
November 26th, 2012, 12:42 PM
|
|
|
|
Right after I posted this message, I thought "time"!
|
November 26th, 2012, 09:23 PM
|
|
|
This is what I ended up doing. Any comments would be appreciated.
PHP Code:
$time=time();
$url = preg_replace('/[?&]_c=.*$/', '', $_SERVER['REQUEST_URI']);
if(empty($_COOKIE) && !( isset($_GET['_c']) && (($time-$_GET['_c'])<2) ) )
{
syslog(LOG_INFO,'A recent (2 second or less) $_GET[_c] not received so set cookie.');
setcookie('remember_user', 1, time()+3600);
header('Location:'.$url.((strpos($url,'?') === false)?'?':'&').'_c='.$time);
}
else
{
$enabled=!empty($_COOKIE);
syslog(LOG_INFO,'$_GET[remember_user] received and cookie '.(($enabled)?NULL:'not ').'received.');
if($enabled && rememberUser()){header('Location: '.$url);}
else {displayForm($enabled);}
}
|
November 26th, 2012, 11:51 PM
|
 |
Contributing User
|
|
Join Date: Sep 2002
Location: Seattle, U.S.A.
Posts: 712
Time spent in forums: 4 Days 11 h 4 m 59 sec
Reputation Power: 11
|
|
|
Do you have to pass the cookie check through the URL? Could you POST it or use a session?
|
November 27th, 2012, 02:23 AM
|
 |
Still alive
|
|
Join Date: Mar 2007
Location: Washington, USA
|
|
Quote: | Originally Posted by msteudel or use a session? |
That'd require cookies to work 
|
Developer Shed Advertisers and Affiliates
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
 Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
