#1
  1. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Sep 2006
    Posts
    2,031
    Rep Power
    535

    Ensuring cookies are enabled and preventing false positives


    I am using the followings script to ensure that cookies are enabled. If enabled is false, then displayForm() will display a warning message.

    My difficulty is should the user inadvertantly included _c in their URL, it would incorrectly appear to the server that this is the second pass and cookies are not enabled.

    How can this be changed? Thanks

    PHP Code:
    if(empty($_COOKIE) && !isset($_GET['_c']))
    {
        
    syslog(LOG_INFO,'$_GET[_c] not received so set cookie.');
        
    setcookie('remember_user'1time()+3600);
        
    header('Location:'.$_SERVER['REQUEST_URI'].((strpos($_SERVER['REQUEST_URI'],'?') === false)?'?':'&').'_c=1');
    }
    else
    {
        
    $enabled=!empty($_COOKIE);
        
    syslog(LOG_INFO,'$_GET[remember_user] received and cookie '.(($enabled)?NULL:'not ').'received.');
        
    //rememberUser() will be true if user previously indicated that he wanted to be remembered
        
    if($enabled && rememberUser()){header('Location: '.$_SERVER['REQUEST_URI']);}
        else {
    displayForm($enabled);}

  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Sep 2006
    Posts
    2,031
    Rep Power
    535
    Right after I posted this message, I thought "time"!
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Sep 2006
    Posts
    2,031
    Rep Power
    535
    This is what I ended up doing. Any comments would be appreciated.

    PHP Code:
    $time=time();
    $url preg_replace('/[?&]_c=.*$/'''$_SERVER['REQUEST_URI']);
    if(empty(
    $_COOKIE) && !( isset($_GET['_c']) && (($time-$_GET['_c'])<2) ) )
    {
        
    syslog(LOG_INFO,'A recent (2 second or less) $_GET[_c] not received so set cookie.');
        
    setcookie('remember_user'1time()+3600);
        
    header('Location:'.$url.((strpos($url,'?') === false)?'?':'&').'_c='.$time);
    }
    else
    {
        
    $enabled=!empty($_COOKIE);
        
    syslog(LOG_INFO,'$_GET[remember_user] received and cookie '.(($enabled)?NULL:'not ').'received.');
        if(
    $enabled && rememberUser()){header('Location: '.$url);}
        else {
    displayForm($enabled);}

  6. #4
  7. Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Sep 2002
    Location
    Seattle, U.S.A.
    Posts
    712
    Rep Power
    13
    Do you have to pass the cookie check through the URL? Could you POST it or use a session?
  8. #5
  9. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,119
    Rep Power
    9398
    Originally Posted by msteudel
    or use a session?
    That'd require cookies to work

IMN logo majestic logo threadwatch logo seochat tools logo