#1
  1. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Sep 2006
    Posts
    2,112
    Rep Power
    537

    Ensuring cookies are enabled and preventing false positives


    I am using the followings script to ensure that cookies are enabled. If enabled is false, then displayForm() will display a warning message.

    My difficulty is should the user inadvertantly included _c in their URL, it would incorrectly appear to the server that this is the second pass and cookies are not enabled.

    How can this be changed? Thanks

    PHP Code:
    if(empty($_COOKIE) && !isset($_GET['_c']))
    {
        
    syslog(LOG_INFO,'$_GET[_c] not received so set cookie.');
        
    setcookie('remember_user'1time()+3600);
        
    header('Location:'.$_SERVER['REQUEST_URI'].((strpos($_SERVER['REQUEST_URI'],'?') === false)?'?':'&').'_c=1');
    }
    else
    {
        
    $enabled=!empty($_COOKIE);
        
    syslog(LOG_INFO,'$_GET[remember_user] received and cookie '.(($enabled)?NULL:'not ').'received.');
        
    //rememberUser() will be true if user previously indicated that he wanted to be remembered
        
    if($enabled && rememberUser()){header('Location: '.$_SERVER['REQUEST_URI']);}
        else {
    displayForm($enabled);}

  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Sep 2006
    Posts
    2,112
    Rep Power
    537
    Right after I posted this message, I thought "time"!
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Sep 2006
    Posts
    2,112
    Rep Power
    537
    This is what I ended up doing. Any comments would be appreciated.

    PHP Code:
    $time=time();
    $url preg_replace('/[?&]_c=.*$/'''$_SERVER['REQUEST_URI']);
    if(empty(
    $_COOKIE) && !( isset($_GET['_c']) && (($time-$_GET['_c'])<2) ) )
    {
        
    syslog(LOG_INFO,'A recent (2 second or less) $_GET[_c] not received so set cookie.');
        
    setcookie('remember_user'1time()+3600);
        
    header('Location:'.$url.((strpos($url,'?') === false)?'?':'&').'_c='.$time);
    }
    else
    {
        
    $enabled=!empty($_COOKIE);
        
    syslog(LOG_INFO,'$_GET[remember_user] received and cookie '.(($enabled)?NULL:'not ').'received.');
        if(
    $enabled && rememberUser()){header('Location: '.$url);}
        else {
    displayForm($enabled);}

  6. #4
  7. Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Sep 2002
    Location
    Seattle, U.S.A.
    Posts
    715
    Rep Power
    15
    Do you have to pass the cookie check through the URL? Could you POST it or use a session?
  8. #5
  9. Dark Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    15,598
    Rep Power
    9568
    Originally Posted by msteudel
    or use a session?
    That'd require cookies to work

IMN logo majestic logo threadwatch logo seochat tools logo