Cookie detecting and redirecting script wanted

He has: 57 posts

Joined: Dec 2004

I have built a website for my brother that requires visitors to "Accept" the terms and conditions (one time only) before entry to the site is allowed. However, people can still access the site without having to "Accept" these terms if they happen to be sent a url from a friend that does not direct them straight to the index.html file.

I am looking for a cookie script that will check for this required cookie on EVERY page of the site and when it fails to locate it visitors are directed to the index.html file where they will be required to accept the terms and conditions first.

I am also wondering if there is a possibility that I can alter the current cookie script to do this and then just paste it into all pages in the site.

Here's the current script below...... it was written by someone else and so I've kept their information intact. Also on the following webpage they have stated that altering or modifying this script is permitted.

http://javascript.internet.com/cookies/cookie-redirect.html

<script language="javascript" type="text/javascript">

2) ? argv[2] : null;
var path = (argc > 3) ? argv[3] : null;
var domain = (argc > 4) ? argv[4] : null;
var secure = (argc > 5) ? argv[5] : false;
document.cookie = name + "=" + escape (value) +
((expires == null) ? "" : ("; expires=" + expires.toGMTString())) +
((path == null) ? "" : ("; path=" + path)) +
((domain == null) ? "" : ("; domain=" + domain)) +
((secure == true) ? "; secure" : "");
}
function DeleteCookie (name) {
var exp = new Date();
exp.setTime (exp.getTime() - 1);
var cval = GetCookie (name);
document.cookie = name + "=" + cval + "; expires=" + exp.toGMTString();
}

var favorite = GetCookie('yes');

if (favorite != null) {
switch (favorite) {
case 'yes' : url = 'homepage.html'; // change these!
break;
}
window.location.href = url;
}
// End -->
</script>

Any help or advice would be very much appreciated. Thanks in advance.

netman w00t's picture

He has: 9 posts

Joined: Jan 2005

Do you have the option of using server-side scripting like PHP? This task would me much easier accomplished that way.

Using client-side scripting for this can be easily defeated, either intentionally or unintentionally, and server-side scripting also has the advantage of being much more transparent.

For example, a simple setup could be as follows:
[in the .htaccess for your web root]

RewriteEngine on
RewriteRule !^index.php /index.php [L]
'
[in index.php]
<?php
    $default_file
= \"index.html\"; // this file will be returned when the user requests directories

    session_start();

    if(
$_POST['agree_button'] == \"agree\")
    {
       
$_SESSION['user_agrees'] = true;
        header(\"Location: /\");
    }

    if(!
$_SESSION['user_agrees'])
    {
       
<html>
...
<form action=\"test.php\" method=\"post\">
<input type=\"submit\" name=\"agree_button\" value=\"agree\" />
</form>
...
</html>
        exit;
    }

    list(
$file) = explode(\"?\",$_SERVER['REQUEST_URI']);
    if(ereg(\"/$\",
$file))
       
$file .= $default_file;
    if(empty(
$file))
       
$file = $default_file;

    if(!
$fd = @fopen($_SERVER['DOCUMENT_ROOT'].$file,\"rb\"))
    {
       
<html>
<head><title>Error</title></head>
<body><h1>Error</h1><b>Couldn't access the requested file</b></body>
</html>

    } else {
        while(
$buf = fread($fd,1024))
            print(
$buf);
    }
?>

This assumes a couple of things:
1) You're using Apache (who doesn't nowadays?)
2) You can use .htaccess files (most can)
3) You have mod_rewrite loaded (this is rather common)
4) You can use PHP.

If you can meet those assumptions, then the above script is pretty easy to use. Just put it in your web root, and each and every request will be checked to see if the user has agreed to your terms or whatever. If the user hasn't accepted the terms, it displays some html (modify it to your needs) containing a form which it processes. If the user has accepted the terms, it fetches the required file, and if this is impossible, it prints an error message (customize this as well). The user never sees the script's presence again after they've agreed (at least until their PHP session cookie gets deleted) and passing on a url will not defeat it either.

The only downsides to using this are the fact that PHP must be invoked on every request, incurring a slight overhead, and the fact that regular Apache errordocuments can't be used, but neither of these are a major issue IMO.

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.