Using cookies to enforce a Terms Of Service agreement
Greetings everyone,
I run a website and forum that contains information that is not secret but could easily be misused. I have a nice, thorough TOS agreement and code of conduct which people must agree to when registering for the forum, but I'm looking for a way to make everyone--including non-registered/forum users--read, or at least agree to, the TOS when visiting the site. Here is what I'm looking to do:
When a person visits the site, the site searches for a cookie. If the cookie is found and has not expired, the visitor is allowed to view and browse the page without interruption. However, if the cookie has been deleted or has expired, a user agreement page pops up and prompts the user to click "I agree" or "I decline." Upon agreeing, a new cookie is given to the user and the user is sent on to the requested page on the site.
I would like this action to occur when any page on my site is requested, not just on the main page. The idea here is to ensure that everyone, even unregistered forum users, are forced to agree to the TOS/COC, such as a random person who follows a link to my site from a search engine or another webpage.
I have considered forcing registration to view the site, and not just the forums, but the site is public and I wish to keep it that way.
And for what it's worth, the site isn't about anything illegal or anything like that. But the focus is a subject of political debate and I don't want to inadvertantly put anyone off by mentioning it.
Anyway, I'm not a programmer or even a professional webmaster, so any tips, instructions and code would be extremely appreciated!
I thank you all very much for your time and consideration!
Rincewind posted this at 03:30 — 23rd October 2005.
They have: 11 posts
Joined: Jan 2004
Setting and checking for the cookie or session is a relativly simple thing to do. However, you didn't mension what language you want the instructions for? PHP, ASP, javascript, other...
In php you could do something like this. On all that pages of the site, start with this code at the very top of the file before anything else:
<?php$tos = $_COOKIE['tos'];
if(!isset($tos)){
//user has no cookie so send them to the TOS.
header ('Location:http://www.example.com/tos_page.php');
}
?>
On the tos page put this code
<?phpsetcookie(\"tos\", \"seen\");
?>
You can add an expiry time if you want but this one will close when the user closes the browser. So each visit they are reminded of the tos. You might prefer to only set the cookie when they actually click the "agree" button or something. Again this is simple but you would use javascript for the setting rather than php.
One problem you may encounter, is that a small number of people don't have cookies enabaled and you would effetivly block them form your site. But I supose your forum is already dependant on cookies for it's login system so your probably not going to worry about that much.
Q-4.net - Reseller web hosting programs
Stylegallery.co.uk - Scottish Landscape Photography Gallery
Splodgy.com - Web design tutorials
magicalsecret.com - How to do magic tricks.
Recoil posted this at 07:38 — 23rd October 2005.
They have: 3 posts
Joined: Oct 2005
Rincewind,
Thank you very much for your reply!
I apologize for not being more specific as to which language; you guessed PHP correctly, and I did indeed forsee needing to use JavaScript for the "I Agree/I Decline" selection. As previously with the cookie code though, I have little clue how to go about that either.
Anyway, I have implemented the code you gave and it does indeed send me to the TOS when I arrive at the site. Thanks! However, the TOS is all I can view. I experimented by adding the code to index.php for my forum. When I attempt to go to the index after I'm directed to the TOS, I am returned promptly back to the TOS. Am I missing something?
I set an expiration time by adding time()+60*60*24*30.
Yeah, as I mentioned above, that's exactly what I'm looking for. As I also mentioned above, I've not a clue how to write that code. Any suggestions there? Or perhaps a website I can copy some code from?
That is correct. I'm using phpBB for the forum and thus am not concerned about my users not having cookies enabled.
For the website however, that might be a problem for that afformentioned small number of people. Is there a way to direct those whose browsers don't accept cookies to a page on the site explaining the situation and why they can't continue without accepting said cookies?
Again, I really appreciate your help! Have a good day!
Rincewind posted this at 23:48 — 23rd October 2005.
They have: 11 posts
Joined: Jan 2004
The form button and javascript is again just an titsy bitsy few lines of code to set the cookie.
<script language="JavaScript" type="text/JavaScript"><!--
function setcookiescript() {
document.cookie = "tos=seen";
return true;
}
//-->
</script>
Your form might look something like this
<form action="Untitled-5.php" method="get">
<textarea name="tos" cols="30" rows="10">Your Terms and conditions </textarea>
<input name="Submit" type="submit" onClick="setcookiescript()" value="I do Agree">
</form>
WRT your page sending you repeatedly back to the tos page. Check that your cookie is being set by looking for the cookie in your browsers temp files (in FF do "tools - options - privacy" then expand "cookies" and click on "view cookies". If that's working then check the value is being passed by commenting out the headers line and put an echo "$tos"; to see that the cookie is be read properly. I have tested the code above and it does work for me, though I'm not complicating it with a forum scipt. Try it on some blank pages first.
Q-4.net - Reseller web hosting programs
Stylegallery.co.uk - Scottish Landscape Photography Gallery
Splodgy.com - Web design tutorials
magicalsecret.com - How to do magic tricks.
Recoil posted this at 01:03 — 24th October 2005.
They have: 3 posts
Joined: Oct 2005
Rincewind,
Thanks again so much for your reply! I've got a couple more dumb questions for you:
1) Where do both of these JavaScripts go?
2) What is "Untitled-5.php" supposed to be? My TOS page, or perhaps a form script, or...?
3) Are these two snippets of code to be used in conjunction with the PHP you gave me earlier?
I apologize for my ignorance here, I honestly do. I know this is a relatively simple problem and my questions are pretty dumb, so I'm sorry for annoying you. I'm trying to learn this as I go, but the necessity that brings me here bars me the luxury of time to hack it out on my own. See, one of my users was threatened with a libel suit. He didn't commit libel at all since he backed his statements up with facts and clearly said that other than the facts he presented, the post was his opinion. Anyway, the threat opened my eyes a bit, so I'm trying to get this new policy in place ASAP, hence the near urgency.
So again, I sincerely apologize for all my questions. I'm a mere civil servant, not a programmer.
Thanks again for your time!
Rincewind posted this at 02:33 — 25th October 2005.
They have: 11 posts
Joined: Jan 2004
Only one is a javascript. The second code is just a forum that calls the javascript.
Put the first bit of code anywhere in your html. It's customary to put javascript like this into the head section of the page (somewhere after and before ) but that just being tidy.
Untitled-5.php is just the name of the file I used when testing the code. If your case you would substitue the url of your forum's index page.
The javascript replaces the php for the tos page. You still require the first bit of php I posted to do the checks on the other pages and the redirect if such is needed.
Again, test on blank pages firt to understand the operation of these scripts before adding to your forum. Ather the script progressivly. Get the basics working, make a single modification. Test again. Make another mod. Test again. It's slow but it works.
Q-4.net - Reseller web hosting programs
Stylegallery.co.uk - Scottish Landscape Photography Gallery
Splodgy.com - Web design tutorials
magicalsecret.com - How to do magic tricks.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.