Hello

I'm hoping someone can help me as I've been trying to figure out how to do this for days now...

Basically I have a financial services related website that requires users to accept a disclaimer before they can browse our site. At the moment you can bypass this disclaimer by typing the url of the page you want to view straight into the browser.

To overcome this I have been told to use sessions, but I don't want to use cookies and someone told me to use PHP. I don't even know where to start!! I have been researching this on the Internet but I am getting really confused now. Do I have to put some code on the disclaimer page, or on every page?

And we have checkboxes at the monent so people can choose to accept/decline our disclaimer, so if accept is checked then they need to be forwarded to a welcome page, and if the decline they need to go back to the index.

Also, my site is edited in Front Page - can I still use PHP? Sorry if that's a totally stupid question!

I really hope that somebody can make sense of this post!! I would be so grateful for any help.

Thanks for reading!

Hi,

On your disclaimer page you could create some kind of encrypted session variable. On the pages after that, these pages would expect the session variable to be passed to itself:

$encryptid= $_GET['eid'];

If the variable is not passed to the page (i.e. the user has just typed in the absolute URL into the browser) then the page would redirect them to the disclaimer page.

Give that a try.
K

Hello,

Thanks very much for your reply, Kbc1. However...I don't even know where to start! How do I create an encrypted session variable? I am totally new to all this so everything I read is going over my head! What do I put in the code on the disclaimer to show that when accept box is ticked, it should redirect to another page.

Thanks!

Hello Roger,

Thanks for your reply. I was told not to use cookies by my manager, as if a user had cookies disabled then they wouldn't be able to access the site - is that not right? Excuse my ignorance, I'm still learning!

Yes that is right, if your pages were going to check for the cookie then it would need to be set. The link I gave to JavaScript Kit has a tutorial on using js to check if cookies are enabled, and to change it if they are not. Trouble with that is that user can disable javascript as well.

The .htaccess is probably the most reliable solution in the long-run, just checks if user has clicked a link on a page in your domain to get to the target page and so blocks both bookmarks and direct URL typing.

The number of people who a) would know about http_referer and b) use an 'agent' (script) that could morph it is so limited that it is not worth worrying about. Basically, they would be people who are 'stealing' your content and they are probably going to be knowlegeable enough to bypass almost anything you do anyway.

Ok, thanks for that. I'm going to look into the .htaccess thing. By they way, the link to the tutorial doesn't work!

Thanks again!

Yep, JavaScript Kit is offline for some reason: hopefully it will be back soon cos it's my current favourite js site, and the best place I know for .htaccess tutes and examples.

Try The Site Wizard 's tutorial instead. I know it just says stop image bandwidth theft, but the thing also works for any file type be it html,php,asp, etc.

Back again...!

I'm still having trouble with this - I have tried to use the .htaccess file but when I upload it to my server I get this message:

IISPassword
The page cannot be displayed

There is a problem with the page youare trying to reach and it cannot be displayed. It is most likely that configuration files for this url are corrupted.

Please try the following:

Click the Refresh button, or try again later.
Open the home page, and then look for links to the information you want.
If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the home page.
HTTP Error 500
IISPassword for Internet Information Services

I really can't see where I am going wrong! Any ideas?

Thanks

IIS, oh dear. I'm afraid that piece of junk does not use .htaccess. You have to use something called the IIS Permissions Wizard :queasy: .

As it says on MSDN

SUMMARY
This step-by-step article describes how to use the Permissions Wizard to create or edit a template and then apply the template to a folder. Apache uses .htaccess files and Directory directives in the main Httpd.conf configuration file. You can easily copy these files and directives around your site to set the same values across multiple folders. There is no equivalent in Internet Information Services (IIS). However, the IIS Permissions Wizard in the Windows 2000 Resource Kit can create templates that you can apply these templates to different folders. You can use this method to emulate the .htaccess functionality for multiple folders.

I've not idea if you can emulate the http-referrer directive though.

would it not just be possible to have a form on the disclaimer page, as well as some $_SESSION variable? Have a radio button that must be selected when the disclaimer has been read - then a submit button so the user can proceed?

and then on the page that it is being posted to - check the value of the $SESSION var and also the value of the radio button? - and if the $SESSION var isn't set to the value you set it to on the form page, and the radio button isn't the correct option to continue, just redirect (using header: or similar) to the disclaimer page? otherwise let them proceed........

S

Hi im quite new to PHP so i am not 100% sure how accurate this information maybe as i dont have the experience that half th eguys have on here but i try to help nevertheless

Yes you can use a session var and use a function which redirects all users to disclaimer page and thne once yes is clicked then the session variable called disclaimer would be true then they can view the rest of the site

Ok the below function ask if the session variable disclaimer is set and if it is not then send user to disclaimer.php scuse the example page as i dont know what your disclaimer page is called so change to whatever is necessary if you add this to your functions page then in every page write this

<?php notloggedin(); ?>

Whatever page has this will check for the disclaimer session var and if it is not present then it will send the user back to disclaimer 

Below is the function for it add  to your functions page.

[code=php]<?php  function disclaimer(){
if (!isset($_SESSION['disclaimer'])){
header ('Location: disclaimer.php');
}
}
?>	

if you set a session var named disclaimer then only make it happen after yes is clicked on the disclaimer then each page will contain your disclaimer var and enable the user to browse the site.

<?php if(isset($_POST['yes'])){
                    $_SESSION['disclaimer']== "true"}     

?>

Also in each page as well as having disclaimer() in your page you will need session_start(); * NOTE session_start(); must be at the very top of yoru page with no whitespaces or anything befoore it *below is how yoru code should look

<?php
session_start();
disclaimer();
?>

well i hope this helps you out a bit and im not 100% sure if it works and due to my experience i cannot guarantee that this is 100% correct but anyways good luck and hope it works for you

Regards Pinkmischief

P.S Let me know how you get on plz

Hello Pinkmischief!

Thanks very much for your response - I'm going to give that a go and I'll let you know how I get on!

Michelle

Further to Pink's post, I would put the whole set/test disclaimer function, including session_start() in 1 file that you include() at the top of every page that needs protection.

I think I should mention that putting in some kind of auto-disclaimer will completely prevent your site from being used by user agents which don't support the features needed for it to work.

Therefore, if you rely on cookies or Javascript, non-cookies and non-Javascript UAs will find it impossible to view your site.

This includes web robots / spiders - which will probably cause your pages to lose ranking or be de-listed from search engines.

Moreover, if you use a query string, robots will simply follow the query string and go to the pages with the query string. Humans will then be able to follow the links from a search engine and access the pages without seeing the disclaimer.

Mark