Cumulus Support

Posted: **Sat 26 May 2012 12:56 am**

Created a new thread so that I don't hijack Steve's thread which deals with how he is dealing with the EU rules. Don't want to splinter that as he has a real requirement and I am just playing around with ideas on this.

That being said, I have made a change to my "experiment".

Originally, I used code from http://cookiecuttr.com/ which uses a Jquery and Javascript solution to the issue. The problem I had with it, was that I still would have session ID's stored on the user and taking that out causes serious problems for the site.

So my next attempt was to remove all of that... and replace it with a simple PHP set of commands.

The first gets placed in the control php script (index.php) which is used by the site to direct the user to whatever page they have asked for. In it, it has a simple cookie check and if it doesn't find it it sends the user to a stripped down cookies.php script.

Index.php Redirect
The code in the index.php file is:

Code: Select all

if(!isset($_COOKIE['cc_cookie_accept'])) {
        header("Location: /cookies.php");
        exit;
}

Basically, it looks for if a cookie exists with the name cc_cookie_accept. IF it exists, the code flows through to the normal process and the user gets the normal website.

Cookies.php script
This script uses the basic format of the website, but is not flowing through the normal processing scripts. At the top of the script it checks to see if the cookie is set. If it is, it redirects the user to the real site.

Code: Select all

if(isset($_COOKIE['cc_cookie_accept'])) {
	header("Location: /");
	exit;
}

If that falls through, it then checks to see if the user has accepted (via a form) the use of cookies. This code, then sets a cookie and sends the user back to the same script (Where the above check would then send the user to the real site):

Code: Select all

if(isset($_GET['cookie'])) {
	if($_GET['cookie'] == "ACCEPTED") {
		setcookie("cc_cookie_accept","cc_cookie_accept",time()+60*60*24*364);
	}
	header("Location: /cookies.php");
	exit;	
}

If that falls through, the page displays the info about why, and presents the user with a form to accept or not accept the cookie. This code is basically just HTML...

Code: Select all

<center><form >
	Accept Cookies From this Site: <input type="radio" name="cookie" value="ACCEPTED" checked="checked" /> <br/>
	Decline Cookies: <input type="radio" name="cookie" value="decline"/><br/> <br/>
	<input type="submit" name"submit" value="Set Your Preference"/>
</form></center>

When the user hits the Submit button, the choice is sent to the same script which is processed by the code at the top of this post.

If the user doesn't accept cookies, they never get to the real site. No cookies, no site.

Missing from this at the moment is a check for robots which you really wouldn't want trapped by this. Need to come up with a simple common method to identify them. Looking into that now.

You can see this in action by going to http://cumulus.tnetweather.com
of course, if you have already accepted the cc_cookie_accept cookie, it won't do anything. So you would need to delete that cookie to see it work.

Note that this removes ALL of the jquery stuff that was put into the site originally. I just removed that now.

Posted: **Sat 26 May 2012 1:43 am**

For robots access... I looked at the list that logwatch produces and found that they include the word bot, spider and crawler.

So I added a section that if the permission cookie is missing AND the $_SERVER['HTTP_USER_AGENT'] includes either bot, spider or crawler in it, I let them pass.

Looking at the logs, it appears to be working...

Posted: **Sat 26 May 2012 8:34 am**

Kevin, will you be 'sharing' the PHP code for the script (the one you use on your test site) so some of us could try the code to get more familiar with its operation ... even if we do not have such a restrictive law imposed on us...

Posted: **Sat 26 May 2012 12:37 pm**

I set up a project page for it last night.

EU Cookies Permission Script

While I planned on working on integrating a mailing list into my server configs this weekend, I plan on working first on an example simple cookies.php script like what I use without all the crap that is in mine now. I kinda threw stuff in mine from the main website so the static CSS it uses is pretty dreadful and the coding of the message is not much better. Looks okay to the user, but not something I would want to release.

I will also find some common injection points for some software like SMF, possibly PHPBB (though I don't have one any more), Tracs and whatever else I find without spending too much time on it.

I've noted that on some websites, it was reported that the ICO in the UK reversed itself on how the law was to be interpreted which may change things for sites in the UK at least. But that would not affect the rest of the EU site. ref: http://www.guardian.co.uk/technology/20 ... ed-consent

Posted: **Sat 26 May 2012 4:25 pm**

I created a script which is now on my project page.

EU Cookies Permission Script

Implementing into SMF forums was trivial. Not sure about phpBB... I'm pretty sure there is a central configuration file which is called for every page, but I am not familar where that is located (been many many moons since I used phpBB... I'm a SMF kinda guy).

Posted: **Sat 26 May 2012 6:50 pm**

TNETWeather wrote:Not sure about phpBB... I'm pretty sure there is a central configuration file which is called for every page, but I am not familar where that is located (been many many moons since I used phpBB... I'm a SMF kinda guy).

I loaded a phpBB forum to see how it worked.

I placed the hook code into the config.php script right after the <?php tag and before the section that said Do not change anything in this file!...

Code: Select all

<?php
if(!isset($_COOKIE['permission_cookie'])) {
    $okay =0;

    // No... lets see if this is a spider/crawler or bot
    if (isset($_SERVER['HTTP_USER_AGENT'])) {
        if (strpos(strtolower($_SERVER['HTTP_USER_AGENT']),"bot" ) !==FALSE ||
            strpos(strtolower($_SERVER['HTTP_USER_AGENT']),"spider" ) !==FALSE ||
            strpos(strtolower($_SERVER['HTTP_USER_AGENT']),"crawler" ) !==FALSE) {
            // YES Lest set Okay
            $okay= 1;
        }
    }
    // Not a bot, so we send them to our cookie permission page
    if(!$okay) {
        header("Location: /cookies.php");
        exit;
    }
}
// phpBB 3.0.x auto-generated configuration file
// Do not change anything in this file!
$dbms = 'mysqli';
$dbhost = 'localhost';
$dbport = '';
.
.
.

Cumulus Support

EU Cookie Experimentation

EU Cookie Experimentation

Re: EU Cookie Experimentation

Re: EU Cookie Experimentation

Re: EU Cookie Experimentation

Re: EU Cookie Experimentation

Re: EU Cookie Experimentation