Plug in PHP 100 POWER SOLUTIONS- P54 ppsx
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (341.63 KB, 5 trang )
C h a p t e r 9 : M y S Q L , S e s s i o n s , a n d C o o k i e s
231
C h a p t e r 9 : M y S Q L , S e s s i o n s , a n d C o o k i e s
231
a session being opened with the PIPHP_OpenSession() plug-in, and then this plug-in,
PIPHP_BlockUserByCookie(), being called to send a blocking cookie to the user’s browser.
About the Plug-in
This plug-in sets a cookie in a user’s browser with which you can tell whether or not they
have been blocked from using your site. It requires the following arguments:
• $action The action to take
• $handle The handle of the user to block
• $expire The number of seconds after which the cookie will expire
Variables, Arrays, and Functions
PIPHP_ManageCookie()
The plug-in for setting, reading, and deleting cookies
How It Works
This function checks the value of the argument $action after converting it to lowercase. If
it is block, then a special cookie is saved on the user’s web browser. Because we don’t want
to alert the user to the fact that they have a blocking cookie, I chose to call it simply user. To
make it even more innocuous, I give it the value of their handle (or username) so that, at a
brief rummage through their cookies, most users will assume this is a simple username
cookie for your web site. The cookie is set to expire after $expire seconds, so you can
choose how long to lock a user out for.
If $action doesn’t have the value block, then the value of the cookie named user is
looked up. If it has a value, then that is returned; otherwise, FALSE is returned. Figure 9-11
shows the cookie user with the value troll23 as sent to a Firefox browser.
Note how the cookie’s details such as the Host, Path, and Expires fields are all available
for the user to look up, hence the deviousness. You can call up this window on Firefox
versions prior to 3.5 using the Tools menu followed by Options | Privacy | Show Cookies.
FIGURE 9-10 Some users can be pests, but this plug-in can help you block them.
232
P l u g - i n P H P : 1 0 0 P o w e r S o l u t i o n s
232
P l u g - i n P H P : 1 0 0 P o w e r S o l u t i o n s
On Firefox 3.5 and later, you need to select Tools | Page Info | Security | View Cookies.
Other major browsers also allow you to view their cookies.
How to Use It
The beauty of this plug-in (as long as the user has cookies enabled, which most do) is that it
doesn’t matter what handle (or username) you ban someone under, because the cookie will still
work. So even if they manage to sign up for another account, a quick call of this plug-in will still
tell you whether the person has already been blocked. What’s more, it will reveal to you the
handle of the original account which got them blocked in the first place. The only downside is
that all users on the same computer account using the same web browser will be denied access.
To use the plug-in, you will likely already have a PHP session running and will pass a
few arguments to the plug-in taken from the session variables. So here are some lines of
example code to set up a session with which the plug-in can be tested:
$handle = "troll23";
$pass = "itroll4fun";
$name = "Ivor Bigun";
$email = "";
$result = PIPHP_CreateSession($handle, $pass, $name, $email);
If you run this code and there are no errors, you should now have a session created with
the various values assigned to session variables, so you can now simulate being a user to be
blocked like this:
$result = PIPHP_BlockUserByCookie('block', $handle, 60*60*24*365);
FIGURE 9-11 The cookie “user” with the value “troll23” as sent to a Firefox browser
C h a p t e r 9 : M y S Q L , S e s s i o n s , a n d C o o k i e s
233
C h a p t e r 9 : M y S Q L , S e s s i o n s , a n d C o o k i e s
233
This line of code will set the block cookie on the computer belonging to the owner of
$handle, which, in this case, will only expire after one year. If you now use the following
line of code in a new program (or after reloading the same one) to ensure the cookie has
been passed back from the user’s web browser, you will see that the user has been blocked:
$result = PIPHP_BlockUserByCookie(NULL, $handle, NULL);
By passing a value of NULL instead of block as the first parameter, this tells the plug-in
to return either the value of the block cookie (which will be the user’s original handle), or
the value FALSE if the user has not been blocked. Thus, if $result is not FALSE, then the
user has been blocked. You can therefore use the value of $result like this:
if ($result)
{
// User is blocked so place code here
// to provide limited or zero functionality
}
else
{
// User is not blocked so place code here
// to provide full functionality
}
Rather than letting a user know they are blocked, I have found it a good idea not to tell
them, as they will then try everything in their power to circumvent the block. Instead I tend
to resort to tactics such as blocking a user for an hour or a day and then unblocking and
re-blocking them randomly. And, in place of telling them about this, I will do things such
as continuing to display their own posts to the screen but not to any other user, so they will
assume they are simply being ignored.
They will never be able to work out exactly what is going on. Sometimes their trolling
will work; other times it won’t. Eventually, in most cases the user will drift away from your
site and find another one to bother. Sneaky? Yes. Effective? Also yes. But now you have the
means to deal with unwanted users, I leave it up to you to devise your own methods of
blocking or banning them.
By the way, when using this plug-in, make sure you have also copied PIPHP_
ManageCookie() into your program, or otherwise included it, as it is called by the code.
The Plug-in
function PIPHP_BlockUserByCookie($action, $handle, $expire)
{
if (strtolower($action) == 'block')
{
if ($_SESSION['handle'] != $handle) return FALSE;
else return PIPHP_manageCookie('set', 'user', $handle,
$expire, '/');
}
return PIPHP_manageCookie('read', 'user', NULL, NULL, NULL);
}
This page intentionally left blank
CHAPTER 10
APIs, RSS, and XML
