About the Plug-in This plug-in sets a cookie in a user’s browser with which you can tell whether or not they have been blocked from using your site.. It requires the following arguments:
Trang 1C h a p t e r 9 : M y S Q L , S e s s i o n s , a n d C o o k i e s 231
C h a p t e r 9 : M y S Q L , S e s s i o n s , a n d C o o k i e s 231
a session being opened with the PIPHP_OpenSession() plug-in, and then this plug-in, PIPHP_BlockUserByCookie(), being called to send a blocking cookie to the user’s browser About the Plug-in
This plug-in sets a cookie in a user’s browser with which you can tell whether or not they have been blocked from using your site It requires the following arguments:
• $action The action to take
• $handle The handle of the user to block
• $expire The number of seconds after which the cookie will expire
Variables, Arrays, and Functions PIPHP_ManageCookie() The plug-in for setting, reading, and deleting cookies How It Works
This function checks the value of the argument $action after converting it to lowercase If
it is block, then a special cookie is saved on the user’s web browser Because we don’t want
to alert the user to the fact that they have a blocking cookie, I chose to call it simply user To
make it even more innocuous, I give it the value of their handle (or username) so that, at a brief rummage through their cookies, most users will assume this is a simple username cookie for your web site The cookie is set to expire after $expire seconds, so you can choose how long to lock a user out for
If $action doesn’t have the value block, then the value of the cookie named user is
looked up If it has a value, then that is returned; otherwise, FALSE is returned Figure 9-11
shows the cookie user with the value troll23 as sent to a Firefox browser.
Note how the cookie’s details such as the Host, Path, and Expires fields are all available for the user to look up, hence the deviousness You can call up this window on Firefox versions prior to 3.5 using the Tools menu followed by Options | Privacy | Show Cookies
F IGURE 9-10 Some users can be pests, but this plug-in can help you block them.
Trang 2232 P l u g - i n P H P : 1 0 0 P o w e r S o l u t i o n s
232 P l u g - i n P H P : 1 0 0 P o w e r S o l u t i o n s
On Firefox 3.5 and later, you need to select Tools | Page Info | Security | View Cookies Other major browsers also allow you to view their cookies
How to Use It The beauty of this plug-in (as long as the user has cookies enabled, which most do) is that it doesn’t matter what handle (or username) you ban someone under, because the cookie will still work So even if they manage to sign up for another account, a quick call of this plug-in will still tell you whether the person has already been blocked What’s more, it will reveal to you the handle of the original account which got them blocked in the first place The only downside is that all users on the same computer account using the same web browser will be denied access
To use the plug-in, you will likely already have a PHP session running and will pass a few arguments to the plug-in taken from the session variables So here are some lines of example code to set up a session with which the plug-in can be tested:
$handle = "troll23";
$pass = "itroll4fun";
$name = "Ivor Bigun";
$email = "troll@underbridge.com";
$result = PIPHP_CreateSession($handle, $pass, $name, $email);
If you run this code and there are no errors, you should now have a session created with the various values assigned to session variables, so you can now simulate being a user to be blocked like this:
$result = PIPHP_BlockUserByCookie('block', $handle, 60*60*24*365);
F IGURE 9-11 The cookie “user” with the value “troll23” as sent to a Firefox browser
Trang 3C h a p t e r 9 : M y S Q L , S e s s i o n s , a n d C o o k i e s 233
C h a p t e r 9 : M y S Q L , S e s s i o n s , a n d C o o k i e s 233
This line of code will set the block cookie on the computer belonging to the owner of
$handle, which, in this case, will only expire after one year If you now use the following line of code in a new program (or after reloading the same one) to ensure the cookie has been passed back from the user’s web browser, you will see that the user has been blocked:
$result = PIPHP_BlockUserByCookie(NULL, $handle, NULL);
By passing a value of NULL instead of block as the first parameter, this tells the plug-in
to return either the value of the block cookie (which will be the user’s original handle), or the value FALSE if the user has not been blocked Thus, if $result is not FALSE, then the user has been blocked You can therefore use the value of $result like this:
if ($result) {
// User is blocked so place code here // to provide limited or zero functionality }
else { // User is not blocked so place code here // to provide full functionality
}
Rather than letting a user know they are blocked, I have found it a good idea not to tell
them, as they will then try everything in their power to circumvent the block Instead I tend
to resort to tactics such as blocking a user for an hour or a day and then unblocking and re-blocking them randomly And, in place of telling them about this, I will do things such
as continuing to display their own posts to the screen but not to any other user, so they will assume they are simply being ignored
They will never be able to work out exactly what is going on Sometimes their trolling will work; other times it won’t Eventually, in most cases the user will drift away from your site and find another one to bother Sneaky? Yes Effective? Also yes But now you have the means to deal with unwanted users, I leave it up to you to devise your own methods of blocking or banning them
By the way, when using this plug-in, make sure you have also copied PIPHP_
ManageCookie() into your program, or otherwise included it, as it is called by the code The Plug-in
function PIPHP_BlockUserByCookie($action, $handle, $expire) {
if (strtolower($action) == 'block') {
if ($_SESSION['handle'] != $handle) return FALSE;
else return PIPHP_manageCookie('set', 'user', $handle, $expire, '/');
}
return PIPHP_manageCookie('read', 'user', NULL, NULL, NULL);
}
Trang 4This page intentionally left blank
Trang 5CHAPTER 10
APIs, RSS, and XML