C h a p t e r 9 : M y S Q L , S e s s i o n s , a n d C o o k i e s 231 C h a p t e r 9 : M y S Q L , S e s s i o n s , a n d C o o k i e s 231 a session being opened with the PIPHP_OpenSession() plug-in, and then this plug-in, PIPHP_BlockUserByCookie(), being called to send a blocking cookie to the user’s browser. About the Plug-in This plug-in sets a cookie in a user’s browser with which you can tell whether or not they have been blocked from using your site. It requires the following arguments: • $action The action to take • $handle The handle of the user to block • $expire The number of seconds after which the cookie will expire Variables, Arrays, and Functions PIPHP_ManageCookie() The plug-in for setting, reading, and deleting cookies How It Works This function checks the value of the argument $action after converting it to lowercase. If it is block, then a special cookie is saved on the user’s web browser. Because we don’t want to alert the user to the fact that they have a blocking cookie, I chose to call it simply user. To make it even more innocuous, I give it the value of their handle (or username) so that, at a brief rummage through their cookies, most users will assume this is a simple username cookie for your web site. The cookie is set to expire after $expire seconds, so you can choose how long to lock a user out for. If $action doesn’t have the value block, then the value of the cookie named user is looked up. If it has a value, then that is returned; otherwise, FALSE is returned. Figure 9-11 shows the cookie user with the value troll23 as sent to a Firefox browser. Note how the cookie’s details such as the Host, Path, and Expires fields are all available for the user to look up, hence the deviousness. You can call up this window on Firefox versions prior to 3.5 using the Tools menu followed by Options | Privacy | Show Cookies. FIGURE 9-10 Some users can be pests, but this plug-in can help you block them. 232 P l u g - i n P H P : 1 0 0 P o w e r S o l u t i o n s 232 P l u g - i n P H P : 1 0 0 P o w e r S o l u t i o n s On Firefox 3.5 and later, you need to select Tools | Page Info | Security | View Cookies. Other major browsers also allow you to view their cookies. How to Use It The beauty of this plug-in (as long as the user has cookies enabled, which most do) is that it doesn’t matter what handle (or username) you ban someone under, because the cookie will still work. So even if they manage to sign up for another account, a quick call of this plug-in will still tell you whether the person has already been blocked. What’s more, it will reveal to you the handle of the original account which got them blocked in the first place. The only downside is that all users on the same computer account using the same web browser will be denied access. To use the plug-in, you will likely already have a PHP session running and will pass a few arguments to the plug-in taken from the session variables. So here are some lines of example code to set up a session with which the plug-in can be tested: $handle = "troll23"; $pass = "itroll4fun"; $name = "Ivor Bigun"; $email = "troll@underbridge.com"; $result = PIPHP_CreateSession($handle, $pass, $name, $email); If you run this code and there are no errors, you should now have a session created with the various values assigned to session variables, so you can now simulate being a user to be blocked like this: $result = PIPHP_BlockUserByCookie('block', $handle, 60*60*24*365); FIGURE 9-11 The cookie “user” with the value “troll23” as sent to a Firefox browser C h a p t e r 9 : M y S Q L , S e s s i o n s , a n d C o o k i e s 233 C h a p t e r 9 : M y S Q L , S e s s i o n s , a n d C o o k i e s 233 This line of code will set the block cookie on the computer belonging to the owner of $handle, which, in this case, will only expire after one year. If you now use the following line of code in a new program (or after reloading the same one) to ensure the cookie has been passed back from the user’s web browser, you will see that the user has been blocked: $result = PIPHP_BlockUserByCookie(NULL, $handle, NULL); By passing a value of NULL instead of block as the first parameter, this tells the plug-in to return either the value of the block cookie (which will be the user’s original handle), or the value FALSE if the user has not been blocked. Thus, if $result is not FALSE, then the user has been blocked. You can therefore use the value of $result like this: if ($result) { // User is blocked so place code here // to provide limited or zero functionality } else { // User is not blocked so place code here // to provide full functionality } Rather than letting a user know they are blocked, I have found it a good idea not to tell them, as they will then try everything in their power to circumvent the block. Instead I tend to resort to tactics such as blocking a user for an hour or a day and then unblocking and re-blocking them randomly. And, in place of telling them about this, I will do things such as continuing to display their own posts to the screen but not to any other user, so they will assume they are simply being ignored. They will never be able to work out exactly what is going on. Sometimes their trolling will work; other times it won’t. Eventually, in most cases the user will drift away from your site and find another one to bother. Sneaky? Yes. Effective? Also yes. But now you have the means to deal with unwanted users, I leave it up to you to devise your own methods of blocking or banning them. By the way, when using this plug-in, make sure you have also copied PIPHP_ ManageCookie() into your program, or otherwise included it, as it is called by the code. The Plug-in function PIPHP_BlockUserByCookie($action, $handle, $expire) { if (strtolower($action) == 'block') { if ($_SESSION['handle'] != $handle) return FALSE; else return PIPHP_manageCookie('set', 'user', $handle, $expire, '/'); } return PIPHP_manageCookie('read', 'user', NULL, NULL, NULL); } This page intentionally left blank CHAPTER 10 APIs, RSS, and XML . being opened with the PIPHP_OpenSession() plug- in, and then this plug- in, PIPHP_BlockUserByCookie(), being called to send a blocking cookie to the user’s browser. About the Plug- in This plug- in. way, when using this plug- in, make sure you have also copied PIPHP_ ManageCookie() into your program, or otherwise included it, as it is called by the code. The Plug- in function PIPHP_BlockUserByCookie($action,. tactics such as blocking a user for an hour or a day and then unblocking and re-blocking them randomly. And, in place of telling them about this, I will do things such as continuing to display their