Customizing SMF > SMF Coding Discussion

[WIP/BETA] EU cookie law

<< < (2/50) > >>

CircleDock:

--- Quote from: emanuele on April 22, 2012, 04:53:31 AM ---My point is not that the portal is setting the session, my point is that I cannot see the cookie on your site...unless I enable javascript, so it means it's a script.

Here it is the script that is setting the session:

--- Code: ---http://liveinthephilippinesforum.com/forum/sachat/index.php?action=head&amp;theme=default
--- End code ---

--- End quote ---

Ah! Thank you!!

I'm attaching that particular file and assume that the cookie is being set in line 20:

--- Code: --- define('SMF', 1);

// Experimental Optimizer
define('loadOpt', 1);

        session_start(); // <--- line 20
session_cache_limiter('nocache');

// Lets go head and load the settings here.
require_once(str_replace('//','/',dirname(__FILE__).'/').'../Settings.php');

// Load SMF's compatibility file for unsupported functions.
if (@version_compare(PHP_VERSION, '5') == -1) {
require_once($sourcedir . '/Subs-Compat.php');
}


--- End code ---
As the chat facility isn't available for guests anyway, in your opinion would the following work?

--- Code: --- define('SMF', 1);

// Experimental Optimizer
define('loadOpt', 1);

// Lets go head and load the settings here.
require_once(str_replace('//','/',dirname(__FILE__).'/').'../Settings.php');

// Load SMF's compatibility file for unsupported functions.
if (@version_compare(PHP_VERSION, '5') == -1) {
require_once($sourcedir . '/Subs-Compat.php');

require_once($sourcedir . '/Subs-EclWarning.php');
        if (!ecl_authorized_cookies())
                 return;
        session_start();
session_cache_limiter('nocache');


--- End code ---

Or, perhaps it would be better to put:

--- Code: --- define('SMF', 1);

// Experimental Optimizer
define('loadOpt', 1);

// Lets go head and load the settings here.
require_once(str_replace('//','/',dirname(__FILE__).'/').'../Settings.php');

// Load SMF's compatibility file for unsupported functions.
if (@version_compare(PHP_VERSION, '5') == -1) {
require_once($sourcedir . '/Subs-Compat.php');

require_once($sourcedir . '/Subs-EclWarning.php');
        if (ecl_authorized_cookies())
             session_start();

--- End code ---

allow most of the rest of the code to execute and just before it tests to see if the Mod is disabled, put:

--- Code: ---        $modSettings['2sichat_disable'] = !ecl_authorized_cookies();

if ($modSettings['2sichat_disable']) {
die();
}
if ($modSettings['2sichat_load_chk']) {
doLoadCHK();
}

--- End code ---

I'm a "dabbler" rather than a coder, so would welcome any help you can provide :)

Mark

emanuele:
I would go a bit further (but that depends on how the chat is working) and not even echo the <script> tag if the user is not allowed to use the chat...
It should be in index.template.php...the exact implementation depends.

CircleDock:
This is what's necessary in the case of SA-Chat. SA-Chat's index.php file will require the following edit:

Search for:
--- Code: --- define('SMF', 1);

// Experimental Optimizer
define('loadOpt', 1);

     session_start();
session_cache_limiter('nocache');

// Lets go head and load the settings here.
require_once(str_replace('//','/',dirname(__FILE__).'/').'../Settings.php');

// Load SMF's compatibility file for unsupported functions.
if (@version_compare(PHP_VERSION, '5') == -1) {
require_once($sourcedir . '/Subs-Compat.php');
}

--- End code ---

Replace with:
--- Code: ---//
// SA-Chat - index.php - Modified to prevent cookies being set when they haven't been
// expressly permitted by the user. Based on Emanuele's EU Cookie Law modification.
//
define('SMF', 1);

// Experimental Optimizer
define('loadOpt', 1);


// Lets go head and load the settings here.
require_once(str_replace('//','/',dirname(__FILE__).'/').'../Settings.php');

// Load SMF's compatibility file for unsupported functions.
if (@version_compare(PHP_VERSION, '5') == -1) {
require_once($sourcedir . '/Subs-Compat.php');
}
    //
    // Load Emanuele's 'EU Cookie-checker Modification.
    require_once($sourcedir . '/Subs-EclWarning.php');
   
    // If the user hasn't accepted cookies, get out! We can not go ahead and load SA-Chat
    // because set_session() sets cookies and so potentially does SA-Chat's javascript.
    if (!ecl_authorized_cookies())
        die();
   
    // Okay, cookies can be set so continue.   
    session_start();
session_cache_limiter('nocache');

--- End code ---

It should be noted that the above will prevent SA-Chat from loading and invoking session_start() which causes a cookie to be set. It is necessary to stop SA-Chat from loading because its Javascript also has the potential of setting cookies.

For the sake of completeness, here's the modification necessary to prevent Google Analytics from setting all its cookies:

In subs.php

Search for:

--- Code: ---function ob_google_analytics($buffer)
{
    global $modSettings, $boardurl;


--- End code ---

Replace with:

--- Code: ---function ob_google_analytics($buffer)
{
    global $modSettings, $boardurl;

    if (!ecl_authorized_cookies())
         return;

--- End code ---

As far as I am concerned, Emanuele's Mod coupled with the above change means that no cookies whatsoever are set until the visitor clicks on the "Accept" link. This means my sites now comply fully with the EU Directive and with UK law.

Thank you very much indeed Emanuele for providing this modification!


Mark

CircleDock:
There is one change that needs to be made to the ecl_authorized_cookies() function in Subs-EclWarning.php:

Search for:
--- Code: ---elseif (isset($_COOKIE['ecl_auth']) || isset($_COOKIE[$cookiename]))
        $storeCookies = true;
    elseif (isset($_GET['cookieaccept']))
    {
        setcookie('ecl_auth', 1, 0, '/');
        $storeCookies = true;
    } else
        $storeCookies = false;

--- End code ---

Replace with:
--- Code: ---// Temporary code until May 26. On that date, remove this code and re-enable the commented-out section
// below.
//------------------------------------------>
elseif (isset($_COOKIE['ecl_auth']))
        $storeCookies = true;
    elseif (isset($_GET['cookieaccept']))
    {
        setcookie('ecl_auth', 1, time()+60*60*24*30, '/'); // Set cookie to expire in 30 days
        $storeCookies = true;
    } else
        $storeCookies = false;
//<------------------------------------------
// Code to be re-enabled on May 26
//
//elseif (isset($_COOKIE['ecl_auth']) || isset($_COOKIE[$cookiename]))
//        $storeCookies = true;
//    elseif (isset($_GET['cookieaccept']))
//    {
//        setcookie('ecl_auth', 1, 0, '/');
//        $storeCookies = true;
//    } else
//        $storeCookies = false;
//<-------------------------------------------

--- End code ---

The reason for that is that someone who is already a member of your site won't necessarily know that you're setting cookies - or indeed their purpose. The law requires everyone to "opt-in" as of May 26 regardless of whether or not they have visited the site previously.

Fortunately Emanuele sets a cookie when assent is given but as written the cookie lasts for the current session only and will (or should) be removed when the browser is closed.

With this change, a visitor need only accept once and regardless or not if they become a member, they shouldn't be asked to accept cookies again.

However this change is only necessary until May 26 after which it should be changed back to the original code.

aljo1985:
Hey emanuele,

Could you modify the code so that the cookie agreement only has to be accepted once. As there is no requirement for them to have to keep accepting on every visit.

I know you set the cookie to say its accepted, but would it not be best to store this value in the database?

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version