Implementing Age Verification
Development and Programming
I’m building an EE site for a spirits company, and need to verify each visitors’ age before they can visit any pages on the site. Administrators are the only users who shouldn’t have to pass this test.
Is there a hook that EE runs before each request? After looking though the extension documentation, I didn’t see one - but maybe I’m missing something.
My plan is to set a session key like age_checked - and check the value of it on each request. And, if it is null or false, send them to the verification page. I could probably implement this outside of EE, but I would like to take the cleaner route if possible.
Moved to Development and Programming by Moderator
Hi nicholaswyoung, since you’re looking for a programming solution, I’m going to go ahead and change this to the Development and Programming forum for additional community support.
Nick, you could use the sessions_end extension hook, which fires on every pageload:
if ( ! $this->EE->input->cookie('age_checked'))
{
$this->EE->functions->redirect($this->EE->functions->create_url('site/check_age'));
}Thanks, Rob. Any advice on how I would parse the form that will contain age verification information?
Having custom forms usually means building a custom module: http://ellislab.com/expressionengine/user-guide/development/module_tutorial.html
If you’re coming from a CI background, a lot of module development should look familiar.
If you’re coming from a CI background, a lot of module development should look familiar.
I’m actually not familiar with CI, but I do know PHP quite well. Hopefully, I’ll be able to muddle through it. 😊
With regards to developing custom forms on the front end, I don’t see any documentation there. Am I missing it?
You’re right, there’s not much there on custom forms. And not much elsewhere in the docs.
Basically, what you need to do is:
1) Register your form “action” in the exp_actions table in your install() method in the upd.module.php file. There’s an example of this in the docs. This will be the method that your form posts to.
2) Create said action method in your mod.module.php file. This is where you’d have the logic for checking the age, and setting the cookie.
3) Create a method in your mod that builds the form.
It would take me far to long to go into further detail, so I propose checking out one of my free addons as an example: https://github.com/rsanchez/dynamo
One more thing you could do, and this is kind of a short cut, is instead of building a module, simply create a PHP enabled template that will serve as your form’s action controller, and have your form post to that url.
…I propose checking out one of my free addons as an example: https://github.com/rsanchez/dynamo
Awesome. I much prefer reading code anyway.
As this is my first serious visit to the EE world, I have to say the forums are awesome - but the documentation, which I assume is written mainly by EllisLab - sucks pretty hard. For a product as expensive as EE (which I have no problems paying for - I believe it is a great system) you would think the documentation would be much better.
Your help has been invaluable, Rob. Thanks for sharing your insight and code snippets… I think this last piece of information should get me going.
One more thing you could do, and this is kind of a short cut, is instead of building a module, simply create a PHP enabled template that will serve as your form’s action controller, and have your form post to that url.
Hmmm. This might be a nice solution. Is this method considered secure?
Over the course of many years working with EE, I have found that people’s opinion of the docs range from “these are the greatest docs known to mankind” to “I wouldn’t wipe my behind with these terrible docs”. All in the eye of the beholder, I suppose 😊
One more thing you could do, and this is kind of a short cut, is instead of building a module, simply create a PHP enabled template that will serve as your form’s action controller, and have your form post to that url.Hmmm. This might be a nice solution. Is this method considered secure?
It’s not inherently insecure. You don’t get the built in CSRF with this method, but it wouldn’t be terribly difficult to add it in yourself. That said, I don’t think the operation you’re performing here really needs to be all that secure.
It’s not inherently insecure. You don’t get the built in CSRF with this method, but it wouldn’t be terribly difficult to add it in yourself.
Got it. I’ll probably end up writing my first implementation as a PHP-enabled template, then, if the functionality warrants it, I’ll upgrade to a full-scale plugin.
The front-end for this site is done (yay!) and now, it’s time to work on the backend.
I’m struggling to understand the differences between modules and extensions… Can I:
- Parse forms in extensions?
- Call hooks in modules?
From what I understand, in order to parse the front-end form where the user submits their age, I need to use a module. But I can’t find any documentation on how to use hooks in modules (and that is necessary so I prevent anyone who hasn’t verified their age from visiting any page on the site).
Sounds like you’ll need both an extension and a module. They can both be stored in the same third_party package.