add a complex decision making rule in php
hi
i have a quiz which is accessible via the code and user is logged in i have been facing one problem for a while now and i have tried few times to ressolve it but it always takes me to dead end i cant find a way to fix the problem.
problem
when user enter the code he is sent to the page where he must agree terms and condition once he agree T&C then this information is written to the database what i want to be able to do is basically allow user to skip T&C part if he has already accepted on previous occasions i cant use cookie to solve this problem because i am not talking about a limited time user can come back in couple of days and play again so it needs to be done on the backed.
i have a quiz which is accessible via the code and user is logged in i have been facing one problem for a while now and i have tried few times to ressolve it but it always takes me to dead end i cant find a way to fix the problem.
problem
when user enter the code he is sent to the page where he must agree terms and condition once he agree T&C then this information is written to the database what i want to be able to do is basically allow user to skip T&C part if he has already accepted on previous occasions i cant use cookie to solve this problem because i am not talking about a limited time user can come back in couple of days and play again so it needs to be done on the backed.
// code for the place where user enter the code
<form action="Trivia.php?menu=set" method="post">
<span> Welcome, <br>
Enter Code To Play . »
<br />
<input type="text" name="name_full" style="width:150" />
<br />
<input type="hidden" name="email_id" style="width:0" />
<input type="hidden" name="total_question" value= "10" style="width:0" />
<input type="hidden" name="time" value= "1" style="width:0" />
<input type="image" src="images/start.jpg" />
<input type="hidden" name="next_step" value="true" />
</form>
//terms and condition page which i want to stop when user play for the 2nd time
<script language="javascript">
<!--
function Submit(frm)
{
if(!frm.accepted.checked){
alert('Please check the terms and conditions box.\n\nThank you.');
}
return frm.accepted.checked;
}
//-->
</script>
<form action="Trivia.php?menu=start" method="post" onsubmit="return Submit(this);">
<tr>
<td width="30%" style="text-align:right"> </td>
<td width="70%"><input type="hidden" name="total_question" value= "10" style="width:50" /></td>
</tr>
<tr>
<td width="30%" style="text-align:right"> </td>
<td width="70%"><input type="hidden" name="time" value= "1" style="width:50" />
</td>
</tr>
<tr>
<td width="30%" style="text-align:right"> </td>
<label>
I have read and accepts the terms & conditions: <input type="checkbox" name="accepted" value="1" />
</label>
</td>
</tr>
<input type="hidden" name="full_name" id="full_name" value="<?php echo $_SESSION['full_name']; ?>" /></td>
<tr><td></td><td><input type="image" src="images/start.jpg" />
<input type="hidden" name="next_step" value="true" />
</td></tr>
</table>
</form>
//
global $quiz_ready;
$quiz_ready = 'no';
if($_GET['menu']== 'set' && $quiz_ready=='no')
{
global $error,$total_question,$time_sec,$time_min,$cat1,$use_tedu,$total_rows,$correct,$wrong,$unanswered;
$query = "SELECT * FROM enter WHERE randomcode='{$_POST['name_full']}' ";
$res = mysql_query($query);
$query = "SELECT distinct quiz FROM enterused WHERE type = 0 and randomcode='{$_POST['name_full']}' ";
$ress = mysql_query($query);
$query = "SELECT distinct quiz FROM enterused WHERE type = 1 and randomcode='{$_POST['name_full']}' ";
$resp = mysql_query($query);
if (mysql_num_rows($res)){
$access_granted = true;
} else {
$access_granted = false;
$quiz_ready = 'no';
($_GET['menu']== 'setup');
}
if (mysql_num_rows($ress )>= 3){
$access_granted = false;
$quiz_ready = 'no';
($_GET['menu']== 'setup');
}
if (mysql_num_rows($resp )>= 5){
$access_granted = false;
$quiz_ready = 'no';
($_GET['menu']== 'setup');
}
if ($access_granted){
if(isset($_POST['next_step']) && isset($_POST['total_question']) && isset($_POST['time']) )
{
// Get random questions
$stamp = date('mdyHis');
$_SESSION['quiz_date'] = date('d-M-y ,D');
$_SESSION['quiz_time'] = date('H:i:s');
$_SESSION['quiz_id'] = $stamp;
$_SESSION['full_name'] = $_POST['name_full'];
$_SESSION['quiz_term'] = $_POST['accepted'];
$_SESSION['quiz_total_question'] = $_POST['total_question'];
$_SESSION['quiz_time_sec'] = $_POST['time'] * 60 ; // time in seconds
$_SESSION['quiz_time_msec'] = $_POST['time'] * 60 ;
$_SESSION['quiz_time_min'] = $_POST['time'];
$_SESSION['quiz_cat1'] = $_POST['cat1'];
$_SESSION['type'] = $_POST['type'];
$query = "SELECT * FROM pq_crtp_quiz";
$sql = mysql_query($query);
$total_rows = mysql_num_rows($sql);
$i=0;
array($rand_arr);
while($i < $_SESSION['quiz_total_question'])
{
$rand_num = rand(1,$total_rows - 1);
if(!@array_search($rand_num,$rand_arr))
{
$rand_arr[$i] = $rand_num;
$i++;
}
}
global $quiz_data;
for($i=0;$i < $_SESSION['quiz_total_question'];$i++)
{
$query = "SELECT distinct(id), question, option1, option2, option3, answer, category, counter FROM pq_crtp_quiz WHERE id = ".$rand_arr[$i];
$sql = mysql_query($query);
$quiz_data[$i] = mysql_fetch_array($sql);
}
$_SESSION['quiz_data']=$quiz_data;
//print_r($quiz_data);
}
elseif(isset($_POST['next_step']))
{
$error = "Some of the fields are left empty !";
header('Location: Trivia.php?menu=set');
}
} else {
header('Location: Trivia.php?menu=set');
$smarty->assign('errors', $errors);
$smarty->display('quiz.tpl');
exit();
}
}
//this is the code block which is inserting the T&C reference with user id when he plays for the first time and i think it needs to be used to create this new logic
$query = "insert into terms VALUES ('','". $_SESSION['quiz_term']."','".$userdata['username']. "','".$_SESSION['quiz_id']."')";
$sql = mysql_query($query);
Yup! something like this in your login script:-
$sql="SELECT * FROM allowed_users WHERE login_name='".mysql_real_e
$result = mysql_query($sql);
if (mysql_num_rows($result)==
{
$user=mysql_fetch_assoc($r
$_SESSION['name']=$user['n
$_SESSION['userID']=$user[
$_SESSION['TaC']=$user['ac
}
then later
if(!$_SESSION['TaC'])
{
// show Terms and Conditions
}
and also save the result if they accepted them
$sql="UPDATE allowed_users SET accepted_term_and_conditio
$sql="SELECT * FROM allowed_users WHERE login_name='".mysql_real_e
$result = mysql_query($sql);
if (mysql_num_rows($result)==
{
$user=mysql_fetch_assoc($r
$_SESSION['name']=$user['n
$_SESSION['userID']=$user[
$_SESSION['TaC']=$user['ac
}
then later
if(!$_SESSION['TaC'])
{
// show Terms and Conditions
}
and also save the result if they accepted them
$sql="UPDATE allowed_users SET accepted_term_and_conditio
I might also suggest that acceptance of terms and conditions should be a separate table, since the T&C would change over time. Each row would be the date of the last acceptance. Then you can tie features of the web site to the minimum T&C acceptance date. If a new feature requires a new acceptance, you can easily prompt the client to acknowledge the most recent T&C. It may be a little more complex this way, but your legal protection will be much stronger. HTH, ~Ray
ASKER
hi guys
thanks for the replies. i get the idea you describing but the problem of incorporating into the current application.
quiz has four stages
1:user must be logged in
2:user must enter the valid code
3 if code is valid then show T&C else show the error
4 load the quiz
as clearly the fundamental problem i have is "how to"
first form post the code to the set
<form action="Trivia.php?menu=se
2nd form verify the code is correct and it shows the T&C or the error
<form action="Trivia.php?menu=st
this is where i believe i need to make the modifications
$quiz_ready = 'no';
if($_GET['menu']== 'set' && $quiz_ready=='no')
{
global $error,$total_question,$ti
$query = "SELECT * FROM enter WHERE randomcode='{$_POST['name_
or here but i cant come up with the idea of how to do just that
if(isset($_POST['next_step
{
this line may not telling the correct story as it is my fault because of not making it clear it means for entering the code
$_POST['name_full
i am already witting the user response to T&C in the database table as you can see from my first post the very last lines of codes manipulating or making decision based on this data is not coming to me.
//this is the code block which is inserting the T&C reference with user id when he plays for the first time and i think it needs to be used to create this new logic
$query = "insert into terms VALUES ('','". $_SESSION['quiz_term']."',
$sql = mysql_query($query);
thanks for the replies. i get the idea you describing but the problem of incorporating into the current application.
quiz has four stages
1:user must be logged in
2:user must enter the valid code
3 if code is valid then show T&C else show the error
4 load the quiz
as clearly the fundamental problem i have is "how to"
first form post the code to the set
<form action="Trivia.php?menu=se
2nd form verify the code is correct and it shows the T&C or the error
<form action="Trivia.php?menu=st
this is where i believe i need to make the modifications
$quiz_ready = 'no';
if($_GET['menu']== 'set' && $quiz_ready=='no')
{
global $error,$total_question,$ti
$query = "SELECT * FROM enter WHERE randomcode='{$_POST['name_
or here but i cant come up with the idea of how to do just that
if(isset($_POST['next_step
{
this line may not telling the correct story as it is my fault because of not making it clear it means for entering the code
$_POST['name_full
i am already witting the user response to T&C in the database table as you can see from my first post the very last lines of codes manipulating or making decision based on this data is not coming to me.
//this is the code block which is inserting the T&C reference with user id when he plays for the first time and i think it needs to be used to create this new logic
$query = "insert into terms VALUES ('','". $_SESSION['quiz_term']."',
$sql = mysql_query($query);
mattibutt: I think you may want to redesign this application a bit. Here is why.
You MUST NEVER depend on the contents of the URL GET string for anything more than an unvalidated indicator of which "view" to provide of your web site. If you carry anything else, you are at risk of (an inevitable) attack.
And if you receive information from the GET string, you must ensure that it is valid and acceptable. For example, if it is expected to be a record id number, you must check to be sure it does not contain something like "1; DROP TABLE terms" or that is does not request a record that is for a different user other than the one who is signed in. These basic protection schemes are critical, and are part of the inherent rules of the WWW.
You should have the stateful information set in the $_SESSION array, and not carried in the URL.
Redesigning the application is beyond the scope of what we can do in a Q-n-A dialog here at EE, but hopefully you will be inspired to move information out of the action="Trivia.php?menu=se
best regards, ~Ray
You MUST NEVER depend on the contents of the URL GET string for anything more than an unvalidated indicator of which "view" to provide of your web site. If you carry anything else, you are at risk of (an inevitable) attack.
And if you receive information from the GET string, you must ensure that it is valid and acceptable. For example, if it is expected to be a record id number, you must check to be sure it does not contain something like "1; DROP TABLE terms" or that is does not request a record that is for a different user other than the one who is signed in. These basic protection schemes are critical, and are part of the inherent rules of the WWW.
You should have the stateful information set in the $_SESSION array, and not carried in the URL.
Redesigning the application is beyond the scope of what we can do in a Q-n-A dialog here at EE, but hopefully you will be inspired to move information out of the action="Trivia.php?menu=se
best regards, ~Ray
ASKER
hi Ray
thanks for your detail response as you know i greatly value your opinion but i am sure you know i have been working with this application for a while now i came to the stage where re-writing doesnt seem an option in a short run when i will have more time then i will do just that although i do agree with you its a stupid design from your view what i am trying achieve based on current design is it not possible?
all i want to do is simply either redirect the page or skip the page but keeping the code feature intact
thanks for your detail response as you know i greatly value your opinion but i am sure you know i have been working with this application for a while now i came to the stage where re-writing doesnt seem an option in a short run when i will have more time then i will do just that although i do agree with you its a stupid design from your view what i am trying achieve based on current design is it not possible?
all i want to do is simply either redirect the page or skip the page but keeping the code feature intact
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Does that make sense? ~Ray