Hello All,
i have a script which which restrict a user to access a page once per day, i need your help to modify the script so that a user can view the page once in 90 days.
<script language ='javascript'>
function createCookie(name,value,days) {
if (days) {
var date = new Date();
date.setTime(date.getTime()+(days*24*60*60*1000));
var expires = "; expires="+date.toGMTString();
}
else var expires = "";
document.cookie = name+"="+value+expires+"; path=/";
}
function readCookie(name) {
var nameEQ = name + "=";
var ca = document.cookie.split(';');
for(var i=0;i < ca.length;i++) {
var c = ca[i];
while (c.charAt(0)==' ') c = c.substring(1,c.length);
if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
}
return null;
}
/* Check the cookie and redirect if they have it set. */
sWhere = 'http://google.com'; // replace this with where you want them to be sent when they can't view page.
<script language ='javascript'>
function createCookie(name,value,days) {
if (days) {
var date = new Date();
date.setTime(date.getDate()+90);
var expires = "; expires="+date.toGMTString();
}
else var expires = "";
document.cookie = name+"="+value+expires+"; path=/";
}
function readCookie(name) {
var nameEQ = name + "=";
var ca = document.cookie.split(';');
for(var i=0;i < ca.length;i++) {
var c = ca[i];
while (c.charAt(0)==' ') c = c.substring(1,c.length);
if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
}
return null;
}
/* Check the cookie and redirect if they have it set. */
sWhere = 'http://google.com'; // replace this with where you want them to be sent when they can't view page.
if(!readCookie('viewcheck')){
createCookie('viewcheck',1,1);
} else {
window.location = sWhere;
}
</script>
__________________
Allwisend bin ich nicht, doch viel ist mir bewursst
-Goethe
if javascript or cookies are disabled that won't work...
You might be better off if you write your content with javascript (in addition to the redirect); that way unless they view the page in a way that you can control their view (with js) then they get nothing. Even more secure is to load the content after you verify their ability to see it via AJAX, so they can't just viewsource... (I mean they could still find the resource if you are grabbing it from AJAX, I don't really know how much security your looking to implement here... probably not that much if your using js...)
__________________
Allwisend bin ich nicht, doch viel ist mir bewursst
-Goethe
Hello blaze4218,
the script is not working, i implemented the script in one my page and i am able to view the page as many times rather it should redirect me to google after first visit for 90 days.
You can't restrict what people can do by using JavaScript. They can either turn your script off or add their own that overrides yours.
To restrict access to once per 90 days you'd need to use a server side script and even then you'd be dependent on their not having deleted the cookie (or it getting dropped because they have too many newer ones).
I didn't really go through the whole script before, but it looks like that function is designed for greater flexibility than just this one use, I would use DanInMa's solution instead of mine so as not to undo that...
__________________
Allwisend bin ich nicht, doch viel ist mir bewursst
-Goethe
Thank you blaze for your help and also others. If anyone has a better solution then please let me know how to restrict a user from an IP to access the page once in 90 days. I have also tried doing in PHP i.e. logging the IP address and restricting the user but the problem is, in a densely populated area, you may have many different visitors coming through the same IP address Or different visitors on the same IP via a LAN.
You can't restrict what people can do by using JavaScript.
To be more clear: You can restrict what people do by using JavaScript. You can't, however, prevent them from circumventing your efforts either with their own scripts, or through disabling your scripts, etc.
If you had no real effect on the user, JavaScript would be a moot point... It has it's usages, but security is not one. I can think of plenty of reasons to prevent a user from viewing a page more than once that are not security related and would not be problematic if circumvented.
__________________
Allwisend bin ich nicht, doch viel ist mir bewursst
-Goethe
If you can: I would recommend creating a user database, and only allowing access to the resource if the user is logged in. Then you can decide with your php on the server whether or not to serve the data.
__________________
Allwisend bin ich nicht, doch viel ist mir bewursst
-Goethe
To be more clear: You can restrict what people do by using JavaScript.
Only if they let you. Since they have the final say it isn't really you that is restricting them - you are recommendiing something and they are deciding whether or not to accept that recommendation.
With modern browsers allowing their owner to select whether to allow JavaScript or not on a page by page basis it is extremely simple to bypass any suggested restriction that you don't wish to comply with. Any restriction that is mandatory (and therefore a restriction actually intended to apply to everyone) must be done server side.
Applying a suggested restriction through JavaScript will work just as long as it doesn't matter if some people bypass the restriction and as long as you don't mind losing those visitors who find it easier to just look for a different site that provides the same facility without the restriction.
I've even found FireFox plugins that allow you to execute the javascript on a page on a per function basis. (presumably for developers)
None of that changes the fact of "You can restrict what people do by using JavaScript". Opting out of JavaScript means that the JavaScript has been opted out of. If not opted out of the JavaScript will affect the browser. Modifying/Overriding the JavaScript means that the JavaScript has been overridden, and is no longer your script. For that matter one could download your page and modify your mark-up and run your page locally to look how they want... But is any of that really worth considering? If it is a security (or otherwise important) concern use server code. If you want the functionality of your app/site/page to be a certain way because that's how you think it should be: Use JavaScript...
I can mod most of the windows applications on my computer with a little jScript, or VBScript, but I wouldn't call Excel's features and functionality a "recommendation"... or maybe you could...
__________________
Allwisend bin ich nicht, doch viel ist mir bewursst
-Goethe
Before you post, read our: 
Open page once per 90 day per IP
