Age Verification with PHP?

[audiomega]

Hey guys,

I'm working on a site that needs age verification...I've found some (mostly java) scripts out there, but nothing that quite suits the need. I'd really prefer to use mySQL and PHP to do it!

I need a way to ask our visitor's birthdate (on homepage load maybe,) and then send them to the appropriate page based on their age. We'd also need time-configurable (by admin) cookies to ensure that our younger visitors didn't just retry the form with an older birthdate. I think cookies would also allow users to bypass the birthdate query if they'd already answered it "last month," "last week," or "yesterday." (Right?)

Also, if they were to enter a birthdate that made them "under 13," we'd need to redirect them to a parental permission form that they'd have to print out.

The function of all this is to allow us to collect information on forms throughout the site from visitors who are 13 and over...and at the same time, allow those who are 12 and under to submit their information only after we've gotten a written ok from the parents.

I hope I've explained this right...I'm confused myself now. Am I crazy in thinking I might find such a thing as what I've outlined? Or should I maybe be looking as some sort of "user sign up" code?

Please help!

Thank you!

John Alarcon

[audiomega]

Anything! Anyone!?!

[Gaheris]

Sure.
Untested, horrible code.

PHP Code:

$bd = '1980'; // This data should come from the form
if (($timestamp = strtotime($bd)) == -1) {
    // Wrong date format
    die('Wrong date format');
} else {
    $diff = time() - $timestamp;
    if ($diff <= 0) {
        // We got a time traveler
        die("Hooah! How's the future?");
    } else {
        $ysec  = 60 * 60 * 24 * 365;
        $years = floor($diff / $ysec);
        if ($years >= 13) {
            // Hooray, they are 13 or older
            // do whatever you want
            echo 'You got in';
        } else {
            // No, you won't get in here
            $expire = 60*60*24;
            $days   = 30; // How many days should the access be blocked 
            setcookie('not_old_enough', 1, $expire*$days + time());
            die("You're not old enough");
        }
    }    
} 


[audiomega]

Thank you for responding to my post! May I ask a few questions about this?

1. Where you've set $bd to '1980', do I just change the '1980' to whatever my fieldname from the form was? (And on the form...where do I POST it to?)

2. Can this be used to "guard" an HTML page?

3. How can I add two more variables to it so that it could automatically calculate their birthDAY, instead of only the birth year?

4. Will this check to see if they have a cookie already, or will it make them fill out my "birthday query" form each time they come?

If you don't want to explain all this, I can understand, but I thank you for your effort thus far nonetheless.

Thank you.

John Alarcon

[Gaheris]

1. It's just a sample value, it should come from the form. The easy way would be to have a form with a <input type="text" name="birth_day" /> and to get the value with $_POST['birt_day'] (or whatever method the form uses)

2. I don't know what you mean with "guard" but it isn't secure at all (fake birthday)

3. You want them to enter their exact birth day?

4. This only handles the form data, you'll have to do a check before posting the form. Actually, if you want you can create a cookie when they entered the site with a valid birt year. Just add

PHP Code:

$expire = 60*60*24;
$days   = 30; // How many days should the access be blocked
setcookie('not_old_enough', 0, $expire*$days + time()); 


after

PHP Code:

if ($years >= 13) { 


Then before outputting your form

PHP Code:

if (isset($_COOKIE['not_old_enough'])) {
    if ($_COOKIE['not_old_enough']) {
        echo 'To young, get out of here!'
        exit;  
    } else {
        echo 'You're old enough';
        exit;
    }
}
// No cookie, display the form
echo '<form ...>'; 


You're content file could be like this

PHP Code:

<?php
if (isset($_COOKIE['not_old_enough'])) {
    if ($_COOKIE['not_old_enough']) {
        // To young, can't enter site
        echo 'To young, get out of here!';
        exit;  
    } else {
        // Here goes your content
        echo "You're old enough";
        exit;
    }
} else {
    if (isset($_POST['send'])) {
        if (($timestamp = strtotime($_POST['bd'])) == -1) {
            die('Wrong date format');
        } else {
            $diff = time() - $timestamp;
            if ($diff <= 0) {
                die("Hooah! How's the future?" );
            } else {
                $ysec  = 60 * 60 * 24 * 365;
                $years = floor($diff / $ysec);
                if ($years >= 13) {
                    $expire = 60*60*24;
                    $days   = 30;
                    setcookie('not_old_enough', 0, $expire*$days + time());
                    header('Location: '.$_SERVER['PHP_SELF']);
                    exit;
                } else {
                    $expire = 60*60*24;
                    $days   = 30;
                    setcookie('not_old_enough', 1, $expire*$days + time());
                    header('Location: '.$_SERVER['PHP_SELF']);
                    exit;
                }
            }
        }
    } else {
        // No cookie, display the form
        echo '<form methos="post" action="'.$_SERVER['PHP_SELF'].'">';
        echo '<input type="text" name="bd" maxlenght="4" />';
        echo '<input type="submit" name="send" value="Enter" />';
        echo '</form>';
        exit;
    }
}
?>

The only thing is that cookies are required to enter the site.
The code is untested, but you might get the idea.

[audiomega]

I thank you again for a great explanation! Yes, it does help me get the idea...but what I really lack is a clue!

It's obvious to me now that this is out of my league....I don't know who the hell I thought I was...thanks for the reality check.

When I said "guard" I didn't mean to imply that it was secure...it simply establishes that we've done our part and been diligent and deliberate in our attempt.

I would love it if they could enter their exact birthday...that way there would be no problems with dates...if they turn 13 tomorrow, they can come back tomorrow...

We don't actually want to use cookies for the majority of the site...just on the form...that way when they tried to access the "13 and over" area, it will write (or read) the cookie and give them either the content, or the "you're not old enough" page.

All this would ideally happen in a pop up window of 357x610, which would be activated by a link on our homepage.

I think I'm going to have to pay someone else for all this...it's just more than I can swallow. Do you have any idea what I might expect to pay for all the necessary files?

Thanks again for your excellent help!

John Alarcon

[Gaheris]

About this guard thing, I don't know your law, so I can't tell you anything about this point.

If you want I could edit the code so that they can enter a exact date.

Well, no problem, if the content's for everyone then just display it, if it's for 13 over then use the sample code I posted.

The windows hasn't got to do anything with PHP, so there aren't any problems with this one.

No, sorry, it really depends, you know?

[audiomega]

Thank you very much for you offer! I believe I'd be a fool to pass that up...so, yes, I'd very much appreciate if you wrote the code. How much would it cost?

Thank you again!

[Gaheris]

This works with a full date, it includes a sweet form with select fields and hey, it works.
Look at the comments, they should tell you where you should replace things.
This is the function.

PHP Code:

function isOldEnough()
{
    if (isset($_POST['send'])) {
        if (checkdate($_POST['bd_month'], $_POST['bd_day'], $_POST['bd_year'])) {
            if (($timestamp = mktime(0, 0, 0, $_POST['bd_month'], $_POST['bd_day'], $_POST['bd_year'])) == -1) {
                die('Wrong date format');               // Replace this with your own error message
            } else {
                $diff = time() - $timestamp;
                if ($diff <= 0) {
                    die("Hooah! How's the future?" );   // Replace this with your own error message
                } else {
                    $ysec  = 60 * 60 * 24 * 365;
                    $years = floor($diff / $ysec);
                    if ($years >= 13) {
                        $expire = 60*60*24;
                        $days   = 30;
                        setcookie('not_old_enough', 0, $expire*$days + time());
                        header('Location: '.$_SERVER['PHP_SELF']);
                        exit;
                    } else {
                        $expire = 60*60*24;
                        $days   = 30;
                        setcookie('not_old_enough', 1, $expire*$days + time());
                        header('Location: '.$_SERVER['PHP_SELF']);
                        exit;
                    }
                }
            }
        } else {
            die('Invalid date');                        // Replace this with your own error message
        }
    } else {
        if (isset($_COOKIE['not_old_enough'])) {
            return !(bool)$_COOKIE['not_old_enough'];
        } else {
            echo '<form method="post" action="'.$_SERVER['PHP_SELF'].'">';
            echo '<input type="text" name="bd_day" maxlenght="2" size="2" />&nbsp;';
            echo '<select name="bd_month" size="1">';
            for ($i = 1; $i <= 12; $i++) {
                $time = mktime(0, 0, 0, $i);
                $date = date('F', $time);
                echo '<option value="'.$i.'">'.$date.'</option>';
            }
            echo '</select>&nbsp;';
            echo '<select name="bd_year" size="1">';
            for ($i = 1970; $i <= date('Y'); $i++) {
                echo '<option>'.$i.'</option>';
            }
            echo '</select>&nbsp;';
            echo '<input type="submit" name="send" value="Enter" />';
            echo '</form>';
            exit;
        }
    }
} 


Now, in every file where you have to be >= 13 you do this

PHP Code:

if (isOldEnough()) {
    // Your content
    echo 'Hooray! You\'re old enough!';
} else {
    // Not old enough message
    echo 'Sorry mate, wait till you\'re 13.';
} 


[audiomega]

You have been a great help! Is there not some way I can offer to repay you for your effort? If not monetarily...then how about in graphic work?

You've done the community a great service by providing this script...I know...I've already been over hundreds of sites. I prefer to research...and then ask...not vice versa.

If you need any help, don't hesitate to call on me!

Thank you!

John Alarcon

[Gaheris]

No problem, I'm glad I could help you out.
And thanks a lot for you offer, I won't forget it.

See you and good luck,
Frederik Bülthoff

[4SeeN]

Sorry for reviving a very old post, but curious if the above coding is up to standards for todays latest version of PHP, especially security wise. I can use that script for an upcoming project, but wondering whether or not it's too old to use.

I use php5 on my server.

Thank you in advance.

[pixelsoul]

hehe well security wise age verifications are totally pointless anyway... if you are too young, you just enter an older date lolz.

[dotDan]

The above code should work fine with PHP5.

Age verification isn't really for security, but rather, to comply with COPPA. If you check for age, and the person lies, you're less at fault than if you didn't check at all.