PDA

View Full Version : "Accept" and move on



mmacw
01-09-2005, 02:14 AM
i simply want an "accept" check box before the user moves to the next page.

mwinter
01-09-2005, 12:51 PM
i simply want an "accept" check box before the user moves to the next page.If you want this to be legally binding[1], this would have to be enforced reliably which means a client-side solution is completely out of the question. What server-side languages do you have at your disposal?

Mike


[1] I seem to remember doubts that an "accept" checkbox, or similar, can provide this on a website as it may be possible to skip straight past it.

Disclaimer: I am not a lawyer.

mmacw
01-09-2005, 09:24 PM
thanx. i agree, just looking for new ideas.

ron

ddadmin
01-11-2005, 02:06 AM
.

Well, here's a modified example that doesn't disable the submit button directly, simply prevents the form from submitting if the checkbox isn't checked:


<script type="text/javascript">

//"Accept terms" form submission- By Dynamic Drive
//For full source code and more DHTML scripts, visit http://www.dynamicdrive.com
//This credit MUST stay intact for use

function defaultagree(el){
var checkobj=el.agreecheck
if (checkobj.checked)
return true
else{
alert("Please read/accept terms to submit form")
return false
}
}

</script>

<body>

<form name="agreeform" onSubmit="return defaultagree(this)">
Rest of your form here<br>
<input name="agreecheck" type="checkbox"><b>I agree to the above terms</b><br>
<input type="Submit" value="Submit!">
</form>

mwinter
01-11-2005, 02:07 PM
Well, here's a modified example that doesn't disable the submit button directlyGood. Disabling a form control via HTML creates a dependancy on client-side scripting which is never desirable on the Web.


simply prevents the form from submitting if the checkbox isn't checked:But as I hypothesised, for a click-through agreement to have any basis in law it must meet certain criteria. Any client-side script can be disabled or subverted. For example, the demonstration used with the original Accept terms (http://www.dynamicdrive.com/dynamicindex16/acceptterm.htm) script can be bypassed using the following bookmarklet:


javascript:void(
(document.forms['agreeform'].elements[2].disabled=false),
(document.forms['agreeform'].onsubmit=null)
);The line breaks are for readability only.

If the first expression is removed (including the comma operator), it would apply to the code you presented, too.

If the agreement was bypassed in such a way, it could be argued that the user didn't give their consent to the terms so they are not bound by any of the clauses set forth. Similarly, if the "protected" content can be accessed directly, that could be considered bypassing consent, too.

This is a legal minefield and it definitely requires advice from a lawyer that's well versed in all the possible issues. However, I sincerely doubt that any client-side solution is viable. I'd strongly suggest that you state that clearly on the Accept terms (http://www.dynamicdrive.com/dynamicindex16/acceptterm.htm) script page.

Mike

FPit
01-11-2005, 06:48 PM
mwinter: client-side scripting can be used together with server side scripting to validate user's input in a more user-friendly way. In case if JS is disabled or some browser doesn't interpret it properly, server side code will return an error message. For the remaining 99% of cases, using JS will be less frustrating and more efficient.

ddadmin: how about this:


<script type="text/javascript">

//Feel free to remove these 3 lines and give us no credit
//Fpit http://www.financialpit.com
//Need to fill this line since I said "3 lines" above

function agreeornot(myel1,myel2){
var chobj1=myel1;
var chobj2=myel2;
if (chobj1.checked)
chobj2.disabled=0;
else{
chobj2.disabled=1;
}
}

</script>

<body>

<form name="agreeform">
Form goes here<br>
<input name="agcheck" type="checkbox" onclick="agreeornot(this,agreeform.mysubmit);"><b>I agree with everything above</b><br>
<input name="mysubmit" type="submit" value="Submit This Agreement" disabled>
</form>

mwinter
01-11-2005, 07:39 PM
client-side scripting can be used together with server side scriptingI am well aware of that fact. However, the requirement of server involvement hasn't been stressed enough.


For the remaining 99% of cases [where scripting is enabled]Common statistics place that percentage closer to 90%, though there will of course be variations based on the target audience. However, you're suggestion (using the disabled attribute) would make a page useless for those users that do have client-side scripting disabled.



function agreeornot(myel1,myel2){
var chobj1=myel1;
var chobj2=myel2;The addition of these two variables serve no purpose other than to bloat the code.



if (chobj1.checked)
chobj2.disabled=0;
else{
chobj2.disabled=1;
}
chobj2.disabled = !chobj1.checked;would be far more efficient (once you use the arguments directly).



<input [...] disabled>Again, it is a very bad idea to use the disabled attribute on the Web as it forces involvement of client-side scripting when it really isn't necessary.

Mike

FPit
01-11-2005, 09:15 PM
I am well aware of that fact. However, the requirement of server involvement hasn't been stressed enough.

I was not doubting your degree of awareness about this fact. I do believe however that the importance of server side requirement was overstressed.


Common statistics place that percentage closer to 90%, though there will of course be variations based on the target audience.

Even if it's 80%, it would still be useful to use JS to validate input immediately, and use PHP to do it for post vars.


However, you're suggestion (using the disabled attribute) would make a page useless for those users that do have client-side scripting disabled.
...The addition of these two variables serve no purpose other than to bloat the code.
...would be far more efficient (once you use the arguments directly).

Yes, it's true, I was illustrating the concept with generic code by comparing it to the previous code.


Again, it is a very bad idea to use the disabled attribute on the Web as it forces involvement of client-side scripting when it really isn't necessary.

True, the solution is to use JS to disable input onload.

mwinter
01-11-2005, 10:26 PM
I was not doubting your degree of awareness about this fact. I do believe however that the importance of server side requirement was overstressed.Unless you have evidence to the contrary, it's my understanding that a click-through agreement must be reliable in its operation to have any basis in law. As this is only possible server-side, I don't see how this element of the process can be overstressed. Especially considering that I've been the only person to mention it.


the solution is to use JS to disable input onload.The submit button shouldn't be disabled at all. If the user doesn't consent to the agreement, they should be redirected. Where depends on what you're doing.

Mike

FPit
01-11-2005, 11:50 PM
I don't see how this element of the process can be overstressed.

By repeatedly stressing and re-stating the point which noone argues with is overstressing. Moreover, the question was not about legal issues and click-through agreement, you have raised that subject and repeatedly re-stated it several times.


Especially considering that I've been the only person to mention it.

Yes, you are the only person to mention it, and I do believe there are reasons why others decided not to mention it. One of the reasons is because this does not answer the question, but rather gives a related suggestion which is obvious to the majority of people anyway. Another reason is because since you already stated it once, there is no need to re-state it or discuss it.