age confirmation script for adult website.

PHP is a very poor language choice for this, if i were you i'd read up on libcgi and just do the whole thing in Haskell.

My entire site is already in php

this is what i found so far:

verify.php

<?php
session_start();
if ($_REQUEST["over18"] == 1) {
    $_SESSION["over18"] = 1;
    header("Location: " . $_REQUEST["redirect"]);
}
?>
<html>
    <head>
        <title>Verify Your Age</title>
    </head>
    <body>
        <a href="verify.php?over18=1&redirect=<?=$redirect?>">I am over 18</a> | 
        <a href="http://www.google.com/">Get me out of here!</a>
    </body>
</html>

require_verification.php

<?php
session_start();
if ($_SESSION["over18"] != 1) {
    header("Location: verify.php?redirect=" . $PHP_SELF);
}
?>

content_page.php

<?php include("require_verification.php");  ?>
<html>
    <head>
        <title>Sensitive Content</title>
    </head>
    <body>
        <img src="something_sensitive.jpg" alt="EEK!!!" />
    </body>
</html>
</html>

Now will I need

<?php include("require_verification.php");  ?>

On every page that my website has or is it ok only for the front page and/or where /nsfw/ start (the front page of my site will be sfw while everything in /nsfw/ will be adult content)

its best to keep it constant across your site yes, also to be less annoying, use $_COOKIE[] and setcookie [http://www.php.net/manual/en/function.setcookie.php] to keep it constant.

what your doing with the sessions is fine, although my PHP skills aren't the best.

My 2p:

It's difficult to stop under 18s from entering a site. You probably need to include a disclaimer and link, on a splash page/landing page. Once link is pressed, set a session variable to allow pages to be seen. On logout, session is destroyed. [You could also destroy an existing session if the referring page is outside the domain or does not exist - but this breaks if you manually enter an url or possibly use a bookmark]. If session is not present on any page, header redirect to the splash page.

I was playing with something similar here (I have a session implementation on http://diafol.org/blacknun/blacknun/index.php ) It's just something I was playing with. It doesn't have the referer implementation, but as I say, it's not foolproof.

4 pages:

top of splash screen:
redirect to main page if a session is set
the page has link to accept_page

session_start();
if(isset($_SESSION['adult'])){
	header("Location: index.php");
}

top of site pages:
redirect to splash screen if no session set

session_start();
if(!isset($_SESSION['adult'])){
	header("Location: splash.php");
}

top of accept_page:
set session var and redirect to main page

session_start();
$_SESSION['adult'] = 1;
header("Location: index.php");

logout page
kills session and redirects to main page - which should redirect to splash page (you could set redirect to splash page)

session_start();
session_destroy();
header("Location: index.php");

BTW, each header() should be succeeded by an exit();

@thetooth I read somewhere the session method is the correct way to do it, because you have to verify you are 18 after every browser close, this is a more sure means of proving they are 18 because more than one persons who are / are not 18 could use the same computer and visit my site. Whereas with setting a cookie that computer is always logged in as 18 regardless which family member uses the computer and or 18+ or not.

@arday, your help is appreciated yet is still over my head as I am new to PHP.