SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Guru godsfshrmn's Avatar
    Join Date
    Mar 2001
    Posts
    671
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Anti Robotic Registration

    Can someone explain how this works? I am needing to do something similar to this. Would this work in my situation? I am looking in the referral url for a file. (link to my homepage is in my scripts) If that string is found in the referral url, i will have a link displayed that goes to a page allowing a download of the latest version of that script. I dont want people that did not come from the admin panel of the script i made to be able to view this page.
    s c r i p t s f o r y o u . n e t
    ScriptsForYou

  2. #2
    SitePoint Zealot metho's Avatar
    Join Date
    Feb 2005
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Before you decide on this approach, check whether your server will pass ['HTTP_REFERER'] in the $_SERVER[] array. Some will not for security reasons. Anti-virus software and other client-side privacy software will also block referer...

    The test is easy. Save a file with the following;

    <?php
    echo "Server Vars: <pre>";
    print_r($_SERVER);
    echo "</pre>";
    ?>

    then put a link in one of your pages to it. The output will tell you if your server is passing ['HTTP_REFERER'].

  3. #3
    SitePoint Wizard Dylan B's Avatar
    Join Date
    Jul 2004
    Location
    NYC
    Posts
    1,150
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's also VERY east to spoof the referer.

    You could always do a cookie check.

  4. #4
    SitePoint Guru godsfshrmn's Avatar
    Join Date
    Mar 2001
    Posts
    671
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Wouldnt this method be fairly safe though? I dont think many people would know the process would they?

    My server does support that.
    http://www.scriptsforyou.net/test.php
    s c r i p t s f o r y o u . n e t
    ScriptsForYou

  5. #5
    SitePoint Guru godsfshrmn's Avatar
    Join Date
    Mar 2001
    Posts
    671
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I really dont see another way of doing this. The only way of knowing that they came from their server's admin panel is by referral right?
    s c r i p t s f o r y o u . n e t
    ScriptsForYou

  6. #6
    SitePoint Wizard Dylan B's Avatar
    Join Date
    Jul 2004
    Location
    NYC
    Posts
    1,150
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    On the admin panel you can set a session variable, then check for it on the other page.

  7. #7
    SitePoint Guru godsfshrmn's Avatar
    Join Date
    Mar 2001
    Posts
    671
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thats the thing though, I cant go back and modify the script because it is on their server. I didn't forsee this happening the idea just came to me today =)
    s c r i p t s f o r y o u . n e t
    ScriptsForYou

  8. #8
    get into it! bigduke's Avatar
    Join Date
    May 2004
    Location
    Australia
    Posts
    847
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    how about a db entry? when they're on the admin panel and choose to download, put a code in the db, its THIS code thats verified through the referral URL. Once used, it can't be used again. This is prolly the safest way to keep a check.

  9. #9
    SitePoint Wizard Dylan B's Avatar
    Join Date
    Jul 2004
    Location
    NYC
    Posts
    1,150
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The bottom line is that referer isn't reliable.

  10. #10
    SitePoint Guru godsfshrmn's Avatar
    Join Date
    Mar 2001
    Posts
    671
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I guess I will have to go with the refferral. I mean, will it be THAT obvious that i am check for referral? =/
    s c r i p t s f o r y o u . n e t
    ScriptsForYou

  11. #11
    SitePoint Wizard Dylan B's Avatar
    Join Date
    Jul 2004
    Location
    NYC
    Posts
    1,150
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'd find another way around it. Maybe you can make a login for people who use your script?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •