Results 1 to 11 of 11
Thread: Anti Robotic Registration
May 25, 2005, 16:24 #1
Anti Robotic Registration
Can someone explain how this works? I am needing to do something similar to this. Would this work in my situation? I am looking in the referral url for a file. (link to my homepage is in my scripts) If that string is found in the referral url, i will have a link displayed that goes to a page allowing a download of the latest version of that script. I dont want people that did not come from the admin panel of the script i made to be able to view this page.
May 25, 2005, 16:39 #2
Before you decide on this approach, check whether your server will pass ['HTTP_REFERER'] in the $_SERVER array. Some will not for security reasons. Anti-virus software and other client-side privacy software will also block referer...
The test is easy. Save a file with the following;
echo "Server Vars: <pre>";
then put a link in one of your pages to it. The output will tell you if your server is passing ['HTTP_REFERER'].
May 25, 2005, 16:45 #3
It's also VERY east to spoof the referer.
You could always do a cookie check.
May 25, 2005, 16:59 #4
May 25, 2005, 17:06 #5
I really dont see another way of doing this. The only way of knowing that they came from their server's admin panel is by referral right?
May 25, 2005, 19:08 #6
On the admin panel you can set a session variable, then check for it on the other page.
May 25, 2005, 19:11 #7
Thats the thing though, I cant go back and modify the script because it is on their server. I didn't forsee this happening the idea just came to me today =)
May 25, 2005, 19:19 #8
May 25, 2005, 19:21 #9
The bottom line is that referer isn't reliable.
May 25, 2005, 19:23 #10
I guess I will have to go with the refferral. I mean, will it be THAT obvious that i am check for referral? =/
May 25, 2005, 19:31 #11
I'd find another way around it. Maybe you can make a login for people who use your script?