Ok ... Been at this for hours with no luck searching forums google or anything so here it goes. I am trying to figure out how to limit access to a page to traffic only coming from certain domains for a members area plugin we are working on. Basically you can't typein the domain and get anything, has to be linked from certain approved members areas or domains and what not. I have tapped everything I can think of and coming up dry. Any help greatly appreciated.
Need Programming Help - Members Area Plugin
Collapse
X
-
Tags: None
-
I think is what you're looking for, but remember the referer can be manipulated.Code:$ref = $_SERVER['HTTP_REFERER']; $pos = strpos($ref,'http://yoursite.com/members/'); $outp = ($pos === true) ? 'The referer is valid.' : 'Nice try.';
Comment
-
Don't do it with referrer, it's way too amateurish... It may have been good enough 10 years ago, but now a days any idiot can hardcode referer='yoursite.com' into firefox and browse your plugin for free... people even collect and post links to poorly protected plugins like that on surfer forums... you will piss away ton of bandwidth this way...Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip ManagerComment
-
they call it spoofing on the amateur porn boardsDon't do it with referrer, it's way too amateurish... It may have been good enough 10 years ago, but now a days any idiot can hardcode referer='yoursite.com' into firefox and browse your plugin for free... people even collect and post links to poorly protected plugins like that on surfer forums... you will piss away ton of bandwidth this way...Comment
-
The reason you've had trouble finding it is is that there is no easy way to
do it with a few lines of .htaccess of whatever and have any level of security.
Soee old plugin providers did that, but those are the ones posted all over the
hacker boards and password sites and all, and who are also found in the
members' area of some legitimate looking sites although the webmaster
isn't paying the fee. We can set you up with a secure system based on
Strongbox technology, though.For historical display only. This information is not current:
support@bettercgi.com ICQ 7208627
Strongbox - The next generation in site security
Throttlebox - The next generation in bandwidth control
Clonebox - Backup and disaster recovery on steroidsComment
-
notice what I mentioned about the referer. Read before you type.Don't do it with referrer, it's way too amateurish... It may have been good enough 10 years ago, but now a days any idiot can hardcode referer='yoursite.com' into firefox and browse your plugin for free... people even collect and post links to poorly protected plugins like that on surfer forums... you will piss away ton of bandwidth this way...Comment
-
as sad as this is ... i didn't even think yall could set something like that up ... never crossed my mind ... but yeah hit me up with some pricing info and we can def work that outThe reason you've had trouble finding it is is that there is no easy way to
do it with a few lines of .htaccess of whatever and have any level of security.
Soee old plugin providers did that, but those are the ones posted all over the
hacker boards and password sites and all, and who are also found in the
members' area of some legitimate looking sites although the webmaster
isn't paying the fee. We can set you up with a secure system based on
Strongbox technology, though.Comment
-
There's the referrer method mention but it has problems like mentioned above. You would have to do something where the plugin generates some type of authentication code and then that code is valid for a certain time period. You could even hash that code and combine it with their IP address so that code is tied to a given IP address only.Comment




Comment