Need Programming Help - Members Area Plugin - GoFuckYourself.com

SkeetSkeet · 04-04-2008, 06:40 PM

Ok ... Been at this for hours with no luck searching forums google or anything so here it goes. I am trying to figure out how to limit access to a page to traffic only coming from certain domains for a members area plugin we are working on. Basically you can't typein the domain and get anything, has to be linked from certain approved members areas or domains and what not. I have tapped everything I can think of and coming up dry. Any help greatly appreciated.

datatank · 04-04-2008, 07:05 PM

You can do it with htaccess

Nookster · 04-04-2008, 10:20 PM

Code:

$ref = $_SERVER['HTTP_REFERER'];
$pos = strpos($ref,'http://yoursite.com/members/');
$outp = ($pos === true) ? 'The referer is valid.' : 'Nice try.';

I think is what you're looking for, but remember the referer can be manipulated.

woj · 04-04-2008, 11:23 PM

Don't do it with referrer, it's way too amateurish... It may have been good enough 10 years ago, but now a days any idiot can hardcode referer='yoursite.com' into firefox and browse your plugin for free... people even collect and post links to poorly protected plugins like that on surfer forums... you will piss away ton of bandwidth this way...

bobby666 · 04-05-2008, 04:17 AM

Quote:

Originally Posted by woj

Don't do it with referrer, it's way too amateurish... It may have been good enough 10 years ago, but now a days any idiot can hardcode referer='yoursite.com' into firefox and browse your plugin for free... people even collect and post links to poorly protected plugins like that on surfer forums... you will piss away ton of bandwidth this way...

they call it spoofing on the amateur porn boards

raymor · 04-05-2008, 12:36 PM

The reason you've had trouble finding it is is that there is no easy way to
do it with a few lines of .htaccess of whatever and have any level of security.
Soee old plugin providers did that, but those are the ones posted all over the
hacker boards and password sites and all, and who are also found in the
members' area of some legitimate looking sites although the webmaster
isn't paying the fee. We can set you up with a secure system based on
Strongbox technology, though.

Nookster · 04-05-2008, 01:25 PM

Quote:

Originally Posted by woj

Don't do it with referrer, it's way too amateurish... It may have been good enough 10 years ago, but now a days any idiot can hardcode referer='yoursite.com' into firefox and browse your plugin for free... people even collect and post links to poorly protected plugins like that on surfer forums... you will piss away ton of bandwidth this way...

notice what I mentioned about the referer. Read before you type.

SkeetSkeet · 04-05-2008, 01:26 PM

Quote:

Originally Posted by raymor

The reason you've had trouble finding it is is that there is no easy way to
do it with a few lines of .htaccess of whatever and have any level of security.
Soee old plugin providers did that, but those are the ones posted all over the
hacker boards and password sites and all, and who are also found in the
members' area of some legitimate looking sites although the webmaster
isn't paying the fee. We can set you up with a secure system based on
Strongbox technology, though.

as sad as this is ... i didn't even think yall could set something like that up ... never crossed my mind ... but yeah hit me up with some pricing info and we can def work that out

brandonstills · 04-05-2008, 03:07 PM

There's the referrer method mention but it has problems like mentioned above. You would have to do something where the plugin generates some type of authentication code and then that code is valid for a certain time period. You could even hash that code and combine it with their IP address so that code is tied to a given IP address only.

04-04-2008, 06:40 PM	#1
SkeetSkeet Confirmed User Join Date: Oct 2005 Location: StarlightBucks ! Posts: 5,404	Need Programming Help - Members Area Plugin Ok ... Been at this for hours with no luck searching forums google or anything so here it goes. I am trying to figure out how to limit access to a page to traffic only coming from certain domains for a members area plugin we are working on. Basically you can't typein the domain and get anything, has to be linked from certain approved members areas or domains and what not. I have tapped everything I can think of and coming up dry. Any help greatly appreciated. __________________ ICQ 283633188

04-04-2008, 10:20 PM	#3
Nookster Confirmed IT Professional Industry Role: Join Date: Nov 2005 Location: Hollywood, CA Posts: 3,744	Code: $ref = $_SERVER['HTTP_REFERER']; $pos = strpos($ref,'http://yoursite.com/members/'); $outp = ($pos === true) ? 'The referer is valid.' : 'Nice try.'; I think is what you're looking for, but remember the referer can be manipulated. __________________ The Best Affiliate Software, Ever.

04-04-2008, 11:23 PM	#4
woj <&(©¿©)&> Industry Role: Join Date: Jul 2002 Location: Chicago Posts: 47,882	Don't do it with referrer, it's way too amateurish... It may have been good enough 10 years ago, but now a days any idiot can hardcode referer='yoursite.com' into firefox and browse your plugin for free... people even collect and post links to poorly protected plugins like that on surfer forums... you will piss away ton of bandwidth this way... __________________ Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000 Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

04-05-2008, 12:36 PM	#6
raymor Confirmed User Join Date: Oct 2002 Posts: 3,745	The reason you've had trouble finding it is is that there is no easy way to do it with a few lines of .htaccess of whatever and have any level of security. Soee old plugin providers did that, but those are the ones posted all over the hacker boards and password sites and all, and who are also found in the members' area of some legitimate looking sites although the webmaster isn't paying the fee. We can set you up with a secure system based on Strongbox technology, though. __________________ For historical display only. This information is not current: support@bettercgi.com ICQ 7208627 Strongbox - The next generation in site security Throttlebox - The next generation in bandwidth control Clonebox - Backup and disaster recovery on steroids

04-05-2008, 03:07 PM	#9
brandonstills Confirmed User Join Date: Dec 2007 Location: Chatsworth, CA Posts: 1,964	There's the referrer method mention but it has problems like mentioned above. You would have to do something where the plugin generates some type of authentication code and then that code is valid for a certain time period. You could even hash that code and combine it with their IP address so that code is tied to a given IP address only. __________________ Brandon Stills Industry and programming veteran [email protected] \| skype: brandonstills \| ICQ #495-171-318

04-04-2008, 07:05 PM	#2
datatank Confirmed User Join Date: Aug 2004 Location: My dog is blacker than Tupac Posts: 5,471	You can do it with htaccess