Page 1 of 1
How do I Secure my url with php with out sessions?
Posted: Thu Aug 28, 2008 8:49 am
by cap2cap10
Greetings php technorati,
I want users to be directed to a certain form after they pay for services through a third party website, on my site.
How would I block someone from just saving the form.php which would allow a different user to register themselves to
my members area? Remember this is the registration form, the user has not been assigned a user ID or any information. How would I make sure that the person using that form.php came from the third party payment site.
with or with out starting a session?
Can I use sessions to verify the site the user just came from or is there another way?
Please enlighten me!
Batoe
Re: How do I Secure my url with php with out sessions?
Posted: Fri Aug 29, 2008 6:49 am
by shiznatix
check the referrer in the $_SERVER superglobal. If it is from the referring site that you want to allow registration from, process the information. Otherwise die() with some witty error message. If you need help with that message the people on these boards just may be able to help you. I would do something like display goatse or whatever but that may be just too mean for some people.
As for the PHP stuff, check out what you get when you do this:
Code: Select all
echo '<pre>';print_r($_SERVER);echo '</pre>';
find the referrer thing and use that to your advantage.
Re: How do I Secure my url with php with out sessions?
Posted: Fri Aug 29, 2008 10:21 am
by koen.h
shiznatix wrote:check the referrer in the $_SERVER superglobal. If it is from the referring site that you want to allow registration from, process the information. Otherwise die() with some witty error message. If you need help with that message the people on these boards just may be able to help you. I would do something like display goatse or whatever but that may be just too mean for some people.
As for the PHP stuff, check out what you get when you do this:
Code: Select all
echo '<pre>';print_r($_SERVER);echo '</pre>';
find the referrer thing and use that to your advantage.
The referrer can be manipulated. So it's not 100% secure.
Re: How do I Secure my url with php with out sessions?
Posted: Sat Aug 30, 2008 9:44 pm
by cap2cap10
How about this nifty little function:
Code: Select all
[color=#4000FF]<?php
function check_previous($foobar= getenv('HTTP_REFERER'))
{
if ($foobar != 'www.2checkout.com/checkout/...')
{
Header('Location: http://www.myhomepage.php');
}
}
?>[/color]
will this work?
This should certify that the user came from my third party credit card validation site, right or wrong? If I place this at the top of the code, this should automatically redirect them to my homepage, right?
Please enlighten this novice
Batoe
Re: How do I Secure my url with php with out sessions?
Posted: Sun Aug 31, 2008 12:47 am
by matthijs
Http_referrer can be manipulated. You can't use that to verify were the user came from. Almost anything in the HTTP_* group can contain user input