Page 1 of 1

need help with user authentification

Posted: Fri Feb 27, 2009 6:17 pm
by travis773
Bear with me, I am completely new to this.

Here's what I need to do:
I am creating a pdf file that will contain an affiliate link. Say: "hop.beans.'variable'.com"
The link will redirect to "example.com"
I need to make "example.com" only accessable if clicked through the affiliate link otherwise return 404 error.
The purpose of this is to show affiliates that their commission can't be lost by someone following the link and then going to "example.com" in attempts to refuse the referral.

I found the following code which seems to be what I am looking for. Yet, I still don't know how to implement it. Do I just replace 'secret key' and 'secret value' with something in the affiliate link?
This very simple technique can be used if you want to restrict access to the PHP script and do not want to write much code. You can get access to your script by supplying arbitrary additonal parameter within the script URL, e.g.: http://www.yoursite.com/mystats.php?sec ... ecretvalue. Without this parameter you can return 404 HTTP (Page Not Found) response code as described below.

<?php

//This function returns True if query string contains secretkey and secretvalue.
//Otherwise it returns False
function CheckAccess()
{
return @$_GET['secretkey']=='secretvalue';
}

?>
Thanks for the help!

Travis

Re: need help with user authentification

Posted: Sat Feb 28, 2009 12:52 pm
by php_east
"hop.beans.'variable'.com" would redirect to example.com including with it the secret key.

in "hop.beans.'variable'.com" that would be implemented as

Code: Select all

 
header("Location:http://www.example.com/myprogram.php?secretvalue=8498336");
 
and in example.com you would have myprogram.php

Code: Select all

 
<?php
 
if (CheckAccess()=='123456') echo 'VALID ACCESS' else die('INVALID ACCESS');
 
function CheckAccess()
{
return @$_GET['secretkey']=='secretvalue';
}
 

Re: need help with user authentification

Posted: Sat Feb 28, 2009 3:26 pm
by travis773
php_east wrote:"hop.beans.'variable'.com" would redirect to example.com including with it the secret key.

in "hop.beans.'variable'.com" that would be implemented as

Code: Select all

 
header("Location:http://www.example.com/myprogram.php?secretvalue=8498336");
 
and in example.com you would have myprogram.php

Code: Select all

 
<?php
 
if (CheckAccess()=='123456') echo 'VALID ACCESS' else die('INVALID ACCESS');
 
function CheckAccess()
{
return @$_GET['secretkey']=='secretvalue';
}
 
I should have clarified that "hop.beans.'variable'.com" would be an automatic redirect link. I don't actually have access to that page (I'm linking it from a pdf file.)

I slapped together the following using some examples I've found. Does it look like it would work? I'm still unfamiliar with php layout.

Code: Select all

 
<?php 
$Referer = getenv("http://($nickname).myproduct.hop.clickbank.net/");
 
if (!strchr($Referer; isset($nickname), "http://www.example.com/myprogram.php"))
 { 
echo "<script>alert('Sorry, you are not allowed 
 
access');window.location='http://www.example.com/sorry.php';</script>"; 
 exit(); 
} 
 ?>
 
Does this at all look like it would work?
This would be placed in "http://www.example.com/myprogram.php" right?

Thank you for the help.

Re: need help with user authentification

Posted: Sat Feb 28, 2009 5:59 pm
by php_east
travis773 wrote: I should have clarified that "hop.beans.'variable'.com" would be an automatic redirect link. I don't actually have access to that page (I'm linking it from a pdf file.)
well, where then would you place the secret key ? surely not in the pdf itself ?
it won't be a secret for long then.

travis773 wrote:

Code: Select all

 
<?php 
$Referer = getenv("http://($nickname).myproduct.hop.clickbank.net/");
 
if (!strchr($Referer; isset($nickname), "http://www.example.com/myprogram.php"))
 { 
echo "<script>alert('Sorry, you are not allowed 
 
access');window.location='http://www.example.com/sorry.php';</script>"; 
 exit(); 
} 
 ?>
 
Does this at all look like it would work?
This would be placed in "http://www.example.com/myprogram.php" right?

Thank you for the help.
yes, it should be in example.com/myprogram.php but the PHP itself doesn't look quite right.


this [ $Referer = getenv("http://($nickname).myproduct.hop.clickbank.net/"); ]
doesn't make sense to me.

also, the "referrer" should not be relied upon at all. ( as it can be set/faked in a browser )
so you would need to get what server the request came from
i.e. $_SERVER['REMOTE_ADDR'] or 'REMOTE_HOST'.

then u need to check what request was sent i.e.
$_SERVER['QUERY_STRING']

or you could get the secret key from $_GET as in the example you found.

the script part looks ok, though i would write as follows;

Code: Select all

 
{ 
echo "<script type='text/javascript'>
alert('Sorry, you are not allowed access');
window.location='http://www.example.com/sorry.php';
</script>"; 
exit(); 
} 
 
my adivse would be to play around with $_SERVER variables and see what you can get and what you need. take heed to the warnings placed in the PHP documentation with regards to
referrers, specifically this...

'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.

Re: need help with user authentification

Posted: Sat Feb 28, 2009 11:31 pm
by travis773
[ $Referer = getenv("http://($nickname).myproduct.hop.clickbank.net/"); ]
doesn't make sense to me.
Yeah, I pretty much just made that up. Again, I'm not familiar with php at all. What I was trying to show was that the referer will come from myproduct.hop.clickbank.net, but the "nickname" will change. Since it is an affiliate hoplink.

It's not a completely essential feature, however. I was just hoping that there was a fairly easy way to do it.

Thanks for the help.