Page 1 of 1

Restricting access by referral

Posted: Thu Jun 04, 2009 4:43 am
by SmithyR
Hi, I've built an aid program using PHP and MySQL for a browser game. It's not necessary to go into details of what the program does, but it involves the user creating a record in a database table and the program automatically finding resources based on their input.

My problem is that I only want certain people to be able to access the program. I'm not sure how to go about doing that without coding a complete login system, which I really want to avoid.

My initial thoughts were to have a link to the URL of the program on a secure forum (said secure forum already set up). The program would read the referral URL and if it coincides with the URL of the forum, then the user would be granted access. I suppose I must then use cookies or sessions to grant access for the user to the other pages on the program. I'm not sure how I would go about doing that.

Are there any other ways I should be doing this? Is using cookies the best way?

Cheers

Re: Restricting access by referral

Posted: Thu Jun 04, 2009 4:48 am
by s.dot
Check the $_SERVER['HTTP_REFERER'] variable. Of course it cannot be trusted and may not always be set, but if you don't care enough to create a login system then you probably don't care enough if their browser sets it. :P

If you do go that route.. cookies and/or sessions will do.

Re: Restricting access by referral

Posted: Thu Jun 04, 2009 4:56 am
by SmithyR
Yep, that's what I was thinking. You're correct in your assumption too; I doubt anyone is concerned enough to go to any sort of length to attempt to bypass my crude security attempts. The program only interests those who it is made for anyway.

I'm not sure I'm quite grasping the cookies/session deal though. I've read though some tutorials, but I'm still a bit unsure as to how I would implement it into my program.

Re: Restricting access by referral

Posted: Thu Jun 04, 2009 10:26 am
by Chalks
sessions are ridiculously easy. I couldn't get a handle on it till I actually sat down and spent a bit of time fiddling with them though. Just make a basic webpage and see what you can do with it. Also, Session_start() - this page will get you started.

Re: Restricting access by referral

Posted: Thu Jun 04, 2009 5:51 pm
by kaisellgren
SmithyR wrote:I doubt anyone is concerned enough to go to any sort of length to attempt to bypass my crude security attempts.
Remember, it is easy to bypass your "protection". Just set the right request header and you are in. Your protection here is obscurity.

Anyway, you know your project requirements best.