PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Object Orientation
Beginning Ajax with PHP: From Novice to Professional
Creating an Online Survey - Part 1
Storing Binary Data In a DB
The Power of CVS

[phplib] OT: Need Auth Advice From: Bob Bowker (bowker <email protected>)
Date: 05/22/01

Next message: Alex Black: "Re: [phplib] protecting served files/images/mp3...."
Previous message: Arno A. Karner: "[phplib] protecting served files/images/mp3...."
Next in thread: Bob Bowker: "[phplib] OT: Need Auth Advice SOLVED"
Reply: Bob Bowker: "[phplib] OT: Need Auth Advice SOLVED"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Good Morning --

I have a dynamic PHP4 site using MySQL and PHPLib. The site is currently
on-line, working well, available to the general public.

We have negotiated an affiliation agreement with a much larger site whereby
their users will click on a link from their entry page to our home page and
are eligible for a discount on purchases. The referral will arrive the
first time with a Cookie or GET code from the other site, which I will
store as a session variable, based on which the unique look-and-feel will
be generated and the discount applied - no log-in will be required.

The issue is "coming back" - they want us to refuse admission to anyone
coming in using a bookmark from one of their affiliation sessions (Cookie
or GET variables) - no one should be allowed in as a referral (and thus get
the discount) unless they link from their local entry page.

(They understand that anyone simply simply typing the URL of our "base" web
site will get in with no challenge - or discount! - their concern is anyone
"re-using" or "distributing" an authorized session.)

I have PHPLib handling session management ... I can handle the refusal at
our home page, but I can't seem to get my mind around a functionality that
will accommodate the "refuse admission" for someone who has bookmarked an
internal page and returns the next day ...

~ write a class to make the affiliate timeout at, say, 1 hour, as opposed
to the 3 days we give current customers?

~ use $REMOTE_ADDR ...? But doesn't that fail on internal pages - what's
the difference between someone coming from page 32 to page 45, and someone
coming in with a bookmarked page 45?

As I say, the problem is getting my head to visualize the functionality ...
any advice will be greatly appreciated.

TIA ...

Bob.

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>

Next message: Alex Black: "Re: [phplib] protecting served files/images/mp3...."
Previous message: Arno A. Karner: "[phplib] protecting served files/images/mp3...."
Next in thread: Bob Bowker: "[phplib] OT: Need Auth Advice SOLVED"
Reply: Bob Bowker: "[phplib] OT: Need Auth Advice SOLVED"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]