 |
 |
 |
 |
|
|
Date: 05/22/01
- Next message: Padraic Renaghan: "Re: [phplib] OT: Need Auth Advice SOLVED"
- Previous message: Alex Black: "Re: [phplib] protecting served files/images/mp3...."
- In reply to: Bob Bowker: "[phplib] OT: Need Auth Advice"
- Next in thread: Padraic Renaghan: "Re: [phplib] OT: Need Auth Advice SOLVED"
- Reply: Padraic Renaghan: "Re: [phplib] OT: Need Auth Advice SOLVED"
- Reply: Alex Black: "Re: [phplib] OT: Need Auth Advice SOLVED"
- Maybe reply: Alex Black: "Re: [phplib] OT: Need Auth Advice SOLVED"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi --
As is often the case, verbalizing the issue yields the answer ... the
contents of
getenv("HTTP_REFERER")
seem to solve my problem: if it's my own URL, it's a local page requesting
another, otherwise it's a request from "outside" and I need to refuse entry.
Any holes in this ...?
Bob.
At 10:30 AM 5/22/01 -0700, Bob Bowker wrote:
>Good Morning --
>
>I have a dynamic PHP4 site using MySQL and PHPLib. The site is currently
>on-line, working well, available to the general public.
>
>We have negotiated an affiliation agreement with a much larger site
>whereby their users will click on a link from their entry page to our home
>page and are eligible for a discount on purchases. The referral will
>arrive the first time with a Cookie or GET code from the other site, which
>I will store as a session variable, based on which the unique
>look-and-feel will be generated and the discount applied - no log-in will
>be required.
>
>The issue is "coming back" - they want us to refuse admission to anyone
>coming in using a bookmark from one of their affiliation sessions (Cookie
>or GET variables) - no one should be allowed in as a referral (and thus
>get the discount) unless they link from their local entry page.
>
>(They understand that anyone simply simply typing the URL of our "base"
>web site will get in with no challenge - or discount! - their concern is
>anyone "re-using" or "distributing" an authorized session.)
>
>I have PHPLib handling session management ... I can handle the refusal at
>our home page, but I can't seem to get my mind around a functionality that
>will accommodate the "refuse admission" for someone who has bookmarked an
>internal page and returns the next day ...
>
>~ write a class to make the affiliate timeout at, say, 1 hour, as opposed
>to the 3 days we give current customers?
>
>~ use $REMOTE_ADDR ...? But doesn't that fail on internal pages - what's
>the difference between someone coming from page 32 to page 45, and someone
>coming in with a bookmarked page 45?
>
>As I say, the problem is getting my head to visualize the functionality
>... any advice will be greatly appreciated.
>
>TIA ...
>
>Bob.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: phplib-unsubscribe <email protected>
>For additional commands, e-mail: phplib-help <email protected>
---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>
- Next message: Padraic Renaghan: "Re: [phplib] OT: Need Auth Advice SOLVED"
- Previous message: Alex Black: "Re: [phplib] protecting served files/images/mp3...."
- In reply to: Bob Bowker: "[phplib] OT: Need Auth Advice"
- Next in thread: Padraic Renaghan: "Re: [phplib] OT: Need Auth Advice SOLVED"
- Reply: Padraic Renaghan: "Re: [phplib] OT: Need Auth Advice SOLVED"
- Reply: Alex Black: "Re: [phplib] OT: Need Auth Advice SOLVED"
- Maybe reply: Alex Black: "Re: [phplib] OT: Need Auth Advice SOLVED"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]