Jump to content

Secure Registration Form Page

jimuaw2400

By jimuaw2400
in PHP Coding Help

 Share

Recommended Posts

jimuaw2400 Newbie

jimuaw2400

Posted
Posted
I'm sort of new to PHP. I can install scripts and minor PHP debugging.
But I just seem to be having a tough time figuring out how to keep my
registration form page from being passed around.

After someone pays for access to a member area and they are sent to
the registration page, what code can I put on the php registration page
to keep them from bookmarking it or using the URL again. I though maybe
using token and/or valid referrers but I'm lost on how to do it.

I found some php code but I'm not sure if it is valid for my need. It is
just partial. I'm not sure how to call it or use it.

----------------------

<?php
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Expires: Mon,26 Jul 1997 05:00:00 GMT");
/* turn off error reporting */
error_reporting(0);
/* valid referrers */
/*$referers = array ('domain.com');*/
/* verify that the script is being called from a valid referrer */
function check_referer($referers) {
if (count($referers)) {
$found = false;
$temp = explode("/",getenv("HTTP_REFERER"));
$referer = $temp[2];

for ($x=0; $x < count($referers); $x++) {

if (eregi ($referers[$x], $referer)) {
$found = true;
}

}

if (!getenv("HTTP_REFERER"))
$found = false;

if (!$found){
error_log("[index.php] Illegal Referer. (".getenv("HTTP_REFERER").")", 0);
header ("Location: [a href=\"http://www.mymaker.com/Illegal_Referrer");\" target=\"_blank\"]http://www.mymaker.com/Illegal_Referrer");[/a] /* /Illegal_Referrer */
echo 'You are coming from an unauthorized domain.';
}

return $found;

} else {
echo 'You are coming from here.';
return true;
}
}
?>

---------------------------

Any help would be appreciated.

Thanks,

Jim
Link to comment
Share on other sites
poirot Member

poirot

Posted
Posted
The first thing I've noticed was the HTTP_REFERER. Never rely on this variable. It is easily changeable and some browsers, firewalls, proxies and alikes will not send it. This will cause hassle to legit users and still leave your script vulnerable.

Now, to the tokens. You must generate tokens and store them in some database. Then, once the script is executed see if the token is valid. After the execution, delete the token.
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.