Jump to content

How to block direct access to web page?

megavolt

By megavolt
in PHP Coding Help

 Share

Recommended Posts

megavolt Newbie

megavolt

Posted
Posted
I am using "Advanced Guestbook" on my site and I'm getting spammed something wicked, even though I installed "human verification" to the page. What I have noticed though, is that most of the spam (if not all - probably robots) are coming directly to the guestbook from the "outside", and not from my site. Is there a relatively simple way that I can block direct entry to my guestbook so that my visitors can only get to the guestbook from a link on my site? The guestbook is written in PHP, but not the rest of my site.
Just please keep in mind that I don't know much concerning PHP or any other type of programming.
Thank you
Link to comment
https://forums.phpfreaks.com/topic/8550-how-to-block-direct-access-to-web-page/
Share on other sites
Orio Member

Orio

Posted
Posted
From your site, have a link to a page saying "Click here to enter the guest book". This page either sends the user a cookie (that expires after a minute or so) or starts a seession (or both). And the guestbook itself, checks if things are set. This can be another way preveting people.

Orio.
megavolt Newbie

megavolt

Posted
  • Author
Posted
[!--quoteo(post=369232:date=Apr 27 2006, 09:04 AM:name=thorpe)--][div class=\'quotetop\']QUOTE(thorpe @ Apr 27 2006, 09:04 AM) [snapback]369232[/snapback][/div][div class=\'quotemain\'][!--quotec--]
You could check the referer. Something like...
[code]
if (!$_SERVER['http_referer'] == "http://yoursite.com") {
  echo "go away";
}
[/code]
Be aware though that this itself is quite easily spooked.
[/quote]


Thank you.

If I use the code above, will it except a link from the other pages on my site
(ie. [a href=\"http://www.mysite.com/newpage.html\" target=\"_blank\"]http://www.mysite.com/newpage.html[/a] )?
I understand that this code could be easily spooked, but if it works, I doubt the robots could do anything about it, and I also doubt the spammers with put so much effort into bypassing it.

[!--quoteo(post=369285:date=Apr 27 2006, 12:07 PM:name=Orio)--][div class=\'quotetop\']QUOTE(Orio @ Apr 27 2006, 12:07 PM) [snapback]369285[/snapback][/div][div class=\'quotemain\'][!--quotec--]
From your site, have a link to a page saying "Click here to enter the guest book". This page either sends the user a cookie (that expires after a minute or so) or starts a seession (or both). And the guestbook itself, checks if things are set. This can be another way preveting people.

Orio.
[/quote]


Thanks.
This may or may not work, but either way it's way over my head to even understand. Like I said I have no experience in PHP.
megavolt Newbie

megavolt

Posted
  • Author
Posted
[!--quoteo(post=369232:date=Apr 27 2006, 09:04 AM:name=thorpe)--][div class=\'quotetop\']QUOTE(thorpe @ Apr 27 2006, 09:04 AM) [snapback]369232[/snapback][/div][div class=\'quotemain\'][!--quotec--]
You could check the referer. Something like...
[code]
if (!$_SERVER['http_referer'] == "http://yoursite.com") {
  echo "go away";
}
[/code]
Be aware though that this itself is quite easily spooked.
[/quote]


Ok, I tried this but all it does is put the words "go away" at the top of the page.

Like I said, I don't know much about PHP but is there a way to put all that is written on the particluar webpage in an "include" command and then write something that would open the "include" command only if the referer is from my site, and if not it will print something like No Entry?
sanfly Member

sanfly

Posted
Posted
Okay, this isnt a pretty code, and is most likely not the best way to do this, but it should work. Dont forget to replace www.yoursite.com with your own web domain. It should allow access from any other page on your domain within the "root" directory specified. Wont work if you go directly to that page from a bookmark or external link

[code]        $base = basename($_SERVER['PHP_SELF']); // Finds the base page for removal
    $theSite = str_replace($base, '', $_SERVER['HTTP_REFERER']);  // removes the base page
    $theSite = str_replace(strstr($theSite, '?'), '', $theSite);  // removes any dynamic url components

    if ($theSite != "http://yoursite.com") {
          echo "go away<br><br>";
        exit();
    }
    
    // The rest of your code here[/code]
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.