Jump to content


Photo

How to block direct access to web page?


  • Please log in to reply
6 replies to this topic

#1 megavolt

megavolt
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 27 April 2006 - 01:55 PM

I am using "Advanced Guestbook" on my site and I'm getting spammed something wicked, even though I installed "human verification" to the page. What I have noticed though, is that most of the spam (if not all - probably robots) are coming directly to the guestbook from the "outside", and not from my site. Is there a relatively simple way that I can block direct entry to my guestbook so that my visitors can only get to the guestbook from a link on my site? The guestbook is written in PHP, but not the rest of my site.
Just please keep in mind that I don't know much concerning PHP or any other type of programming.
Thank you

#2 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 27 April 2006 - 02:04 PM

You could check the referer. Something like...
if (!$_SERVER['http_referer'] == "http://yoursite.com") {
  echo "go away";
}
Be aware though that this itself is quite easily spooked.

#3 Orio

Orio
  • Staff Alumni
  • Advanced Member
  • 2,491 posts

Posted 27 April 2006 - 05:07 PM

From your site, have a link to a page saying "Click here to enter the guest book". This page either sends the user a cookie (that expires after a minute or so) or starts a seession (or both). And the guestbook itself, checks if things are set. This can be another way preveting people.

Orio.
Think you're smarty?

(Gone until 20 to November)

#4 megavolt

megavolt
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 28 April 2006 - 08:31 AM

[!--quoteo(post=369232:date=Apr 27 2006, 09:04 AM:name=thorpe)--][div class=\'quotetop\']QUOTE(thorpe @ Apr 27 2006, 09:04 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
You could check the referer. Something like...
if (!$_SERVER['http_referer'] == "http://yoursite.com") {
  echo "go away";
}
Be aware though that this itself is quite easily spooked.
[/quote]


Thank you.

If I use the code above, will it except a link from the other pages on my site
(ie. [a href=\"http://www.mysite.com/newpage.html\" target=\"_blank\"]http://www.mysite.com/newpage.html[/a] )?
I understand that this code could be easily spooked, but if it works, I doubt the robots could do anything about it, and I also doubt the spammers with put so much effort into bypassing it.

[!--quoteo(post=369285:date=Apr 27 2006, 12:07 PM:name=Orio)--][div class=\'quotetop\']QUOTE(Orio @ Apr 27 2006, 12:07 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
From your site, have a link to a page saying "Click here to enter the guest book". This page either sends the user a cookie (that expires after a minute or so) or starts a seession (or both). And the guestbook itself, checks if things are set. This can be another way preveting people.

Orio.
[/quote]


Thanks.
This may or may not work, but either way it's way over my head to even understand. Like I said I have no experience in PHP.


#5 megavolt

megavolt
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 28 April 2006 - 09:53 AM

[!--quoteo(post=369232:date=Apr 27 2006, 09:04 AM:name=thorpe)--][div class=\'quotetop\']QUOTE(thorpe @ Apr 27 2006, 09:04 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
You could check the referer. Something like...
if (!$_SERVER['http_referer'] == "http://yoursite.com") {
  echo "go away";
}
Be aware though that this itself is quite easily spooked.
[/quote]


Ok, I tried this but all it does is put the words "go away" at the top of the page.

Like I said, I don't know much about PHP but is there a way to put all that is written on the particluar webpage in an "include" command and then write something that would open the "include" command only if the referer is from my site, and if not it will print something like No Entry?

#6 sanfly

sanfly
  • Members
  • PipPipPip
  • Advanced Member
  • 344 posts
  • LocationNew Zealand

Posted 28 April 2006 - 10:47 AM

Okay, this isnt a pretty code, and is most likely not the best way to do this, but it should work. Dont forget to replace www.yoursite.com with your own web domain. It should allow access from any other page on your domain within the "root" directory specified. Wont work if you go directly to that page from a bookmark or external link

        $base = basename($_SERVER['PHP_SELF']); // Finds the base page for removal
    $theSite = str_replace($base, '', $_SERVER['HTTP_REFERER']);  // removes the base page
    $theSite = str_replace(strstr($theSite, '?'), '', $theSite);  // removes any dynamic url components

    if ($theSite != "http://yoursite.com") {
          echo "go away<br><br>";
        exit();
    }
    
    // The rest of your code here

If you're not part of the solution, you're part of the precipitate

#7 megavolt

megavolt
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 28 April 2006 - 11:46 AM

WOW Thanks.
I think it's working. I'll try it out for a while and see what happens.
Thanks again





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users