Referer check for click validation

jido · 02-12-2008, 04:09 AM

Hi

I have the following snippet in my script as a simple fraud prevention device, to avoid counting clicks that do not originate from the same website. What are your comments on it?

PHP Code:

  function check_referer()

{

    $ref = $_SERVER['HTTP_REFERER'];

    $domain = $_SERVER['SERVER_NAME'];

    return (preg_match("/^http:\/\/$domain/", $ref) == 1);

}

I suspect that some browsers do not provide the HTTP_REFERER header, which causes clicks to be ignored when they could be counted. On the other hand quite a few of the clicks seem to come from same domain IPs, so the device may fulfill its function well enough.

Do you use anything similar on your site?

xrvel · 02-12-2008, 04:55 AM

What about this ? Add an "i" in preg_match.:

PHP Code:

  function check_referer() {

    $ref = $_SERVER['HTTP_REFERER'];

    $domain = $_SERVER['SERVER_NAME'];

    return (preg_match("/^http:\/\/$domain/i", $ref) == 1);

}

Btw, what kind of website it is?

jido · 02-12-2008, 05:02 AM

Thanks, I added your suggestion.

Nothing exciting it is a site listing for online estimates: http://nestimates.com
Good experimental ground for some of my ideas though

xrvel · 02-12-2008, 05:25 AM

Other method you can use is creating a link with unique id.

Preparing the functions...

PHP Code:

  function is_valid_click() {

   if (!isset($_GET['stamp'])) {

      return(false);

   }

   if (!isset($_GET['hash'])) {

      return(false);

   }

   $stamp = $_GET['stamp'];// time stamp

   $hash = $_GET['hash'];// hashed time stamp

   if ($stamp < time() - 3600) {// old link

      return(false);

   }

   return( ($hash == mycrypt($stamp)) );// check hash

}

 
function mycrypt($s) {

  return(md5('unique' . $s . 'id'));

}

Generate the link

PHP Code:

  $now = time();

$hashed = mycrypt($now);

$link = '?redirect=http://google.com&amp;stamp=' . $now . '&amp;hash='. $hashed;

 
echo("<a href=\"$link\" > click </a>");

Checking the clicks

PHP Code:

  if (! is_valid_click()) {

   echo('Do not click this link from any website but nestimates.com');

} else {

   // redirect here

}

02-12-2008, 04:09 AM	#1 (permalink)
jido Senior Member Join Date: Aug 2007 Posts: 2,167 457.00 NP$ (Donate)	Referer check for click validation Hi I have the following snippet in my script as a simple fraud prevention device, to avoid counting clicks that do not originate from the same website. What are your comments on it? PHP Code: `function check_referer() { $ref = $_SERVER['HTTP_REFERER']; $domain = $_SERVER['SERVER_NAME']; return (preg_match("/^http:\/\/$domain/", $ref) == 1); }` I suspect that some browsers do not provide the HTTP_REFERER header, which causes clicks to be ignored when they could be counted. On the other hand quite a few of the clicks seem to come from same domain IPs, so the device may fulfill its function well enough. Do you use anything similar on your site? __________________ ~~______________________________________~~ Time After Leisure & Events discussions eBay auction aqnu, pzpy, vqqr.com 16 llll.com start $.95 ~~_______________~~ f o r . s a l e ~~______________~~

02-12-2008, 04:55 AM	#2 (permalink)
xrvel i love automation Join Date: Nov 2007 Posts: 1,409 987.78 NP$ (Donate)	What about this ? Add an "i" in preg_match.: PHP Code: `function check_referer() { $ref = $_SERVER['HTTP_REFERER']; $domain = $_SERVER['SERVER_NAME']; return (preg_match("/^http:\/\/$domain/i", $ref) == 1); }` Btw, what kind of website it is? __________________ Xrvel \| Various online tools \| Free Proxy List \| Hidden Proxy Partai Golkar \| Noomle works : Las Vegas Airfare

02-12-2008, 05:02 AM	#3 (permalink)
jido Senior Member Join Date: Aug 2007 Posts: 2,167 457.00 NP$ (Donate)	Thanks, I added your suggestion. Nothing exciting it is a site listing for online estimates: http://nestimates.com Good experimental ground for some of my ideas though __________________ ~~______________________________________~~ Time After Leisure & Events discussions eBay auction aqnu, pzpy, vqqr.com 16 llll.com start $.95 ~~_______________~~ f o r . s a l e ~~______________~~

02-12-2008, 05:25 AM	#4 (permalink)
xrvel i love automation Join Date: Nov 2007 Posts: 1,409 987.78 NP$ (Donate)	Other method you can use is creating a link with unique id. Preparing the functions... PHP Code: `function is_valid_click() { if (!isset($_GET['stamp'])) { return(false); } if (!isset($_GET['hash'])) { return(false); } $stamp = $_GET['stamp'];// time stamp $hash = $_GET['hash'];// hashed time stamp if ($stamp < time() - 3600) {// old link return(false); } return( ($hash == mycrypt($stamp)) );// check hash } function mycrypt($s) { return(md5('unique' . $s . 'id')); }` Generate the link PHP Code: `$now = time(); $hashed = mycrypt($now); $link = '?redirect=http://google.com&stamp=' . $now . '&hash='. $hashed; echo("<a href=\"$link\" > click </a>");` Checking the clicks PHP Code: `if (! is_valid_click()) { echo('Do not click this link from any website but nestimates.com'); } else { // redirect here }` __________________ Xrvel \| Various online tools \| Free Proxy List \| Hidden Proxy Partai Golkar \| Noomle works : Las Vegas Airfare

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)