Referer check for click validation

jido · 02-12-2008, 05:09 AM

Hi

I have the following snippet in my script as a simple fraud prevention device, to avoid counting clicks that do not originate from the same website. What are your comments on it?

PHP Code:

  function check_referer()

????: NamePros.com http://www.namepros.com/programming/431290-referer-check-for-click-validation.html
{

    $ref = $_SERVER['HTTP_REFERER'];

    $domain = $_SERVER['SERVER_NAME'];

    return (preg_match("/^http:\/\/$domain/", $ref) == 1);

}

I suspect that some browsers do not provide the HTTP_REFERER header, which causes clicks to be ignored when they could be counted. On the other hand quite a few of the clicks seem to come from same domain IPs, so the device may fulfill its function well enough.

Do you use anything similar on your site?

xrvel · 02-12-2008, 05:55 AM

What about this ? Add an "i" in preg_match.:

PHP Code:

  function check_referer() {

    $ref = $_SERVER['HTTP_REFERER'];

    $domain = $_SERVER['SERVER_NAME'];

    return (preg_match("/^http:\/\/$domain/i", $ref) == 1);

}

Btw, what kind of website it is?

jido · 02-12-2008, 06:02 AM

Thanks, I added your suggestion.

Nothing exciting it is a site listing for online estimates: http://nestimates.com
Good experimental ground for some of my ideas though

xrvel · 02-12-2008, 06:25 AM

Other method you can use is creating a link with unique id.

Preparing the functions...

PHP Code:

  function is_valid_click() {

   if (!isset($_GET['stamp'])) {

      return(false);

   }

   if (!isset($_GET['hash'])) {

      return(false);

   }

   $stamp = $_GET['stamp'];// time stamp

   $hash = $_GET['hash'];// hashed time stamp

   if ($stamp < time() - 3600) {// old link

      return(false);

   }

   return( ($hash == mycrypt($stamp)) );// check hash

}

 
function mycrypt($s) {

  return(md5('unique' . $s . 'id'));

????: NamePros.com http://www.namepros.com/showthread.php?t=431290
}

Generate the link

PHP Code:

  $now = time();

$hashed = mycrypt($now);

$link = '?redirect=http://google.com&amp;stamp=' . $now . '&amp;hash='. $hashed;

 
echo("<a href=\"$link\" > click </a>");

Checking the clicks

PHP Code:

  if (! is_valid_click()) {

????: NamePros.com http://www.namepros.com/showthread.php?t=431290
   echo('Do not click this link from any website but nestimates.com');

} else {

   // redirect here

}

02-12-2008, 05:09 AM	THREAD STARTER #1 (permalink)
jido Senior Member Join Date: Aug 2007 Posts: 2,172	Referer check for click validation Hi I have the following snippet in my script as a simple fraud prevention device, to avoid counting clicks that do not originate from the same website. What are your comments on it? PHP Code: `function check_referer() ????: NamePros.com http://www.namepros.com/programming/431290-referer-check-for-click-validation.html { $ref = $_SERVER['HTTP_REFERER']; $domain = $_SERVER['SERVER_NAME']; return (preg_match("/^http:\/\/$domain/", $ref) == 1); }` I suspect that some browsers do not provide the HTTP_REFERER header, which causes clicks to be ignored when they could be counted. On the other hand quite a few of the clicks seem to come from same domain IPs, so the device may fulfill its function well enough. Do you use anything similar on your site? __________________ ______________________________________ Help with crosswords http://lettercombination.com Pitfalls of Java http://javasyntax.com _______________ f o r . s a l e ______________

02-12-2008, 05:55 AM	#2 (permalink)
xrvel i love automation Join Date: Nov 2007 Location: xrvel.com Posts: 1,620 Follow @xrvel	What about this ? Add an "i" in preg_match.: PHP Code: `function check_referer() { $ref = $_SERVER['HTTP_REFERER']; $domain = $_SERVER['SERVER_NAME']; return (preg_match("/^http:\/\/$domain/i", $ref) == 1); }` Btw, what kind of website it is? __________________ Xrvel \| Free Wordpress Plugins \| Desain \| Bodoh \| WP License

02-12-2008, 06:02 AM	THREAD STARTER #3 (permalink)
jido Senior Member Join Date: Aug 2007 Posts: 2,172	Thanks, I added your suggestion. Nothing exciting it is a site listing for online estimates: http://nestimates.com Good experimental ground for some of my ideas though __________________ ______________________________________ Help with crosswords http://lettercombination.com Pitfalls of Java http://javasyntax.com _______________ f o r . s a l e ______________

02-12-2008, 06:25 AM	#4 (permalink)
xrvel i love automation Join Date: Nov 2007 Location: xrvel.com Posts: 1,620 Follow @xrvel	Other method you can use is creating a link with unique id. Preparing the functions... PHP Code: function is_valid_click() { if (!isset($_GET['stamp'])) { return(false); } if (!isset($_GET['hash'])) { return(false); } $stamp = $_GET['stamp'];// time stamp $hash = $_GET['hash'];// hashed time stamp if ($stamp < time() - 3600) {// old link return(false); } return( ($hash == mycrypt($stamp)) );// check hash } function mycrypt($s) { return(md5('unique' . $s . 'id')); ????: NamePros.com http://www.namepros.com/showthread.php?t=431290 } Generate the link PHP Code: `$now = time(); $hashed = mycrypt($now); $link = '?redirect=http://google.com&stamp=' . $now . '&hash='. $hashed; echo("<a href=\"$link\" > click </a>");` Checking the clicks PHP Code: `if (! is_valid_click()) { ????: NamePros.com http://www.namepros.com/showthread.php?t=431290 echo('Do not click this link from any website but nestimates.com'); } else { // redirect here }` __________________ Xrvel \| Free Wordpress Plugins \| Desain \| Bodoh \| WP License

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)