Msg#: 4547473 posted 11:54 pm on Feb 21, 2013 (gmt 0)
Obvious tangential question: Is the php involvement needed for some reason beyond what you've said here? If all you're looking at is redirecting and rewriting between url-with-query and url-using-subdomain, with the identical variable format ("01var") either way, you should be able to do it directly in the config file or htaccess. Or, uh, equivalent in That Other Server.
The variable is :: shuffling papers :: $_SERVER[HTTP_HOST]
Well, ###. I could have made that up and I'd have been right.
Enabling subdomains-- possibly including wild-card subdomains --is of course a completely different issue from the mechanics of redirecting and/or rewriting.
Msg#: 4547473 posted 6:11 am on Feb 22, 2013 (gmt 0)
Yes, that is necessary to use some countermeasure against hackers (trying brute force attacks). For every user is unique url to login. So the user can login only if he tries to login from the unique url associated only with the user. For example website login form is in file login.php I mean: 1) user enters business name 2) the business name is recorded in mysql 3) the business name from mysql is placed at the end of url, like login.php?businessname. This is the url for particular user to login 4) when any of users type url like login.php?xyz(1,2,3 etc) login form is displayed (echo). 5)in that login form user types username and password. 6) get/create php variable that contains url after ? sign 7) compare if such variable exists in mysql and match username 8)if not exist, error message; if exists, check if password is correct
By the way would like to know thoughts how effective is such solution. Here is example https://secure.freshbooks.com/loginSearch.php
And by the way... question. Is it possible to create whitelist of bots that are allowed to see website? So if bot is not in the whitelist, it sees something blank (does not see input form code).
Msg#: 4547473 posted 10:08 am on Feb 22, 2013 (gmt 0)
Don't even let the robots get close to your php. If they're not whitelisted, slam a 403 in their face.
If the site requires a login, do you need to admit any robots anywhere? Don't know about anyone else, but as a user it makes me insane when something comes up in a search engine and when I go there it turns out I have to log in. And they don't just want my name, they want money. Sorry, site, but you're just not that desirable.