Forum Moderators: coopster
I'm working on a system where I list links after a search in the database. To be able to count "clicks" I first send users to a script that logs the redirection.
The format of the links are:
redirect.php?x=var1Švar2Švar3
The problem is that if I don't encrypt the whole x users are able to manually change the vars and that is of course not good... (assumption: users are evil :)
Question1: What is the best way to encrypt this?
I was thinking of recompiling php to enable mcrypt, but do I really need this strong encryption and isn't it really time consuming? I want this to be quite fast... The encryption alg. has to encrypt 25 * 50 char long strings for each page.
Question2: In redirect script: How do I detect that it is a user with a browser and that the request not is from a script on an other server or "spider" etc.?
Any other suggestions are of course welcome!
thanks!
/Niels
send two arguments - 1 being the url destination '?dest='
urlencode("http://www.widgets.com")
md5("neverguessthis"."http://www.widgets.com")
in your redirection script, read the two variables:
if((md5("neverguessthis".$_REQUEST['dest']))==($_REQUEST['encr']))
for your second question, it is easiest to use the user agent:
$browsers=array("MSIE", "Mozilla", "Opera", "X11");
$is_user=0;
foreach($browsers as $key => $val)
{
if(strstr("$HTTP_USER_AGENT", $val))
{
$is_user=1;
break;
}
}
