1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 9:51 am Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

make sure file is called from the same domain

         

jamie

5:28 pm on Dec 21, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



hi,

a bit of our affiliate tracking code looks like this:

<img src="http://www.example.com/tracking.php?order=12345&amount=100">

how can i make sure that this file tracking.php is called from my domain only?

i may be just having a blind spot, but i can't think of any way?

many thanks

rainborick

6:09 pm on Dec 21, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



The only methods that I can think of are checking $_SERVER['HTTP_REFERER'], which isn't secure or terribly reliable, or relying on sessions or cookies, which is probably best since you can do some real-time cross-checking.

jamie

6:29 pm on Dec 21, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



that's about as far as i got :)

but that also got me thinking... i track using a cookie. so i've appended an md5() of that cookie together with a secret word and check that. if that page is called from another domain, then they can't read the cookie and the md5() is impossible to guess.

tks for pointing in the right direction!
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 9:51 am Apr 28, 2026