secure the referer page to prevent fraud

User 152610 Photo


Registered User
3 posts

Hi, I am doing scratch ticket for my clients and for each ticket I have a looser form and a winner form ;-) So to secure the winner form url from being cut and past to other, I added this code
<?php
$referer = $_SERVER['HTTP_REFERER'];
$referer_parse = parsel_url($referer);
if($referer_parse['host'] == "example.com" || $referer_parse['host'] == "www.example.com") {
} else { header("Location: http://www.example.com/redirected-page");
exit();
}
?>
in the php file called by the winner form url, making this sure thaht if the palyer do not come from the specified url then he can not open the form.
I hope you understand so far... Since now I hosted my self the form files, so no problem to add this code to my files.

The question is how can I still do that when hosted on S-Drive ?

regards
JB
http://www.scan-and-scratch.com
User 187934 Photo


Senior Advisor
18,081 posts

Sorry, No custom PHP scripts on S-Drive at this time.:)
I can't hear what I'm looking at.
It's easy to overlook something you're not looking for.

Here's my S-Drive site with
examples of what can be accomplished in VSD.
http://progrower.coffeecup.com/
Here's my CoffeeCup SCCP Shop with examples of what can be done.
http://progrower.coffeecup.com/shop/
This is a site I built for my work.(RSD)
http://esmansgreenhouse.com
This is a site I built for use in my job.(HTML Editor)
https://pestlogbook.com
This is my personnel site used for testing and as an easy way to share photos.(RLM imported to RSD)
http://ericrohloff.com
http://ericrohloff.com/property/
User 152610 Photo


Registered User
3 posts

Hi Eric,
yes I understand about no custom PHP, but could this be added in a next release as option under the settings tab ?
like a secure tab where we can add the url where the form is hosted....
not so complicated to do ;)
JB
User 187934 Photo


Senior Advisor
18,081 posts

I doubt CC will allow custom scripts any time soon. To risky for what they really intend for S-Drive. Easy one click publishing. If they do allow php scripts at a later date they will probably be from a pick list so they still have control.
I can't hear what I'm looking at.
It's easy to overlook something you're not looking for.

Here's my S-Drive site with
examples of what can be accomplished in VSD.
http://progrower.coffeecup.com/
Here's my CoffeeCup SCCP Shop with examples of what can be done.
http://progrower.coffeecup.com/shop/
This is a site I built for my work.(RSD)
http://esmansgreenhouse.com
This is a site I built for use in my job.(HTML Editor)
https://pestlogbook.com
This is my personnel site used for testing and as an easy way to share photos.(RLM imported to RSD)
http://ericrohloff.com
http://ericrohloff.com/property/
User 152610 Photo


Registered User
3 posts

I understand, then I will do like this : first host a "secure" page witch then redirect to the S-Drive Forms according to the referer in my script... But I do think that could be a build-in option on Web form builder, so no custom script needed then.

Have something to add? We’d love to hear it!
You must have an account to participate. Please Sign In Here, then join the conversation.