Saturday, March 11, 2006

How to prevent abuse of a remote signup page (PHP)

I have a ticket website and a night life mailer that goes out weekly, on the ticket website I want to allow the users to remotely sign up for the nightlife mailer, but I cannot leave this un-encrypted or it will be subject to abuse so my mechanism is a remote post using the following method.

Here is the code on the nightlife site:
$namestr= str_replace(" ",'',urldecode($_GET['name']));
if ($key==MD5($'jdy')))
if (!is_user($email,$newsletter))
insert_user ($name,$email,$newsletter,'html');
echo "ok";
echo "member";
echo "bad";
Then I just create a function in the ticket website code to post to the URL on the night life website like so :
$nname=$frm['firstname']." ".$frm['lastname'];
$namestr= str_replace(" ",'',$nname);
$result=file_get_contents ($geturl);
Then test result for ok or bad and preventing false sign-ups from my remote site

No comments:

Post a Comment