I'm trying to have a page that can only be accessed from approved websites but I don't know exactly how to approach it. Would I just have to provide like a snippet of PHP code that generates a random key and attaches it to the URL and that key is only valid for one access?
Or would it be possible to have a cookie set at the other domain, and then read at the final destination? Maybe it would be a 1px iframe at the initial page?
Or am I just trying to do something that's never going to work?
在评论中,我们能够澄清......
我 [zen] 只需要一种方法来保护页面,而无需为每个用户提供登录凭据,或者为此进行任何登录。我认为的另一个选择是每次他们点击一个链接时可能会发送一个 POST,而我的页面只有在 POST 包含特定密钥时才允许他们进入。[...]
由于检测欺诈性访问不是问题,因此我建议您只需根据已批准的网站(和/或页面)列表检查http 引荐来源网址。对于已获批准的站点而言,它是非侵入性的,并且提供的安全性并不比您检查的固定后令牌更差。
在 PHP 中,引用者位于$_SERVER['HTTP_REFERER']变量中(如果可用)。
好的,这是答案
<?php
$server = $_SERVER['SERVER_NAME']; //Getting Server name
$site_name = "http://$server"; //Creating Website URL from SERVER_NAME
$url_allowed = array("http://www.allowed1.com", "http://www.allowed2.com"); //Add Allowed Website list Here
if(in_array($site_name,$url_allowed)){
echo "<a href='***your link here***'>This is Link</a>";
}else{
echo "This Link is Not Allowed For Your Site";
}
?>