Which could show the hidden content on the page only for the email recipient
<?php
if ($hidden==“show”) echo “show my stuff”;
?>
Catch is this is a URL which would probably leak to google. So the user will need to post a form once they get there (Maybe I’m answering my own question here and just going round in circles…)
<?php
if ($hidden==“show”) echo “reveal FORM button for user to POST second variable to show my stuff”;
?>
This is not ultra secret stuff and I don’t want to go down the route user signup login and session / database etc as this is overkill for this project.
Anyone got a better idea, has to ultra simple as the client will have to set the URL in the original email
David Owen { Freeway Friendly Web hosting and Domains }
You could use a combination of a cryptic URL and a test for the HTTP_REFERER header.
<?php if(empty($_SERVER['HTTP_REFERER'])){ ?>
<section>
<p>This is the super-secret hidden stuff.</p>
</section>
<?php } ?>
Links clicked from e-mail won’t have a referrer, so that header won’t be set. (Not sure how Webmail or Gmail in a Web browser would fare here.) But definitely, anyone coming from a link in a search engine would have their referrer set and thus would miss the hidden content.
Walter
On Mar 7, 2012, at 6:48 AM, David Owen wrote:
Just wondering how to get around the problem of hiding website content to a general visitor but allowing it from a back link from an email.
I just tested it from the Gmail Web interface, and they appear to be removing that header. I mailed the link to myself, and tested repeatedly – hidden content showed right up.
This will only stop someone from getting there from a Web link (like a search engine) but it won’t stop the case of a visitor copying the URL and mailing it to someone else. It will also show the hidden content to anyone who guesses the URL and types it into their browser (no referrer is set in that case either).
Walter
On Mar 7, 2012, at 9:35 AM, David Owen wrote:
Opps! mail crossed
Thanks Walter that sounds workable and reasonably secure for this application.
–
David
On 7 Mar 2012, at 14:10, Walter Lee Davis wrote:
You could use a combination of a cryptic URL and a test for the HTTP_REFERER header.
And saves a whole heap of work asking users to create logins and databases of users and all that brings with it.
–
David
On 7 Mar 2012, at 14:41, Walter Lee Davis wrote:
This will only stop someone from getting there from a Web link (like a search engine) but it won’t stop the case of a visitor copying the URL and mailing it to someone else. It will also show the hidden content to anyone who guesses the URL and types it into their browser (no referrer is set in that case either).
There’s going to be more than one link in the email to multiple pages so the uses might want to browse multiple pages. Going back and forth from email to site and back might be big ask.
I’m setting assuming a session cookie might work instead?
–
David
On 7 Mar 2012, at 14:41, Walter Lee Davis wrote:
I just tested it from the Gmail Web interface, and they appear to be removing that header. I mailed the link to myself, and tested repeatedly – hidden content showed right up.
This will only stop someone from getting there from a Web link (like a search engine) but it won’t stop the case of a visitor copying the URL and mailing it to someone else. It will also show the hidden content to anyone who guesses the URL and types it into their browser (no referrer is set in that case either).
Walter
On Mar 7, 2012, at 9:35 AM, David Owen wrote:
Opps! mail crossed
Thanks Walter that sounds workable and reasonably secure for this application.
–
David
On 7 Mar 2012, at 14:10, Walter Lee Davis wrote:
You could use a combination of a cryptic URL and a test for the HTTP_REFERER header.
<?php
//in the before HTML slot
session_start();
function present($var){
return (isset($var) && !empty($var));
}
function show_hidden(){
return (present($_SESSION['show']) ||
! present($_SERVER['HTTP_REFERER']));
}
if(! present($_SERVER['HTTP_REFERER'])){
$_SESSION['show'] = true;
}
?>
elsewhere...
<?php if( show_hidden() ){ ?>
hidden content
<?php } ?>
Walter
On Mar 7, 2012, at 11:33 AM, David Owen wrote:
Darn it, a spanner has just been thrown in.
There’s going to be more than one link in the email to multiple pages so the uses might want to browse multiple pages. Going back and forth from email to site and back might be big ask.
I’m setting assuming a session cookie might work instead?
–
David
On 7 Mar 2012, at 14:41, Walter Lee Davis wrote:
I just tested it from the Gmail Web interface, and they appear to be removing that header. I mailed the link to myself, and tested repeatedly – hidden content showed right up.
This will only stop someone from getting there from a Web link (like a search engine) but it won’t stop the case of a visitor copying the URL and mailing it to someone else. It will also show the hidden content to anyone who guesses the URL and types it into their browser (no referrer is set in that case either).
Walter
On Mar 7, 2012, at 9:35 AM, David Owen wrote:
Opps! mail crossed
Thanks Walter that sounds workable and reasonably secure for this application.
–
David
On 7 Mar 2012, at 14:10, Walter Lee Davis wrote:
You could use a combination of a cryptic URL and a test for the HTTP_REFERER header.
<?php
//in the before HTML slot
session_start();
function present($var){
return (isset($var) && !empty($var));
}
function show_hidden(){
return (present($_SESSION['show']) ||
! present($_SERVER['HTTP_REFERER']));
}
if(! present($_SERVER['HTTP_REFERER'])){
$_SESSION['show'] = true;
}
?>
elsewhere...
<?php if( show_hidden() ){ ?>
hidden content
<?php } ?>
Walter
On Mar 7, 2012, at 11:33 AM, David Owen wrote:
Darn it, a spanner has just been thrown in.
There’s going to be more than one link in the email to multiple pages so the uses might want to browse multiple pages. Going back and forth from email to site and back might be big ask.
I’m setting assuming a session cookie might work instead?
–
David
On 7 Mar 2012, at 14:41, Walter Lee Davis wrote:
I just tested it from the Gmail Web interface, and they appear to be removing that header. I mailed the link to myself, and tested repeatedly – hidden content showed right up.
This will only stop someone from getting there from a Web link (like a search engine) but it won’t stop the case of a visitor copying the URL and mailing it to someone else. It will also show the hidden content to anyone who guesses the URL and types it into their browser (no referrer is set in that case either).
Walter
On Mar 7, 2012, at 9:35 AM, David Owen wrote:
Opps! mail crossed
Thanks Walter that sounds workable and reasonably secure for this application.
–
David
On 7 Mar 2012, at 14:10, Walter Lee Davis wrote:
You could use a combination of a cryptic URL and a test for the HTTP_REFERER header.