PHP hit counter - bug/problem

WayneM · Post by **WayneM** » Wed Feb 01, 2006 11:55 pm

Script URL:
Version of script: Version: 1.0
Version of PHP:
Hosting company:
Have you searched THIS FORUM for your problem: yes
(if not please do before posting)
If so, what terms did you try:

Write your message below:

I've installed PHP hit counter and it works fine. Thanks!

However, here's a problem that might need some looking into.

It seems that if you enter the url of the script in a browser,
ex: http/www.yourwebsite.com/counter.php

The script will execute and increase the log counter.

If someone really wants to be a pest, they can enter urls like:
http/www.yourwebsite.com/counter.php?page=index1
http/www.yourwebsite.com/counter.php?page=index2
http/www.yourwebsite.com/counter.php?page=index3
http/www.yourwebsite.com/counter.php?page=index4
http/www.yourwebsite.com/counter.php?page=index5
and so on....

That will create .log files on your server.

I've correctly enabled the HTTP referer validation in the script, and it still allows this kind of direct url abuse.

Post by **Klemen** » Thu Feb 02, 2006 2:06 pm

If no HTTP referer is set the counter will allow execution (because many browsers can be setup not to give away HTTP referer info), but you can disable that by changing

Code: Select all

	if ($check_referer == 1 && !(empty($_SERVER['HTTP_REFERER'])))
	{
		check_referer($_SERVER['HTTP_REFERER']);
	}

to

Code: Select all

	if ($check_referer)
	{
		check_referer($_SERVER['HTTP_REFERER']);
	}

WayneM · Post by **WayneM** » Fri Feb 03, 2006 2:17 pm

Excellent.

Thank you again for the great script and your helpful support