How to prevent abuse of a remote signup page (PHP)
I have a ticket website and a night life mailer that goes out weekly, on the ticket website I want to allow the users to remotely sign up for the nightlife mailer, but I cannot leave this un-encrypted or it will be subject to abuse so my mechanism is a remote post using the following method.
Here is the code on the nightlife site:
$key=$_GET['key'];
$name=urldecode($_GET['name']);
$namestr= str_replace(" ",'',urldecode($_GET['name']));
$email=urldecode($_GET['email']);
$newsletter=$_GET['newsletter'];
if ($key==MD5($namestr.date('jdy')))
{
if (!is_user($email,$newsletter))
{
insert_user ($name,$email,$newsletter,'html');
echo "ok";
}
else
echo "member";
}
else
echo "bad";
BREAK;
Then I just create a function in the ticket website code to post to the URL on the night life website like so :
$nname=$frm['firstname']." ".$frm['lastname'];
$namestr= str_replace(" ",'',$nname);
$key=MD5($namestr.date('jdy'));
$geturl="http://www.nitelife.com/signup.php?key=$key&name=".urlencode($nname)."&email=".urlencode($frm['email'])."&newsletter=1";
$result=file_get_contents ($geturl);
Then test result for ok or bad and preventing false sign-ups from my remote site