URL Cloaking with PHP...

Status
Not open for further replies.
kblessinggr

kblessinggr

PedoBeard
Sep 15, 2008
5,723
80
0
G.R., Michigan
www.kbeezie.com
Normally I would try do this with a mod_rewrite and the usual [R=302,L] and such. But I need to do this with PHP as my client would like a easier way of adding affiliate links herself, so I figured well she could just cut/paste a line of an array and change the # and url.

Example
Code: 
$links = array();

$links[] = "http://www.ourownsite.com"; /* zero or blank, returns to own site */
$links[] = "http://www.somesiteone.com"; /* #1 */
$links[] = "http://www.somesitetwo.com"; /* #2 */
$links[] = "http://www.somesitethree.com"; /* #3 */
$links[] = "http://www.somesitefour.com"; /* #4 */

if(isset($_GET["l"])){ $lval = $_GET["l"]; } else { $lval = 0; }
if(isset($links[$lval])){ $linkout = $links[$lval]; } else { $linkout = $links[0]; }
 

header("HTTP/1.1 302 Moved Temporarily");
header("Location: $linkout");
exit();
Now that would work just fine and dandy... but she doesn't want the new link to show up in the address bar.


For example if I setup a rewrite rule so she can type http://www.somedomain.com/goto/3/
it would goto that php code above, then when it goes to the affiliates site
it should still say "http://www.somedomain.com/goto/3/ in the url


Anyone know the redirect code for that?
 


I was also thinking bout perhaps having the php simply read the content of the target site...

but that would probably lose the benefit of being an affiliate no? (since the hit would be coming from the web server as opposed to the visitor that clicked)
 
Numbers will get confusing...

Code: 
<?php

$id = $_GET['id'];
$myLinks = array (
    
    "hostgator" => "http://www.dpbolvw.net/click",
    "hostmonster" => "http://www.dpbolvw.net/click",
    "bluehost" => "http://www.kqzyfj.com/click"   
);

header("Location:".$myLinks[$id]);
exit;

?>

Code: 
<a href="http://mywebsite.com/links.php?id=hostgator">Hostgator</a>
 
radio said:
Numbers will get confusing...

Code: 
<?php

$id = $_GET['id'];
$myLinks = array (
    
    "hostgator" => "http://www.dpbolvw.net/click",
    "hostmonster" => "http://www.dpbolvw.net/click",
    "bluehost" => "http://www.kqzyfj.com/click"   
);

header("Location:".$myLinks[$id]);
exit;

?>
Code: 
<a href="http://mywebsite.com/links.php?id=hostgator">Hostgator</a>
Click to expand...

Hrm thanks for that, and I guess I'll just continue to use the same mod_rewrite so that she can just do http://www.mysite.com/follow/hostgator/ as an example (as opposed the /goto/#/ she has now)


But no clue as to how to make the url stay the same at he destination eh?

EDIT Just implemented it, works like a charm, I think you're right that it'll be far less confusing for her.
 
It doesn't work like a charm! I spent the whole afternoon yesterday working on the links, and yesterday it worked. Today I click on the banner ads (which are masked) and I get this error message: "No input file specified" along with a blank screen.

What the hell is wrong here? Why would it work yesterday and not today?
 
If you want the url to stay the same you have to frame it.
Build a frameset with one frame at a 100% and set src to $myLinks[$id].
 
BlueYonder said:
It doesn't work like a charm! I spent the whole afternoon yesterday working on the links, and yesterday it worked. Today I click on the banner ads (which are masked) and I get this error message: "No input file specified" along with a blank screen.

What the hell is wrong here? Why would it work yesterday and not today?
Click to expand...

Because wordpress apparently replaced the existing .htaccess. Has nothing to do with the PHP.
 
tyr897 said:
If you want the url to stay the same you have to frame it.
Build a frameset with one frame at a 100% and set src to $myLinks[$id].
Click to expand...

Yea that's what I thought... (except the people who would steal affiliate links in my opinion are generally smart enough to figure that out, kinda like in Firefox right clicking and say 'show only this frame').

Just thought maybe there was some kind of hiding without the frames, but guess not (least not without the destination being on the same server you have control of).
 
Do it in a frame and then encode the SRC of the frame. You can use this function (originally intended to encode emails):

Code: 
function c2c_email_obfuscator( $email, $encode_everything = 1 ) {
    if ( !$encode_everything )
        $email = str_replace(array('@', '.'), array('@', '.'), $email);
    else {
        $new_email = '';
        for( $i=0; $i < strlen($email); ++$i ) {
            $n = rand(0,1);
            if( $n )
                $new_email .= '&#x'. sprintf("%X",ord($email{$i})) . ';';
            else
                $new_email .= '&#' . ord($email{$i}) . ';';
        }
        $email = $new_email;
    }
    return $email;
}
So this:
Code: 
<frameset border="0" frameborder="0" marginleft="0" margintop="0" marginright="0" marginbottom="0" rows="100%,*">
  <frame src="<?=c2c_email_obfuscator('http://www.google.com')?>">
  <frame src="">
</frameset>
would produce this:
Code: 
<frameset border="0" frameborder="0" marginleft="0" margintop="0" marginright="0" marginbottom="0" rows="100%,*">
<iframe src="http://www.google.com"></iframe>
  <frame src="">
</frameset>
which is relatively tricky to de-code.
 
d60eba said:
Do it in a frame and then encode the SRC of the frame. You can use this function (originally intended to encode emails):

Code: 
function c2c_email_obfuscator( $email, $encode_everything = 1 ) {
    if ( !$encode_everything )
        $email = str_replace(array('@', '.'), array('@', '.'), $email);
    else {
        $new_email = '';
        for( $i=0; $i < strlen($email); ++$i ) {
            $n = rand(0,1);
            if( $n )
                $new_email .= '&#x'. sprintf("%X",ord($email{$i})) . ';';
            else
                $new_email .= '&#' . ord($email{$i}) . ';';
        }
        $email = $new_email;
    }
    return $email;
}
So this:
Code: 
<frameset border="0" frameborder="0" marginleft="0" margintop="0" marginright="0" marginbottom="0" rows="100%,*">
  <frame src="<?=c2c_email_obfuscator('http://www.google.com')?>">
  <frame src="">
</frameset>
would produce this:
Code: 
<frameset border="0" frameborder="0" marginleft="0" margintop="0" marginright="0" marginbottom="0" rows="100%,*">
<iframe src="http://www.google.com"></iframe>
  <frame src="">
</frameset>
which is relatively tricky to de-code.
Click to expand...

Nifty, thanks for the ofusication code. (PS: not sure if you use XHTML or not but those frame tags would need /> at the end instead of just >)

Course I assume not too many people will know how to right click "show only this frame" then get the url from that.
 
kblessinggr said:
Course I assume not too many people will know how to right click "show only this frame" then get the url from that.
Click to expand...

Well it's always going to be tough to stop someone from knowing what URL they're looking at. Afterall, most sites have the URL written somewhere on the page itself. I think the point of this 'cloaking' is not to prevent people from knowing the URL but rather to stop them from noticing that it's an affiliate link in the first place and replacing the affiliate ID with their own.

If you really want to stop people from knowing what site they're looking at I suppose you could do the following:
  1. Send them to the external site via a PHP proxy (phpproxy is a good open source one on sourceforge) on your site. So the link would be something like /recommends/affiliate-site.com
  2. Change the code of the proxy to adjust the HTML that's sent to the user. Add in an image along the lines of /stats-image-affiliate-site.jpg. Use .htaccess to redirect that image to the affiliate site. That way the cookie gets dropped as normal.
  3. When you're adjusting the HTML look for all occurances of the site name and replace/remove. You'll also have to remove any images with the site name.
Of course, it's not worth going to the trouble - but it is possible ;-)
 
d60eba said:
Of course, it's not worth going to the trouble - but it is possible ;-)
Click to expand...

Other than the cloaking the rest is mainly morbid curiousity. The original intent the client wanted cloaking for was to make urls to banners and other links on her site seem more friendly to the potential users. As most avid users seem to be told not to trust links that have a url off the site. (and even some seem to not like clicking a link that has a noticeable affiliate code)
 
Status
Not open for further replies.
Top Bottom