[RESOLVED] site to site data transfer

dougal85

ok, for arguments sake i have two websites. sitea and siteb.

When a visitor goes to siteb i want it to send information to sitea, in this case lets choose browser type. Eventually I want to have more sites sending data back to sitea. some not managed by somebody that i know i can trust. so mysql passwords etc. cant be given out.

How could you do this?

I thought about $_GET vars, but there is no way to make that secure from bogus entries, is there? Unless i used some sort of encryption and the decrypt key was at sitea.

Any suggestions?

sneakyimp

There are a number of ways. If you want to avoid bogus entries, you could do a number of things:

1) configure sitea to go and retrieve the data from each siteb. each siteb would have to store the stats somewhere and you'd had to be able to 'reset' the contents or distinguish new data from old data.

2) check the ip address of the GET/POST/EMAIL/WHATEVER that you get from each siteb to make sure it's legit.

dougal85

I see Google Analytics does it really simply with JS;

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
<script type="text/javascript">
_uacct = "xxxxxx";
urchinTracker();
</script>

Any idea how that works?

dougal85

sneakyimp wrote:
There are a number of ways. If you want to avoid bogus entries, you could do a number of things:

1) configure sitea to go and retrieve the data from each siteb. each siteb would have to store the stats somewhere and you'd had to be able to 'reset' the contents or distinguish new data from old data.

2) check the ip address of the GET/POST/EMAIL/WHATEVER that you get from each siteb to make sure it's legit.

That sounds like a possability. I'm going to think about this one 🙂
the only thing about section 2 is it wouldnt take a genous to set up a php page to send bogus data and mess things up.

sneakyimp

that google approach could be really complicated and involve more than just javascript. try downloading the source javascript file and reading that:

http://www.google-analytics.com/urchin.js

As for people spoofing an IP...I don't know much about how that works but I don't think it would be that easy in PHP. Your php server should always define a variable called $_SERVER['REMOTE_ADDR']. As far as I know, the other PHP page has little or no influence over that.

dougal85

I had a look at the javascript, its pretty nails, they nicely changed all the variable names to something meaningless.

I hadnt meant spoofing the ip. All the sites sending data wont be controlled by me, so this means that anybody thats got a site sending data could plant any variables they fancied in the get.

Thanks for the help. I'll keep investigating this.