What do you guys think is the best way to protect a sign-up page so only paid members can join? I ma using PHP and Mysql. BTW, I signed up with 2checkout this morning

What kind of signup page? To signup for an account or what??

to signup for membership so your login name and password is added into the database. once you sign up, you get access to all the site's premium content.

Probably the easiest way would be to write out an .htaccess file and us HTTP Basic Authentication.

I already have the protection for the pages set up...I need a way so that only paid users can join using the forms. I have no idea what to do, unless I manually update the table.

ok, 2checkout provided me with a script (perl) to check that they came from 2checkout. however, i dont know perl and my login form is in php. when i try to include the .cgi file, it just displays the file:

@referers=("www.2checkout.com","2checkout.com");
&check_url;
sub check_url {
# Localize the check_referer flag which determines if user is valid.
local($check_referer) = 0;

# If a referring URL was specified, for each valid referer, make sure
# that a valid referring URL was passed to .

if ($ENV{'HTTP_REFERER'}) {
foreach $referer (@referers) {
if ($ENV{'HTTP_REFERER'} =~ m|https?://([^/]*)$referer|i) {
$check_referer = 1;
last;
}
}
}
else {
$check_referer = 1;
}
# If the HTTP_REFERER was invalid, send back an error.
# It is possible that the referrer variable was simply not available for a variety of reasons.
if ($check_referer != 1) {
print "You do not have permission to access this page. If you have paid, please contact Crosse5 Lacrosse at Crosse5@crosse5.com.";
exit;
}
}

i know nothing about perl, does anyone know enough to help me figure this out?

Matt to the rescue!!!! Hehehehe, ill port your perl code to php for you on the fly. Have fun, and you owe me a beer (or at least a free hosting account ~ hehehehehe i need one for my network status page!!!! You know you want to give it me!!!)

--------------------------- php --------------------------------

<?php
function check_url() {
$url=$HTTP_REFERER;
// strip the crap
if(strpos("https://",$url)===false) {
$url=substr($url,strlen("https://")+1,strlen($url));
}
if(strpos("http://",$url)===false) {
$url=substr($url,strlen("http://")+1,strlen($url));
}
$url=strtolower($url);
if(substr($url,strlen($url),1)=="/") {
$url=substr($url,0,strlen($url)-1);
}
if(substr($url,0,4)=="www.") {
$url=substr($url,5,strlen($url));
}
// ok now check its a valid referer
if($url=="2checkout.com") {
return -1;
} else {
return 0;
}
}
if(!check_url()) {
?>
<html><head><title>Forbidden</title></head>
<body>
<b>You do not have permission to access this page. If you have paid, please contact Crosse5 Lacrosse at Crosse5@crosse5.com</b>
</body>
</html>
<?php
exit;
}
// If it gets to this point the user has been checked and is
// valid, continue with all your stuff here
?>

--------------- Original Perl ---------------
@referers=("www.2checkout.com","2checkout.com");
&check_url;
sub check_url {
# Localize the check_referer flag which determines if user is valid.
local($check_referer) = 0;

# If a referring URL was specified, for each valid referer, make sure
# that a valid referring URL was passed to .

if ($ENV{'HTTP_REFERER'}) {
foreach $referer (@referers) {
if ($ENV{'HTTP_REFERER'} =~ m|https?://([^/]*)$referer|i) {
$check_referer = 1;
last;
}
}
}
else {
$check_referer = 1;
}
# If the HTTP_REFERER was invalid, send back an error.
# It is possible that the referrer variable was simply not available for a variety of reasons.
if ($check_referer != 1) {
print "You do not have permission to access this page. If you have paid, please contact Crosse5 Lacrosse at Crosse5@crosse5.com.";
exit;
}
}