PHPackages rewake/pagelock - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. rewake/pagelock ActiveLibrary[Security](/categories/security) rewake/pagelock =============== Generates and Validates Page Lock Signatures 06PHP Since Feb 14Pushed 7y ago1 watchersCompare [ Source](https://github.com/rewake/PageLock)[ Packagist](https://packagist.org/packages/rewake/pagelock)[ RSS](/packages/rewake-pagelock/feed)WikiDiscussions master Synced 2d ago READMEChangelogDependenciesVersions (2)Used By (0) [![](resources/img/logo2.png)](resources/img/logo2.png) **Protect your landing pages from spying eyes** Don't you hate it when your landing page URLs get captured by spy tools, or handed around by affiliates so they can rip them. PageLock will help you prevent that. This is a simple PHP script to protect your landing page URL and prevent them from being viewed by users that did not come through your specific PageLock Redir link. Its free and open source. [Check our FAQ](https://github.com/noipfraud/PageLock/wiki/FAQ) What does it filter? -------------------- [](#what-does-it-filter) With PageLock, visitors will only be allowed to see your real page if: - Their signature is valid - They have not changed their user agent - They have not changed their IP - They visit the landing page within the timeout period you set What do I need? --------------- [](#what-do-i-need) This script assumes you have a webserver with a recent version of PHP installed. You just need your basic default PHP extensions. You can run PageLock Redirect Script on the same server/domain as your landing pages, or on a separate server. As long as both can read and process PHP files. Standard campaign flow ---------------------- [](#standard-campaign-flow) Most affiliates use either a hosted tracker like Voluum, a self hosted tracker like Thrive, or their own custom tracker. PageLock will work with all of the above trackers. It even works if you don't have a tracker in your campaign flow. In general, campaigns have the following standard flow: [![](resources/img/campaign1.png)](resources/img/campaign1.png) PageLock protects the Landing Page by inserting a custom redirect before your tracker and some verification code on your lander. It looks something like this: [![](resources/img/campaign2.png)](resources/img/campaign2.png) The PageLock script consists of 2 parts: - PageLock Redir (redir.php): gets data from visitor, encodes it, and redirects to your tracker URL with the encoded signature appended. - PageLock Check (check.php): decodes the signature passed to it from your tracker, and checks against the visitor characteristics to make sure the user came through the correct link, has a valid signature and that the signature has not expired before it shows the visitor your protected landing page. ### Example Campaign [](#example-campaign) Here is an example campaign. The URLs are not real so no point clicking them. - PageLock Redir: - Tracker: - Landing Page: This setup would result in the following campaign flow: 1. Make sure your traffic source sends traffic to your PageLock Redir url: 2. PageLock Redir sends visitor to your tracking URL, appending the visitors signature to the URL: [http://mytracker.com/page/?camp=23lkkjlk2j?camp=23lkkjlk2j&sig=MTQzMDk5NTQ4Nw%3D%3D.ctxqkDS1HqJXVq\_N-WyUMK9K1SM%3D](http://mytracker.com/page/?camp=23lkkjlk2j?camp=23lkkjlk2j&sig=MTQzMDk5NTQ4Nw%3D%3D.ctxqkDS1HqJXVq_N-WyUMK9K1SM%3D) 3. Your tracker redirects the user to your landing page. You need to make sure your tracker is setup to pass the `sig` value to the landing page as a `sig` parameter: [http://mylander.com/us/page2.php?sig=MTQzMDk5NTQ4Nw%3D%3D.ctxqkDS1HqJXVq\_N-WyUMK9K1SM%3D](http://mylander.com/us/page2.php?sig=MTQzMDk5NTQ4Nw%3D%3D.ctxqkDS1HqJXVq_N-WyUMK9K1SM%3D) 4. The PageLock Check on the landing page checks the signature and if it is not valid, shows a custom page or redirects the user to another campaign. How to Install -------------- [](#how-to-install) Installation is simple. 1. Copy the file `redir.php` to your webserver 2. Update the value for the `TARGET_PAGE` constant with your tracker URL 3. Pick an encryption code, and set it for the `SEC` constant (e.g. `LockItUp!`) 4. Edit your landing page (make sure it has a `.php` file extension) and include the PageLock Check code at the top. You can find the Check code in the `check.php` file in this repo 5. Change the value for the `EXPIRE_SECS` constant if you want your links to timeout less or greater then 1 hour. The default is 3600 seconds, i.e. 1 hour 6. Make sure you update the `SEC` constant to the same encryption key as in step 3 7. Lastly - update the code in the `invalidSig` function to show your fake page, or better redirect to a fallback campaign Health warning -------------- [](#health-warning) This script adds an additional redirect to your campaign. If you keep PageLock Redir on the same domain as your landing page then the additional latency should be negligeable. This script only helps to protect your tracker and landing page URL. It does add a small footprint to your destination URL (`&sig={signature}`) but we dont expect this to be a major issue. If someone got hold of your PageLock Redir URL, then they can still see your landing page. Of course there are [solutions to that as well](http://noipfraud.com). Suggested enhancements ---------------------- [](#suggested-enhancements) There are many ways in which the above script can be improved: - Storing the signature as a cookie or local browser storage - Adding additional HTTP headers to the signature - Enabling multi campaign support - Making instalation simpler using an include script or composer - Integrating this script with [noipfraud](http://noipfraud.com) Feel free to contribute, submit pull requests, or suggest other ways we can improve this? ### Health Score 20 — LowBetter than 14% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity4 Limited adoption so far Community10 Small or concentrated contributor base Maturity40 Maturing project, gaining track record Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/8c15eb3aaf9f56916dc41382bf2d3400426631a95990fb6456eede9ec7cd7f1c?d=identicon)[rewake](/maintainers/rewake) --- Top Contributors [![1mrat](https://avatars.githubusercontent.com/u/1105579?v=4)](https://github.com/1mrat "1mrat (10 commits)")[![rkomatz-envisia](https://avatars.githubusercontent.com/u/20566030?v=4)](https://github.com/rkomatz-envisia "rkomatz-envisia (7 commits)")[![rewake](https://avatars.githubusercontent.com/u/5678582?v=4)](https://github.com/rewake "rewake (4 commits)") ### Embed Badge ![Health badge](/badges/rewake-pagelock/health.svg) ``` [![Health](https://phpackages.com/badges/rewake-pagelock/health.svg)](https://phpackages.com/packages/rewake-pagelock) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[roave/security-advisories Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 86917.5M63](/packages/bjeavons-zxcvbn-php)[illuminate/encryption The Illuminate Encryption package. 9229.7M280](/packages/illuminate-encryption) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)