{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 等我变得足够好 的问题《Validate authenticity of website owner》','https://www.manongdao.com/q-1017861.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm planning to develop a web app where users will list their site/blog. When people submit their sites, how can I confirm that they are the owners of it?
So for instance there is a user Mark who wants to submit someone else's website without their approval. I want to restrict Mark from doing so unless he is the actual owner.
My idea was to do a comparison between the user's email domain and the website domain she/he wants to submit. If they match allow the user to submit the website.
However most people don't register with their website domain address.. or perhaps I'll implement a Facebook connect in the future.
What other methods would you suggest?
Google Webmaster Central, for instance, uses two approaches to authenticate you as the owner of a web site:
A HTML file with a random (pre-generated by Google) name that the web master has to upload to their web site
A special header that the web master has to put into the
headpart of their domain's index file.These are two sure-fire ways to prove that you have access to the actual web site.
I've seen Google use a "code challenge." They ask you to insert a small piece of code with a unique value they provide into a page in the site. You add this snippet of code to the site and submit the address, and then Google verifies the code is there by reading the contents of the page. The assumption is that if you can alter the site, you own it.
Require the user to create a URL on his site. Publish the site only if you have confirmed that the URL was created.
some possibilities
compare their names with their whois name.
what @mk said is a good one.. you can also have them put a
meta tagin their page if they dont have access to their root. like if they run wordpress they can just go to wp-adminTell them to create a file with a randomly generated name in the root directory of their web site and then verify that it exists.
That's what Google Analytics (and others like that) do.
Do what Technorati does.