[Xerte-dev] $_SERVER['HTTP_REFERER'] issue

[Julian Tenney]

Anyone got any bright ideas: when you set access to other, you can specify a domain to restrict access only to links being followed from that domain: so you can have some sort of gatekeeping in any system the user has to log in to, and then only allow access to links from that system.

This is the code, it uses $_SERVER['HTTP_REFERER'].

It doesn't work in IE. Cosmic.

Any alternative approaches without having to modify the linking system?

This is the code:

$test_string=substr($row_play['access_to_whom'],6,strlen($row_play['access_to_whom']));

if(strlen($_SERVER['HTTP_REFERER'])!=0){

       if(strpos($_SERVER['HTTP_REFERER'],$test_string)==0){

       mysql_query("UPDATE " . $xerte_toolkits_site->database_table_prefix . "templatedetails SET number_of_uses=number_of_uses+1 WHERE template_id=" . $safe_template_id);

       require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php";

       show_template($row_play);

       }else{

       require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php";

       dont_show_template();

       }

}else{

       //dont_show_template();
       //going to show it anyway, as referer doesn't work in IE
       require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php";

       show_template($row_play);

}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20120126/4b3d320f/attachment.html>