<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>
<div>The few posts regarding all ultimately say "never use referrer anyway" as you can't trust it.</div><div><br></div><div>Most recommend building your own logic: </div><div><br></div><div><a href="http://stackoverflow.com/questions/3966059/alternative-for-serverhttp-referer-php-variable-in-msie">http://stackoverflow.com/questions/3966059/alternative-for-serverhttp-referer-php-variable-in-msie</a>
</div><div><br></div><div><br></div><br><br><div><div id="SkyDrivePlaceholder"></div><hr id="stopSpelling">From: Julian.Tenney@nottingham.ac.uk<br>To: xerte-dev@lists.nottingham.ac.uk<br>Date: Thu, 26 Jan 2012 12:59:05 +0000<br>Subject: [Xerte-dev] $_SERVER['HTTP_REFERER'] issue<br><br>
<meta http-equiv="Content-Type" content="text/html; charset=unicode">
<meta name="Generator" content="Microsoft SafeHTML"><style>
.ExternalClass p.ecxMsoNormal, .ExternalClass li.ecxMsoNormal, .ExternalClass div.ecxMsoNormal
{margin-bottom:.0001pt;font-size:11.0pt;font-family:"Calibri","sans-serif";}
.ExternalClass a:link, .ExternalClass span.ecxMsoHyperlink
{color:blue;text-decoration:underline;}
.ExternalClass a:visited, .ExternalClass span.ecxMsoHyperlinkFollowed
{color:purple;text-decoration:underline;}
.ExternalClass span.ecxEmailStyle17
{font-family:"Calibri","sans-serif";color:windowtext;}
.ExternalClass .ecxMsoChpDefault
{;}
@page WordSection1
{size:612.0pt 792.0pt;}
.ExternalClass div.ecxWordSection1
{page:WordSection1;}
</style><div class="ecxWordSection1"><p class="ecxMsoNormal">Anyone got any bright ideas: when you set access to other, you can specify a domain to restrict access only to links being followed from that domain: so you can have some sort of gatekeeping in any system the user has to log in to, and then only allow access to links from that system.</p><p class="ecxMsoNormal"> </p><p class="ecxMsoNormal">This is the code, it uses $_SERVER['HTTP_REFERER'].</p><p class="ecxMsoNormal"> </p><p class="ecxMsoNormal">It doesn’t work in IE. Cosmic.</p><p class="ecxMsoNormal"> </p><p class="ecxMsoNormal">Any alternative approaches without having to modify the linking system?</p><p class="ecxMsoNormal"> </p><p class="ecxMsoNormal">This is the code:</p><p class="ecxMsoNormal"> </p><p class="ecxMsoNormal"><span style="font-size:9.0pt;font-family:"Courier New"">$test_string=substr($row_play['access_to_whom'],6,strlen($row_play['access_to_whom']));</span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> </span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New"">if(strlen($_SERVER['HTTP_REFERER'])!=0){</span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> </span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> if(strpos($_SERVER['HTTP_REFERER'],$test_string)==0){</span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> </span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> mysql_query("UPDATE " . $xerte_toolkits_site->database_table_prefix . "templatedetails SET number_of_uses=number_of_uses+1 WHERE template_id=" . $safe_template_id); </span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> </span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php";</span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> </span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> show_template($row_play); </span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> </span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> }else{</span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> </span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php";</span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> </span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> dont_show_template();</span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> </span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> }</span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> </span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New"">}else{</span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> </span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> //dont_show_template();</span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> //going to show it anyway, as referer doesn't work in IE</span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php";</span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> </span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> show_template($row_play);</span></p><p class="ecxMsoNormal" style="text-autospace:none"><span style="font-size:9.0pt;font-family:"Courier New""> </span></p><p class="ecxMsoNormal"><span style="font-size:9.0pt;font-family:"Courier New"">}</span></p></div><br>
This message and any attachment are intended solely for the addressee and may
contain confidential information. If you have received this message in error,
please send it back to me, and immediately delete it. Please do not use,
copy or disclose the information contained in this message or in any attachment.
Any views or opinions expressed by the author of this email do not necessarily
reflect the views of the University of Nottingham.
<BR>
This message has been checked for viruses but the contents of an attachment
may still contain software viruses which could damage your computer system:
you are advised to perform your own checks. Email communications with the
University of Nottingham may be monitored as permitted by UK legislation.
<BR>
<br>_______________________________________________
Xerte-dev mailing list
Xerte-dev@lists.nottingham.ac.uk
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it. Please do not use, copy or disclose the information contained in this message or in any attachment. Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
This message has been checked for viruses but the contents of an attachment
may still contain software viruses which could damage your computer system:
you are advised to perform your own checks. Email communications with the
University of Nottingham may be monitored as permitted by UK legislation.</div> </div></body>
</html>