<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="�" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.ecxmsonormal, li.ecxmsonormal, div.ecxmsonormal
{mso-style-name:ecxmsonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.ecxmsohyperlink
{mso-style-name:ecxmsohyperlink;}
span.ecxmsohyperlinkfollowed
{mso-style-name:ecxmsohyperlinkfollowed;}
span.ecxemailstyle17
{mso-style-name:ecxemailstyle17;}
p.ecxmsonormal1, li.ecxmsonormal1, div.ecxmsonormal1
{mso-style-name:ecxmsonormal1;
mso-margin-top-alt:auto;
margin-right:0cm;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.ecxmsohyperlink1
{mso-style-name:ecxmsohyperlink1;
color:blue;
text-decoration:underline;}
span.ecxmsohyperlinkfollowed1
{mso-style-name:ecxmsohyperlinkfollowed1;
color:purple;
text-decoration:underline;}
span.ecxemailstyle171
{mso-style-name:ecxemailstyle171;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle26
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Yeah, I saw that, but it means modifying the page hosting the link. And that could be anywhere. For internal systems I can see some solutions, but to have it work on other systems elsewhere is looking more difficult.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal style='margin-left:36.0pt'><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> xerte-dev-bounces@lists.nottingham.ac.uk [mailto:xerte-dev-bounces@lists.nottingham.ac.uk] <b>On Behalf Of </b>Dave Burnett<br><b>Sent:</b> 26 January 2012 13:12<br><b>To:</b> xerte-dev@lists.nottingham.ac.uk<br><b>Subject:</b> [Xerte-dev] Re: $_SERVER['HTTP_REFERER'] issue<o:p></o:p></span></p></div></div><p class=MsoNormal style='margin-left:36.0pt'><o:p> </o:p></p><div><div><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>The few posts regarding all ultimately say "never use referrer anyway" as you can't trust it.<o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Most recommend building your own logic: <o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><a href="http://stackoverflow.com/questions/3966059/alternative-for-serverhttp-referer-php-variable-in-msie">http://stackoverflow.com/questions/3966059/alternative-for-serverhttp-referer-php-variable-in-msie</a> <o:p></o:p></span></p></div><div><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p> </o:p></span></p></div><p class=MsoNormal style='mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:12.0pt;margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p> </o:p></span></p><div><div class=MsoNormal align=center style='margin-left:36.0pt;text-align:center'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><hr size=2 width="100%" align=center id=stopSpelling></span></div><p class=MsoNormal style='mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:12.0pt;margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From: Julian.Tenney@nottingham.ac.uk<br>To: xerte-dev@lists.nottingham.ac.uk<br>Date: Thu, 26 Jan 2012 12:59:05 +0000<br>Subject: [Xerte-dev] $_SERVER['HTTP_REFERER'] issue<o:p></o:p></span></p><div><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Anyone got any bright ideas: when you set access to other, you can specify a domain to restrict access only to links being followed from that domain: so you can have some sort of gatekeeping in any system the user has to log in to, and then only allow access to links from that system.<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> <o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>This is the code, it uses $_SERVER['HTTP_REFERER'].<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> <o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>It doesn’t work in IE. Cosmic.<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> <o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Any alternative approaches without having to modify the linking system?<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> <o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>This is the code:<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> <o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:9.0pt;font-family:"Courier New"'>$test_string=substr($row_play['access_to_whom'],6,strlen($row_play['access_to_whom']));</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'>if(strlen($_SERVER['HTTP_REFERER'])!=0){</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> if(strpos($_SERVER['HTTP_REFERER'],$test_string)==0){</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> mysql_query("UPDATE " . $xerte_toolkits_site->database_table_prefix . "templatedetails SET number_of_uses=number_of_uses+1 WHERE template_id=" . $safe_template_id); </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php";</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> show_template($row_play); </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> }else{</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php";</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> dont_show_template();</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> }</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'>}else{</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> //dont_show_template();</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> //going to show it anyway, as referer doesn't work in IE</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php";</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> show_template($row_play);</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:"Courier New"'> </span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:9.0pt;font-family:"Courier New"'>}</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p></o:p></span></p></div><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><br>This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it. Please do not use, copy or disclose the information contained in this message or in any attachment. Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham. <br>This message has been checked for viruses but the contents of an attachment may still contain software viruses which could damage your computer system: you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation. <br><br>_______________________________________________ Xerte-dev mailing list Xerte-dev@lists.nottingham.ac.uk http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it. Please do not use, copy or disclose the information contained in this message or in any attachment. Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham. This message has been checked for viruses but the contents of an attachment may still contain software viruses which could damage your computer system: you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation.<o:p></o:p></span></p></div></div></div></body></html>