[Xerte-dev] Re: $_SERVER['HTTP_REFERER'] issue
Dave Burnett
d_b_burnett at hotmail.com
Thu Jan 26 13:11:56 GMT 2012
The few posts regarding all ultimately say "never use referrer anyway" as you can't trust it.
Most recommend building your own logic:
http://stackoverflow.com/questions/3966059/alternative-for-serverhttp-referer-php-variable-in-msie
From: Julian.Tenney at nottingham.ac.uk
To: xerte-dev at lists.nottingham.ac.uk
Date: Thu, 26 Jan 2012 12:59:05 +0000
Subject: [Xerte-dev] $_SERVER['HTTP_REFERER'] issue
Anyone got any bright ideas: when you set access to other, you can specify a domain to restrict access only to links being followed from that domain: so you can have some sort of gatekeeping in any system the user has to log in to, and then only allow access to links from that system. This is the code, it uses $_SERVER['HTTP_REFERER']. It doesn’t work in IE. Cosmic. Any alternative approaches without having to modify the linking system? This is the code: $test_string=substr($row_play['access_to_whom'],6,strlen($row_play['access_to_whom'])); if(strlen($_SERVER['HTTP_REFERER'])!=0){ if(strpos($_SERVER['HTTP_REFERER'],$test_string)==0){ mysql_query("UPDATE " . $xerte_toolkits_site->database_table_prefix . "templatedetails SET number_of_uses=number_of_uses+1 WHERE template_id=" . $safe_template_id); require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php"; show_template($row_play); }else{ require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php"; dont_show_template(); } }else{ //dont_show_template(); //going to show it anyway, as referer doesn't work in IE require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php"; show_template($row_play); }
This message and any attachment are intended solely for the addressee and may
contain confidential information. If you have received this message in error,
please send it back to me, and immediately delete it. Please do not use,
copy or disclose the information contained in this message or in any attachment.
Any views or opinions expressed by the author of this email do not necessarily
reflect the views of the University of Nottingham.
This message has been checked for viruses but the contents of an attachment
may still contain software viruses which could damage your computer system:
you are advised to perform your own checks. Email communications with the
University of Nottingham may be monitored as permitted by UK legislation.
_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it. Please do not use, copy or disclose the information contained in this message or in any attachment. Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
This message has been checked for viruses but the contents of an attachment
may still contain software viruses which could damage your computer system:
you are advised to perform your own checks. Email communications with the
University of Nottingham may be monitored as permitted by UK legislation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20120126/591e2a17/attachment-0001.html>
More information about the Xerte-dev
mailing list