[Xerte-dev] Re: $_SERVER['HTTP_REFERER'] issue
Julian Tenney
Julian.Tenney at nottingham.ac.uk
Thu Jan 26 13:59:21 GMT 2012
Yeah, I saw that, but it means modifying the page hosting the link. And that could be anywhere. For internal systems I can see some solutions, but to have it work on other systems elsewhere is looking more difficult.
From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Dave Burnett
Sent: 26 January 2012 13:12
To: xerte-dev at lists.nottingham.ac.uk
Subject: [Xerte-dev] Re: $_SERVER['HTTP_REFERER'] issue
The few posts regarding all ultimately say "never use referrer anyway" as you can't trust it.
Most recommend building your own logic:
http://stackoverflow.com/questions/3966059/alternative-for-serverhttp-referer-php-variable-in-msie
________________________________
From: Julian.Tenney at nottingham.ac.uk
To: xerte-dev at lists.nottingham.ac.uk
Date: Thu, 26 Jan 2012 12:59:05 +0000
Subject: [Xerte-dev] $_SERVER['HTTP_REFERER'] issue
Anyone got any bright ideas: when you set access to other, you can specify a domain to restrict access only to links being followed from that domain: so you can have some sort of gatekeeping in any system the user has to log in to, and then only allow access to links from that system.
This is the code, it uses $_SERVER['HTTP_REFERER'].
It doesn't work in IE. Cosmic.
Any alternative approaches without having to modify the linking system?
This is the code:
$test_string=substr($row_play['access_to_whom'],6,strlen($row_play['access_to_whom']));
if(strlen($_SERVER['HTTP_REFERER'])!=0){
if(strpos($_SERVER['HTTP_REFERER'],$test_string)==0){
mysql_query("UPDATE " . $xerte_toolkits_site->database_table_prefix . "templatedetails SET number_of_uses=number_of_uses+1 WHERE template_id=" . $safe_template_id);
require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php";
show_template($row_play);
}else{
require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php";
dont_show_template();
}
}else{
//dont_show_template();
//going to show it anyway, as referer doesn't work in IE
require $xerte_toolkits_site->root_file_path . "modules/" . $row_play['template_framework'] . "/play.php";
show_template($row_play);
}
This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it. Please do not use, copy or disclose the information contained in this message or in any attachment. Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
This message has been checked for viruses but the contents of an attachment may still contain software viruses which could damage your computer system: you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation.
_______________________________________________ Xerte-dev mailing list Xerte-dev at lists.nottingham.ac.uk http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it. Please do not use, copy or disclose the information contained in this message or in any attachment. Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham. This message has been checked for viruses but the contents of an attachment may still contain software viruses which could damage your computer system: you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20120126/eba9acd4/attachment-0001.html>
More information about the Xerte-dev
mailing list