1
DJ007
How to limit reg page access using http referer?
  • 2005/9/19 18:26

  • DJ007

  • Just popping in

  • Posts: 61

  • Since: 2004/2/15


Hi,

I'd like to know if I can limit access to the registration page unless it is accessed from certain referers, ie paypal or 2co etc.

I went thru the reg.php page, but didn't see anything obvious, not a coder , but have learned enough to figure some stuff out. Any pointers or help would be much appreciated.

Thanks,
David.
.........

2
ackbarr
Re: How to limit reg page access using http referer?

Add this code somewhere at the beginning of register.php maybe after:

if (empty($xoopsConfigUser['allow_register'])) {

    
redirect_header('index.php'6_US_NOREGISTER);

    exit();

}





//List of allowed domain referrals seperated by comma

$allowed_domains = array('www.domain1.com''www.domain2.com');



//Was HTTP_REFERER set by browser?

if ($_SERVER['HTTP_REFERER']) {

  
$ref_info parse_url($_SERVER['HTTP_REFERER']);



  
//Check that REFERER is in the list of allowed domains

  
if (! in_array($ref_info['host'], $allowed_domains)) {

    
redirect_header('index.php'4'Invalid HTTP_REFERER host');

    exit();

  }



} else {

  
// HTTP_REFERER was not sent by browser, display error

  
redirect_header('index.php'4'HTTP_REFERER not sent by browser');

  exit();

}



Many software firewalls will strip the HTTP_REFERER field from the page request, making this protection spotty at best. In addition you'll probably want to change the error messages in to something more user friendly.
Site Hosting - PlanetXoops

3
DJ007
Re: How to limit reg page access using http referer?
  • 2005/9/19 20:37

  • DJ007

  • Just popping in

  • Posts: 61

  • Since: 2004/2/15


Hi ackbarr,

Thanks for the assist, I made the change and got this

Parse error: parse error, unexpected '{' in /public_html/xoops/register.php on line 49

This is line 49 with the added code; Quote:
if (! in_array($ref_info['host'], $allowed_domains) {



Is it just a matter of deleting that { on the end?
Any ideas?
David.
.........

4
ackbarr
Re: How to limit reg page access using http referer?

it was missing a ) on that line, I've fixed the original code.
Site Hosting - PlanetXoops

5
DJ007
Re: How to limit reg page access using http referer?
  • 2005/9/19 20:55

  • DJ007

  • Just popping in

  • Posts: 61

  • Since: 2004/2/15


Thanks,

The redirect works great now, only prob is it also denies from domains on the list...

David
.........

6
ackbarr
Re: How to limit reg page access using http referer?

the only reason it would do that is if in_array is false, change the code to add the following debugging line:


//List of allowed domain referrals seperated by comma

$allowed_domains = array('www.domain1.com''www.domain2.com');



//Was HTTP_REFERER set by browser?

if ($_SERVER['HTTP_REFERER']) {

  
$ref_info parse_url($_SERVER['HTTP_REFERER']);

  [
color=008000][b]print_r($ref_info);[/b][/color]

  
//Check that REFERER is in the list of allowed domains

  
if (! in_array($ref_info['host'], $allowed_domains)) {

    
redirect_header('index.php'4'Invalid HTTP_REFERER host');

    exit();

  }



} else {

  
// HTTP_REFERER was not sent by browser, display error

  
redirect_header('index.php'4'HTTP_REFERER not sent by browser');

  exit();

}




Check that the value for $ref_info['host'] is in the list of allowed domains. Once done that debugging line can be removed.
Site Hosting - PlanetXoops

7
DJ007
Re: How to limit reg page access using http referer?
  • 2005/9/19 22:00

  • DJ007

  • Just popping in

  • Posts: 61

  • Since: 2004/2/15


No change, even went so far as to shut off zone alarm to see if it was interfering, no difference. Even added the https:// to the allowed domains, nope....

Must be a way to accomplish this one way or another,
Thanks for trying tho'
David.
.........

Login

Who's Online

166 user(s) are online (129 user(s) are browsing Support Forums)


Members: 0


Guests: 166


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jun 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits