Re: How to limit reg page access using http referer? [XOOPS general usage questions]

1

How to limit reg page access using http referer?

2005/9/19 18:26
DJ007
Just popping in
Posts: 61
Since: 2004/2/15

Hi,

I'd like to know if I can limit access to the registration page unless it is accessed from certain referers, ie paypal or 2co etc.

I went thru the reg.php page, but didn't see anything obvious, not a coder

, but have learned enough to figure some stuff out. Any pointers or help would be much appreciated.

Thanks,
David.

.........

2

Re: How to limit reg page access using http referer?

2005/9/19 19:12
ackbarr
Posts: 1449
Since: 2002/10/2

Add this code somewhere at the beginning of register.php maybe after:

 if (empty($xoopsConfigUser['allow_register'])) { 
    redirect_header('index.php', 6, _US_NOREGISTER); 
    exit(); 
}

 //List of allowed domain referrals seperated by comma 
$allowed_domains = array('www.domain1.com', 'www.domain2.com'); 
 
//Was HTTP_REFERER set by browser? 
if ($_SERVER['HTTP_REFERER']) { 
  $ref_info = parse_url($_SERVER['HTTP_REFERER']); 
 
  //Check that REFERER is in the list of allowed domains 
  if (! in_array($ref_info['host'], $allowed_domains)) { 
    redirect_header('index.php', 4, 'Invalid HTTP_REFERER host'); 
    exit(); 
  } 
 
} else { 
  // HTTP_REFERER was not sent by browser, display error 
  redirect_header('index.php', 4, 'HTTP_REFERER not sent by browser'); 
  exit(); 
}

Many software firewalls will strip the HTTP_REFERER field from the page request, making this protection spotty at best. In addition you'll probably want to change the error messages in to something more user friendly.

Site Hosting - PlanetXoops

3

Re: How to limit reg page access using http referer?

2005/9/19 20:37
DJ007
Just popping in
Posts: 61
Since: 2004/2/15

Hi ackbarr,

Thanks for the assist, I made the change and got this

Parse error: parse error, unexpected '{' in /public_html/xoops/register.php on line 49

This is line 49 with the added code; Quote:

if (! in_array($ref_info['host'], $allowed_domains) {

Is it just a matter of deleting that { on the end?
Any ideas?
David.

.........

4

Re: How to limit reg page access using http referer?

2005/9/19 20:39
ackbarr
Posts: 1449
Since: 2002/10/2

it was missing a ) on that line, I've fixed the original code.

Site Hosting - PlanetXoops

5

Re: How to limit reg page access using http referer?

2005/9/19 20:55
DJ007
Just popping in
Posts: 61
Since: 2004/2/15

Thanks,

The redirect works great now, only prob is it also denies from domains on the list...

David

.........

6

Re: How to limit reg page access using http referer?

2005/9/19 21:18
ackbarr
Posts: 1449
Since: 2002/10/2

the only reason it would do that is if in_array is false, change the code to add the following debugging line:

 //List of allowed domain referrals seperated by comma 
$allowed_domains = array('www.domain1.com', 'www.domain2.com'); 
 
//Was HTTP_REFERER set by browser? 
if ($_SERVER['HTTP_REFERER']) { 
  $ref_info = parse_url($_SERVER['HTTP_REFERER']); 
  [color=008000][b]print_r($ref_info);[/b][/color] 
  //Check that REFERER is in the list of allowed domains 
  if (! in_array($ref_info['host'], $allowed_domains)) { 
    redirect_header('index.php', 4, 'Invalid HTTP_REFERER host'); 
    exit(); 
  } 
 
} else { 
  // HTTP_REFERER was not sent by browser, display error 
  redirect_header('index.php', 4, 'HTTP_REFERER not sent by browser'); 
  exit(); 
}

Check that the value for $ref_info['host'] is in the list of allowed domains. Once done that debugging line can be removed.

Site Hosting - PlanetXoops

7

Re: How to limit reg page access using http referer?

2005/9/19 22:00
DJ007
Just popping in
Posts: 61
Since: 2004/2/15

No change, even went so far as to shut off zone alarm to see if it was interfering, no difference. Even added the https:// to the allowed domains, nope....

Must be a way to accomplish this one way or another,
Thanks for trying tho'
David.

.........

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

How to limit reg page access using http referer?

Re: How to limit reg page access using http referer?

Re: How to limit reg page access using http referer?

Re: How to limit reg page access using http referer?

Re: How to limit reg page access using http referer?

Re: How to limit reg page access using http referer?

Re: How to limit reg page access using http referer?

Login

Search

Recent Posts

Re: Mymenus Module with XOOPS 2.5.11-Stable

Re: Mymenus Module with XOOPS 2.5.11-Stable

Re: Mymenus Module with XOOPS 2.5.11-Stable

Re: PodTalk Theme (PUBLISHER)

PodTalk Theme (PUBLISHER)

Re: Mymenus Module with XOOPS 2.5.11-Stable

Re: Mymenus Module with XOOPS 2.5.11-Stable

Re: Mymenus Module with XOOPS 2.5.11-Stable

Re: Migrate from Wordpress

Re: Error in https://xoops.org/modules/wggithub/

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}