XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Community Support forums / 
  3. XOOPS general usage questions 
  4.  / How to limit reg page access using http referer?
Register
1
DJ007
How to limit reg page access using http referer?

  • 2005/9/19 18:26

  • DJ007

  • Just popping in

  • Posts: 61

  • Since: 2004/2/15


Hi,

I'd like to know if I can limit access to the registration page unless it is accessed from certain referers, ie paypal or 2co etc.

I went thru the reg.php page, but didn't see anything obvious, not a coder , but have learned enough to figure some stuff out. Any pointers or help would be much appreciated.

Thanks,
David.
.........
2
ackbarr
Re: How to limit reg page access using http referer?

Add this code somewhere at the beginning of register.php maybe after:
if (empty($xoopsConfigUser['allow_register'])) {
    redirect_header('index.php'6_US_NOREGISTER);
    exit();
}


//List of allowed domain referrals seperated by comma
$allowed_domains = array('www.domain1.com''www.domain2.com');

//Was HTTP_REFERER set by browser?
if ($_SERVER['HTTP_REFERER']) {
  $ref_info parse_url($_SERVER['HTTP_REFERER']);

  //Check that REFERER is in the list of allowed domains
  if (! in_array($ref_info['host'], $allowed_domains)) {
    redirect_header('index.php'4'Invalid HTTP_REFERER host');
    exit();
  }

} else {
  // HTTP_REFERER was not sent by browser, display error
  redirect_header('index.php'4'HTTP_REFERER not sent by browser');
  exit();
}

Many software firewalls will strip the HTTP_REFERER field from the page request, making this protection spotty at best. In addition you'll probably want to change the error messages in to something more user friendly.
Site Hosting - PlanetXoops
3
DJ007
Re: How to limit reg page access using http referer?

  • 2005/9/19 20:37

  • DJ007

  • Just popping in

  • Posts: 61

  • Since: 2004/2/15


Hi ackbarr,

Thanks for the assist, I made the change and got this

Parse error: parse error, unexpected '{' in /public_html/xoops/register.php on line 49

This is line 49 with the added code; Quote:
if (! in_array($ref_info['host'], $allowed_domains) {



Is it just a matter of deleting that { on the end?
Any ideas?
David.
.........
4
ackbarr
Re: How to limit reg page access using http referer?

it was missing a ) on that line, I've fixed the original code.
Site Hosting - PlanetXoops
5
DJ007
Re: How to limit reg page access using http referer?

  • 2005/9/19 20:55

  • DJ007

  • Just popping in

  • Posts: 61

  • Since: 2004/2/15


Thanks,

The redirect works great now, only prob is it also denies from domains on the list...

David
.........
6
ackbarr
Re: How to limit reg page access using http referer?

the only reason it would do that is if in_array is false, change the code to add the following debugging line:

//List of allowed domain referrals seperated by comma
$allowed_domains = array('www.domain1.com''www.domain2.com');

//Was HTTP_REFERER set by browser?
if ($_SERVER['HTTP_REFERER']) {
  $ref_info parse_url($_SERVER['HTTP_REFERER']);
  [color=008000][b]print_r($ref_info);[/b][/color]
  //Check that REFERER is in the list of allowed domains
  if (! in_array($ref_info['host'], $allowed_domains)) {
    redirect_header('index.php'4'Invalid HTTP_REFERER host');
    exit();
  }

} else {
  // HTTP_REFERER was not sent by browser, display error
  redirect_header('index.php'4'HTTP_REFERER not sent by browser');
  exit();
}


Check that the value for $ref_info['host'] is in the list of allowed domains. Once done that debugging line can be removed.
Site Hosting - PlanetXoops
7
DJ007
Re: How to limit reg page access using http referer?

  • 2005/9/19 22:00

  • DJ007

  • Just popping in

  • Posts: 61

  • Since: 2004/2/15


No change, even went so far as to shut off zone alarm to see if it was interfering, no difference. Even added the https:// to the allowed domains, nope....

Must be a way to accomplish this one way or another,
Thanks for trying tho'
David.
.........

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

472 user(s) are online (380 user(s) are browsing Support Forums)

Members: 0

Guests: 472

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits