1
DJ007
How to limit reg page access using http referer?
  • 2005/9/19 18:26

  • DJ007

  • Just popping in

  • Posts: 61

  • Since: 2004/2/15


Hi,

I'd like to know if I can limit access to the registration page unless it is accessed from certain referers, ie paypal or 2co etc.

I went thru the reg.php page, but didn't see anything obvious, not a coder , but have learned enough to figure some stuff out. Any pointers or help would be much appreciated.

Thanks,
David.
.........

2
ackbarr
Re: How to limit reg page access using http referer?

Add this code somewhere at the beginning of register.php maybe after:
if (empty($xoopsConfigUser['allow_register'])) {
    
redirect_header('index.php'6_US_NOREGISTER);
    exit();
}


//List of allowed domain referrals seperated by comma
$allowed_domains = array('www.domain1.com''www.domain2.com');

//Was HTTP_REFERER set by browser?
if ($_SERVER['HTTP_REFERER']) {
  
$ref_info parse_url($_SERVER['HTTP_REFERER']);

  
//Check that REFERER is in the list of allowed domains
  
if (! in_array($ref_info['host'], $allowed_domains)) {
    
redirect_header('index.php'4'Invalid HTTP_REFERER host');
    exit();
  }

} else {
  
// HTTP_REFERER was not sent by browser, display error
  
redirect_header('index.php'4'HTTP_REFERER not sent by browser');
  exit();
}

Many software firewalls will strip the HTTP_REFERER field from the page request, making this protection spotty at best. In addition you'll probably want to change the error messages in to something more user friendly.
Site Hosting - PlanetXoops

3
DJ007
Re: How to limit reg page access using http referer?
  • 2005/9/19 20:37

  • DJ007

  • Just popping in

  • Posts: 61

  • Since: 2004/2/15


Hi ackbarr,

Thanks for the assist, I made the change and got this

Parse error: parse error, unexpected '{' in /public_html/xoops/register.php on line 49

This is line 49 with the added code; Quote:
if (! in_array($ref_info['host'], $allowed_domains) {



Is it just a matter of deleting that { on the end?
Any ideas?
David.
.........

4
ackbarr
Re: How to limit reg page access using http referer?

it was missing a ) on that line, I've fixed the original code.
Site Hosting - PlanetXoops

5
DJ007
Re: How to limit reg page access using http referer?
  • 2005/9/19 20:55

  • DJ007

  • Just popping in

  • Posts: 61

  • Since: 2004/2/15


Thanks,

The redirect works great now, only prob is it also denies from domains on the list...

David
.........

6
ackbarr
Re: How to limit reg page access using http referer?

the only reason it would do that is if in_array is false, change the code to add the following debugging line:

//List of allowed domain referrals seperated by comma
$allowed_domains = array('www.domain1.com''www.domain2.com');

//Was HTTP_REFERER set by browser?
if ($_SERVER['HTTP_REFERER']) {
  
$ref_info parse_url($_SERVER['HTTP_REFERER']);
  [
color=008000][b]print_r($ref_info);[/b][/color]
  
//Check that REFERER is in the list of allowed domains
  
if (! in_array($ref_info['host'], $allowed_domains)) {
    
redirect_header('index.php'4'Invalid HTTP_REFERER host');
    exit();
  }

} else {
  
// HTTP_REFERER was not sent by browser, display error
  
redirect_header('index.php'4'HTTP_REFERER not sent by browser');
  exit();
}


Check that the value for $ref_info['host'] is in the list of allowed domains. Once done that debugging line can be removed.
Site Hosting - PlanetXoops

7
DJ007
Re: How to limit reg page access using http referer?
  • 2005/9/19 22:00

  • DJ007

  • Just popping in

  • Posts: 61

  • Since: 2004/2/15


No change, even went so far as to shut off zone alarm to see if it was interfering, no difference. Even added the https:// to the allowed domains, nope....

Must be a way to accomplish this one way or another,
Thanks for trying tho'
David.
.........

Login

Who's Online

72 user(s) are online (38 user(s) are browsing Support Forums)


Members: 0


Guests: 72


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: May 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits