1
MS-2001
Editing mainfile.php
  • 2005/10/17 13:55

  • MS-2001

  • Quite a regular

  • Posts: 204

  • Since: 2004/7/27


Hi there,
I'd like to have this question answered by a core developer if possible:

Two of outer site admins are working in the same office. In their breaks they want to visit the site to see what's going on there. Too bad that the domain is blocked by the system admins there.

Now I want to edit the mainfile.php in the following way:

If the domain you are coming from is http://www.test1.com (just for exemple) XOOPS_URL should be http://www.test1.com. Otherwise it should ALLWAYS be http://www.normal-url.com.

Is there any security reason why I shouldn't do that?
Hope you got me right.

2
MS-2001
Re: Editing mainfile.php
  • 2005/10/29 15:00

  • MS-2001

  • Quite a regular

  • Posts: 204

  • Since: 2004/7/27


So, any idea? Hope to get an answer now

3
Dave_L
Re: Editing mainfile.php
  • 2005/10/29 16:40

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


Quote:
the domain you are coming from


You mean they're clicking on a link to get to the site, so that their HTTP_REFERER indicates the domain on which they clicked the link?

Assuming that HTTP_REFERER isn't getting blocked, you could try something like this:

if (@$_SERVER['HTTP_REFERER'] == 'one.example.com') {
   
define('XOOPS_URL''http://two.example.com');
} else {
   
define('XOOPS_URL''http://three.example.com');
}


You could also test the IP address by using $_SERVER['REMOTE_ADDR'] instead of $_SERVER['HTTP_REFERER'].

Offhand, I can't think of any security issues. You have to keep in mind that HTTP_REFERER can be spoofed, so you shouldn't depend on that for authorization.

4
MS-2001
Re: Editing mainfile.php
  • 2005/10/29 16:45

  • MS-2001

  • Quite a regular

  • Posts: 204

  • Since: 2004/7/27


ok, thank you for you answer. but they are and will be allways on the same server (so the ip will never change).

Login

Who's Online

437 user(s) are online (139 user(s) are browsing Support Forums)


Members: 0


Guests: 437


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits