If you have users on your own site who cannot post in forums or add other information to the site due to their firewall or some other software that is blocking the referrer information, then you may want to turn off the referrer check in the XOOPS code.
For more info about the referrer information problem, check out this question:
https://xoops.org/modules/smartfaq/faq.php?faqid=9
[There is a comment with detailed instructions for fixing the problem from the firewall end, but that requires all your users with the problem to successfully follow those steps, which chances are they will not all do, hence the need to be able to turn off the check in your XOOPS site.]
To turn off the referrer check, add a line to the function xoops_refcheck() in include/functions.php file, around line 137:
function xoops_refcheck($docheck=1)
{
[color=ff0000]return true;#*#DISABLE_REFERER_CHECK#[/color]
$ref = xoops_getenv('HTTP_REFERER');
if ($docheck == 0) {
return true;
}
if ($ref == '') {
return false;
}
if (strpos($ref, XOOPS_URL) !== 0 ) {
return false;
}
return true;
}
This information applies to XOOPS 2.0.7, and possibly earlier and later versions too. (Hopefully a system configuration option will be added in the future to turn this off without a hack).
Thanks to Mithrandir for this information, found in his post in the following thread:
https://xoops.org/modules/newbb/viewtopic.php?topic_id=25989
Re: this FAQ is too dangerous, isn't this?
The ticket system is not yet implemented in most modules, so the HTTP REFERER check is still very much in use.
In 2.0.10, the referer check is moved to /class/xoopssecurity.php in the checkReferer() method. The code is the same as in the function in the previous versions.