1. Commentics Forum
  2. General
  3. Suggestions
This is the community forum. For a developer response use the Client Area.
Follow us on Facebook, Twitter and YouTube!

Looser Referrer Check
utaka
Member
**
Posts: 32
Threads: 11
Joined: Dec 2010
#1

12-Sep-2011, 03:11 PM
Now(Ver1.6) referrer check is too severe.

Example:
Real URL : http://www.myurl.com/search.php?id=100
Use mod_rewite
http://www.myurl.com/search/100.html

This Case $referrer != $page_url
$referrer = http://myurl.com/search.php
$page_url : http://myurl.com/search/100.html To BAN!Angel

comments/includes/app/processor.php

PHP Code:
<?php 

    /* Check Referrer */

    if ($settings->check_referrer) {

        if (isset($_SERVER['HTTP_REFERER'])) { //if referrer available

            $referrer = cmtx_clean_url($_SERVER['HTTP_REFERER']); //get and clean referrer

            $page_url = cmtx_clean_url(cmtx_get_page_url()); //get and clean page URL

            if (!preg_match('/\.[0-9]+\./i', $page_url)) { //if URL is not an IP address

                if ($referrer != $page_url) { //if referrer does not match page URL

                    cmtx_ban(CMTX_BAN_REASON_INCORRECT_REFERRER); //ban user for incorrect referrer

                }

            }

        } else {

            cmtx_error(CMTX_ERROR_MESSAGE_NO_REFERRER); //reject user for no referrer

        }

    }


#
### -- Replace With ---------------
#
PHP Code:
<?php 

    /* Check Referrer */



    if ($settings->check_referrer) {

        if (isset($_SERVER['HTTP_REFERER'])) { //if referrer available

            $referrer = cmtx_clean_url($_SERVER['HTTP_REFERER']); //get and clean referrer

            $referrer_host = parse_url($referrer);

            $page_url = cmtx_clean_url(cmtx_get_page_url()); //get and clean page URL

            if (!preg_match('/.[0-9]+./i', $page_url)) { //if URL is not an IP address

                if(strpos($page_url, $referrer_host['host']) === false){ //if referrer does not find page URL

                  cmtx_ban("CMTX_BAN_REASON_INCORRECT_REFERRER" ); //ban user for incorrect referrer

                }

            }

        } else {

            cmtx_error(CMTX_ERROR_MESSAGE_NO_REFERRER); //reject user for no referrer

        }

    }
---------------------------------------------------
Commentics's Japanese Commentary Site
http://commentics.bbfriend.net/
*Sorry...I am not good at English.
---------------------------------------------------
Website Find
Reply
Steven
Administrator
*****
Posts: 2,872
Threads: 59
Joined: Jun 2010
#2

12-Sep-2011, 03:49 PM
Hi,

Thanks for your suggestion. I will change it for v1.7. This is another way:

PHP Code:
<?php 

/* Check Referrer */

    if ($settings->check_referrer) {

        if (isset($_SERVER['HTTP_REFERER'])) { //if referrer available

            $referrer = parse_url(cmtx_clean_url($_SERVER['HTTP_REFERER']), PHP_URL_HOST); //get and clean referrer

            $page_url = cmtx_clean_url(cmtx_get_page_url()); //get and clean page URL

            if (!preg_match('/\.[0-9]+\./i', $page_url)) { //if URL is not an IP address

                if (!stristr($page_url, $referrer)) { //if page URL does not contain host of referrer

                    cmtx_ban(CMTX_BAN_REASON_INCORRECT_REFERRER); //ban user for incorrect referrer

                }

            }

        } else {

            cmtx_error(CMTX_ERROR_MESSAGE_NO_REFERRER); //reject user for no referrer

        }

    }
Have you completed the interview?
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. Commentics Forum
  2. General
  3. Suggestions