151 (edited by BugFix 2007-03-02 08:25)

Re: INFO: Bad HTTP_REFERER

I would consider this kind of solution as "save enough"...

I'm calling the forum by a IFRAME and the referer check (complete path...) failes - but its still my domain...

My modified function checks only the HOST in the REFERER:

function confirm_referrer($script)
{
    global $pun_config, $lang_common;

    $HTTP_HOST = str_replace("www.","",getenv('HTTP_HOST'));
    $BASE_URL  = str_replace("www.","",$pun_config['o_base_url']).'/'.$script;

    if ( empty($_SERVER['HTTP_REFERER']) ||
        !empty($_SERVER['HTTP_REFERER']) && !preg_match("~^http[s]?://".$HTTP_HOST."~i",$_SERVER['HTTP_REFERER']) ||
        !preg_match("~^http[s]?://".$HTTP_HOST."~i",$BASE_URL))
    {
        message($lang_common['Bad referrer']);
    }
}

Great SoftWare anyway - thanxs a lot ;-)

Greetz Uli

152

Re: INFO: Bad HTTP_REFERER

Sorry if this scenario has been posted/documented before.  I haven't had a chance to read through all 7 pages of this thread yet.  The base url showing in my control panel differs from what is actually in the database.  Here's a screenshot:

http://img248.imageshack.us/img248/4917/baddhttpbbda3.png

I'm getting the Bad "HTTP_REFERER" error (obviously).  To troubleshoot, I tried setting $cookie_domain in config.php, but it still didn't work.  I guess I'll have to make time to read this thread in its entirety. hmm

153

Re: INFO: Bad HTTP_REFERER

What's displayed in the forums is based on the cache file, which is generated from the database. If there were permissions troubles, etc, the file could still hold old data. Try deleting cache_config.php in the cache directory

154 (edited by Isuldor 2007-04-24 16:19)

Re: INFO: Bad HTTP_REFERER

Smartys wrote:

What's displayed in the forums is based on the cache file, which is generated from the database. If there were permissions troubles, etc, the file could still hold old data. Try deleting cache_config.php in the cache directory

Thanks Smartys.  I unknowingly included the cache with the initial installation since I tested the script on my local workstation prior to uploading.  I should have just re-extracted from the archive to be safe.

155 (edited by bcr 2007-07-04 14:00)

Re: INFO: Bad HTTP_REFERER

i'm getting really confused about this. i've done everything right and it still doesn't work when i want to save anything in the Admin bit:

http://www.boycalledroy.com/help1.jpg

http://www.boycalledroy.com/help2.jpg

i've tried it with and without the .php files in the cache folder. all the CHMODs are set properly too... this is driving me crazy. it might be that i'm on ZoneAlarm but i've but my website in the 'trusted sites' thing. and when i installed Coppermine that was fine and it's using the same server and database.

help! :/

and when i try to update my profile (just to see if it works) and alas, it doesn't because i get this error: Fatal error: Call to undefined function: confirm_referrer() in /usr/local/psa/home/vhosts/boycalledroy.com/httpdocs/forum/profile.php on line 652

156

Re: INFO: Bad HTTP_REFERER

It is Zone Alarm that makes this happen. In the settings, uncheck "Enable confidentiality for this software" in Filter Options

157

Re: INFO: Bad HTTP_REFERER

Maybe in the next version you should jsut take out the option to edit that line? smile Seems like a problem child to me. None of these options worked for me. I'm at work right now though. If it don't work when I get home, I will just reinstall  and wipe the database again.

158

Re: INFO: Bad HTTP_REFERER

If you're at work, it could be a network firewall filtering the referrer.
But yes, in 1.3 we've abandoned the referrer check in favor of CSRF tokens

159 (edited by guanodude 2007-07-24 14:42)

Re: INFO: Bad HTTP_REFERER

I have a pro webhost, and I changed directory from /forum to /.
I have changed as the error says, and cleared the cache.
Onfortunately, it doesn't work.

Can you help me?
Couldn't be the server firewall..


The cache-file says:
  'o_base_url' => 'http://195.22.100.25/~nzbdownloa/',
Which is correct.

160

Re: INFO: Bad HTTP_REFERER

There should be no trailing slash

Re: INFO: Bad HTTP_REFERER

Rickard wrote:

That's impossible. It must be a caching issue or something.

I agree.  For some reason the cache_config.php file (and /cache directory and possibly everything in it) is unwritable by punbb even if I set permissions to 777!   It won't write to /cache no matter what and the above fixes do nothing.  The needed php cache is not created and not even manually editing the database's BaseURL value works.

What's truly odd is that if I use my old cache_config.php file which was used when my forum was on a different domain (and therefore has a different BaseURL) the forum WORKS!  The only downside is that I can't edit any details, not even the forum name.

Manually editing the cache_config.php file has no effect and even seems to break the forum.

My forum is located on SourceForge but that shouldn't be an issue.

162 (edited by theforkofjustice 2007-09-04 18:32)

Re: INFO: Bad HTTP_REFERER

Now cache folder is undeletable even if the permissions are set to 777.

Something funny going on here.

A fresh install is misbehaving too.  Didn't touch the permissions but I had to upload my old cache php files and edit the cache_config.php manually.

It SORTA works but I hate being unable to edit the values automatically with punbb.  I'm manually editing the config files and database tables.

EDIT

I managed to get rid of that buggy cache folder by logging in via ssh.

However, I'm still editing things manually.  At least It works that way.

163

Re: INFO: Bad HTTP_REFERER

Aha!

My forum is located on SourceForge but that shouldn't be an issue.

That is the issue! big_smile
http://punbb.org/forums/viewtopic.php?id=13016

The cache directory is possible to set via config.php in PunBB 1.3, but that isn't much help to you. If you want to use PunBB, you'll have to keep doing what you're doing or modify PunBB to use the writable directory.

Re: INFO: Bad HTTP_REFERER

Smartys wrote:

Aha!

My forum is located on SourceForge but that shouldn't be an issue.

That is the issue! big_smile
http://punbb.org/forums/viewtopic.php?id=13016

The cache directory is possible to set via config.php in PunBB 1.3, but that isn't much help to you. If you want to use PunBB, you'll have to keep doing what you're doing or modify PunBB to use the writable directory.

Durr....thanks -_-

Oh well, that solves that.   I guess I'll be editing the cache and config.php files manually until everything matches what's in the database and works the way I want it.

Guess I'll have to wait for 1.3 to go live.

I also noticed that if I create a forum you get the cache error, but the change is made and can be seen if you go back and refresh the page.  I'm so happy that the database isn't in the webspace smile

165

Re: INFO: Bad HTTP_REFERER

I've got a question. I don' know if it's because of a bad http_referer, but I ask anyway.
When I uploaded Private Messaging to my forum, and changed everything the readme said I should change, I still can't get it to work. When I enter Private Message in the administration panel, it says "Unable to fetch user groups list" or something. Why is that?

Darth Vader will chase you away with his lightsaber!
GalacticEmpire.se Forum

166

Re: INFO: Bad HTTP_REFERER

That's not the same thing or you would get the same error message. Make a new topic, enable debug mode, paste the full error.

167

Re: INFO: Bad HTTP_REFERER

I did all steps suggested, my base URL is exactly the same as what I'm entering in the address bar. Don't have any firewall software that will affect this. Nothing will work. What is this error here for anyway if it just creates all this fuss and doesn't seem to have a straight solution?

Forum address: http://www.ps3fl-forum.com/public_html/PunBB
Base URL: http://www.ps3fl-forum.com/public_html/PunBB

Tried deleting cache_config.php and still have error, hope I don't need that file as I don't know how to get it back!
Only thing not tried is looking for o_base_url in the config table of the database as I have no idea which database this refers to or how I would check it!

168

Re: INFO: Bad HTTP_REFERER

I have a different issue. I have to domain names for my site . www.domain.info as the main domain and www.domain.org as a park domain. both are pointing in one site. No problem on the .info but in the .org it has a bad http referrer error. it is possible to add 1 more base url?

Please help.

THanks

Re: INFO: Bad HTTP_REFERER

doki wrote:

I have a different issue. I have to domain names for my site . www.domain.info as the main domain and www.domain.org as a park domain. both are pointing in one site. No problem on the .info but in the .org it has a bad http referrer error. it is possible to add 1 more base url?

Please help.

THanks

I have same issue too, since i have .com .net .org .eu .us .co.uk  wish someone can help solve this problem..

170

Re: INFO: Bad HTTP_REFERER

Really, you should choose one domain and redirect all the others to that domain. Otherwise, you have duplicate content issues with the search engines (and you'll have issues with people accessing the site via multiple URLs and wondering why their sessions don't magically transfer).

171

Re: INFO: Bad HTTP_REFERER

Does PunBB have a problem with å ä ö in the domain name? I have had my forum pointing to my ip-adress for some time now, but has set up an domain name I want to use instead. I am browsing the forums at http://www.einhärjar.se/forum/index.php, the base url is set to http://www.einhärjar.se/forum , but I still get Bad HTTP_REFERER. I have cleared cache, double checked the base URL in the database, everything is correct. I have even tried to set the base URL to http://www.einhärjar.se/forum , but nothing works.
Could this be because my domain name contains "ä"?

//Jocke

172

Re: INFO: Bad HTTP_REFERER

Yes, probably. I can't even access your site in Firefox (I think I turned off IDN support). The punycode version (http://www.xn--einhrjar-3za.se/forum/) works fine though.

173

Re: INFO: Bad HTTP_REFERER

Strange, I use firefox myself and have no problem with the domain name. Do you think it could work if I put the punycode version as the base URL?
It seems that Firefox is to disable IDN support by default, perhaps I should just stop trying to use "fictional" characters as domain name hmm

//Jocke

174

Re: INFO: Bad HTTP_REFERER

Well, I remember disabling IDN a while back (I can't remember why, I think it was a workaround for a phishing flaw).
I think you might be better off linking to the punycode URL (or having the domain redirect to the punycode URL) and setting that as the base URL.
My guess is that it will work fine with PunBB 1.3, but you still might have browser issues with IDNs (not that I'm really qualified to debate the merits of that).

175

Re: INFO: Bad HTTP_REFERER

Doesn't the RFC define you can only use alphanumeric characters in hostnames? hmm