Re: Coding .htaccess

Connorhd wrote:

people won't be able to access the forum at all without the cookie

Ok, fine. Thank you Connorhd.

I know, Google is my friend, but do you know a place where I could see (learn) what kind of file (or code part inside a file) I must take over and how to insert inside common.php, the easyest way ?

Re: Coding .htaccess

D9r wrote:

This punBB post on user registration lists a few tutorials on php sessions.  When in doubt, it's always a good idea to check out the php.net manual.

Ok, thanks D9r. I'll see it smile

Re: Coding .htaccess

Hey guys !

Can you have a look at this (at the bottom).

Do you think it would be possible to slightly change this code to reach the goal I'm looking to ?

It may be possible to force to come on the site before going to the forum, as it seems to be possible to do so for hotlink, isn't it ?

Re: Coding .htaccess

that could be easily adapted

Re: Coding .htaccess

Connorhd wrote:

that could be easily adapted

... hum ... easily ? big_smile wink

DisableDirectLinking(); 

function DisableDirectLinking() 
{ 
    $ip=$_SERVER['REMOTE_ADDR']; 
    if (@$_SERVER["HTTP_X_FORWARDED_FOR"]) 
        $ip=$_SERVER["HTTP_X_FORWARDED_FOR"]; 
    $sCookieValue=md5($_SERVER['HTTP_HOST'].$ip); 

    if (stristr($_SERVER['PHP_SELF'],"photo.php")) 
    { 
        if (!isset($_COOKIE['DAlbum_Connection']) || 
             $_COOKIE['DAlbum_Connection']!=$sCookieValue) 
        { 
            // Check referrer. If referrer is our domain - 
            // allow access even if cookie is not set 
            if (isset($_SERVER['HTTP_REFERER'])) 
            { 
                $ref=parse_url($_SERVER['HTTP_REFERER']); 
                $sHost=basename($ref['host'] ); 
                if (isset($_SERVER['HTTP_HOST']) && 
                    strcasecmp($_SERVER['HTTP_HOST'],$sHost)==0) 
                    return; 
            } 
            hdr("404 Not found"); 
            exit(); 
        } 
    } 
    else 
    { 
        // Set cookie for one hour. 
        setcookie("DAlbum_Connection",$sCookieValue,time()+3600); 
    } 
}

Is there a place where I should change to the URL of the Forum, or is more difficult than that ?

Re: Coding .htaccess

I think the part that should be changed is the following

 $ip=$_SERVER['REMOTE_ADDR']; 
    if (@$_SERVER["HTTP_X_FORWARDED_FOR"]) 
        $ip=$_SERVER["HTTP_X_FORWARDED_FOR"]; 
    $sCookieValue=md5($_SERVER['HTTP_HOST'].$ip); 

    if (stristr($_SERVER['PHP_SELF'],"photo.php"))

Isn't it ?

Would you mind helping me... a little bit ?

57 (edited by Limerick 2005-01-26 21:39)

Re: Coding .htaccess

AAAARRRRGGGHHHH  !!!!!!!!

The code I've quoted above seems to do exactly what I want, without changing anything !!!!

I've been looking after this for days and days, and it was just in front of my face (or quite in front).

So, excuse me, I've to go : I'm just going to hang myself...

Thanks to all,

Lim


Edit : NO, sorry, I've made a mistake, it does not work as I want. Something must be changed to this code, but what, and how ???

Re: Coding .htaccess

Connorhd wrote:

that could be easily adapted

Hello Connorhd,

Can't you help me a little ? sad

Re: Coding .htaccess

try putting this at the top of common.php

    $ip=$_SERVER['REMOTE_ADDR']; 
    if (@$_SERVER["HTTP_X_FORWARDED_FOR"]) 
        $ip=$_SERVER["HTTP_X_FORWARDED_FOR"]; 
    $sCookieValue=md5($_SERVER['HTTP_HOST'].$ip); 
    if (!isset($_COOKIE['DAlbum_Connection']) || 
         $_COOKIE['DAlbum_Connection']!=$sCookieValue) 
    { 
        // Check referrer. If referrer is our domain - 
        // allow access even if cookie is not set 
        if (isset($_SERVER['HTTP_REFERER'])) 
        { 
            $ref=parse_url($_SERVER['HTTP_REFERER']); 
            $sHost=basename($ref['host'] ); 
            if (isset($_SERVER['HTTP_HOST']) && 
                strcasecmp($_SERVER['HTTP_HOST'],$sHost)==0) 
                return; 
        } 
        hdr("404 Not found"); 
        exit(); 
    }

60 (edited by Limerick 2005-01-29 23:05)

Re: Coding .htaccess

Thanks Connorhd smile

If I put this code at the top (real top) of common.php, the code is displayed as is on the page...
If I put this code after <?php, I've a fatal error : "Call to undefined function: hdr() in /home/... etc.. on line 50

Line 50 : hdr("404 Not found");

I've certainly make a mistake yikes

Re: Coding .htaccess

    $ip=$_SERVER['REMOTE_ADDR']; 
    if (@$_SERVER["HTTP_X_FORWARDED_FOR"]) 
        $ip=$_SERVER["HTTP_X_FORWARDED_FOR"]; 
    $sCookieValue=md5($_SERVER['HTTP_HOST'].$ip); 
    if (!isset($_COOKIE['DAlbum_Connection']) || 
         $_COOKIE['DAlbum_Connection']!=$sCookieValue) 
    { 
        // Check referrer. If referrer is our domain - 
        // allow access even if cookie is not set 
        if (isset($_SERVER['HTTP_REFERER'])) 
        { 
            $ref=parse_url($_SERVER['HTTP_REFERER']); 
            $sHost=basename($ref['host'] ); 
            if (isset($_SERVER['HTTP_HOST']) && 
                strcasecmp($_SERVER['HTTP_HOST'],$sHost)==0) 
                return; 
        } 
        exit("404 Not found"); 
    }

Re: Coding .htaccess

As far as I can see, it seems to work quite well smile
I'm currently performing some tests to see if it's like I wish.
Thank you so far wink

63 (edited by Limerick 2005-01-29 23:20)

Re: Coding .htaccess

Ok let's say what happens.

If I've never been on any page of my website, it works : I can't see any page of the forum, only a little text saying "404 Not found". (Maybe I could change this to sent people to the login page of the website. I'll see it later).

But, if people has only been on the login page of the website (even if they didn't logged in, only displayed the page), they can go on the register page of the forum.

And more over, even if I reboot the computer, user can still acces the register or login page of the forum.
Cookie is not destroyed.

64 (edited by Limerick 2005-01-29 23:51)

Re: Coding .htaccess

I don't know exactly what's happened with the cookie, but as I reduced it's time to live to 10mn, it seems to work even if I don't reboot or close the browser.

Do you thing it would be possible to exclude the login page of the website from the authorized referer ? (Don't know if it's the best way to explain what I'm thinking of... ?)

Edit : I deleted the cookie so I recover the "404 not found" text, but now I've error on line 51 which is the last "}" of your code.

However we are getting closer to the goal smile

Re: Coding .htaccess

this is going to be as much as i do i don't know anything about DAlbum so i can't really help you further with login and stuff.

Re: Coding .htaccess

Ok, understood Connorhd. This is kind from you for your previous help.

Re: Coding .htaccess

Maybe just a last easy point (for you), which does not specially belongs to DAlbum.

Do you know how to exclude just one page from the domain referer accepted by the implemented code in common.php : the login page of my website which URL is www.mywebsite.com/login.php ?

Thanks,

Lim.

68 (edited by Limerick 2005-02-06 20:27)

Re: Coding .htaccess

Hello, it's me again...

I managed to do what I wanted but I still have a very little problem.

Connorhd proposed to put that code

$ip=$_SERVER['REMOTE_ADDR']; 
    if (@$_SERVER["HTTP_X_FORWARDED_FOR"]) 
        $ip=$_SERVER["HTTP_X_FORWARDED_FOR"]; 
    $sCookieValue=md5($_SERVER['HTTP_HOST'].$ip); 
    if (!isset($_COOKIE['DAlbum_Connection']) || 
         $_COOKIE['DAlbum_Connection']!=$sCookieValue) 
    { 
       // Check referrer. If referrer is our domain - 
        // allow access even if cookie is not set 
        if (isset($_SERVER['HTTP_REFERER'])) 
        { 
            $ref=parse_url($_SERVER['HTTP_REFERER']); 
            $sHost=basename($ref['host'] ); 
            if (isset($_SERVER['HTTP_HOST']) && 
                strcasecmp($_SERVER['HTTP_HOST'],$sHost)==0) 
                return; 
        } 
        exit("404 Not found"); 
    }

So people arrive on a page where is written "404 Not found"


I can change this to set a redirect link to my website with this

exit('<a href="http://www.mywebsite.com/index.php" target="_blank">mywebsite.com</a>') ;

But I don't know how to write a little sentence just before the link.

I'm able to put the link or to write a sentence, but not both together.


So can someone help me to change the "exit code" in order to have something like :

"You should go to my www.mywebsite.com prior to access to this page"


Thanks to all.

Re: Coding .htaccess

Ok I succeed.

Thanks