Gossamer Forum
Home : Products : Gossamer Links : Version 1.x :

check referer mod help needed

Quote Reply
check referer mod help needed
Hi all,

I'm adding in a check referer function similar to one I found in the Links 2.0 forum and I'm running into a problem I can't find any reference to in this forum. I found the reference to checking referers to prevent spamming the directory by denying certain referers, but I want to do the opposite and make sure some of my scripts are only called by visitors already at my site to prevent auto submissions and other things that should never be called directly from anywhere but my site.

The error message I'm getting in the log is this:

malformed header from script. Bad header=<html>: /www/cgi-bin/jump.cgi

so I know I'm somehow missing the print header statement and I may even be going about this wrong way.

The code I have changed to get this to work is the following..

- redirect.cgi

after
use Links::DBSQL;
add
use Links::HTML_Templates;

after
my ($db, $id, $sth, $total, $rec, $offset, $goto, $track, $update);
add
# First make sure it's coming from our site
&check_referer;


- in HTML_Templates.pm

in
@EXPORT
add
&check_referer

after this section
%GLOBALS = (
add
sub check_referer {
# --------------------------------------------------------
# Check for valid referer
#
if (@{$LINKS{db_referers}}) {
my $found = 0;
foreach (@{$LINKS{db_referers}}) {
$ENV{'HTTP_REFERER'} =~ /$_/i and $found++ and last;
}
if (!$found) {
&site_html_error ( { error => "Error message here..." }, my $dynamic);
return;
}
}
}


- Links.pm

edit this line to add accepted referers
$LINKS{db_referers} = [];


If I go to a link from my site, it works fine, however, when I try to type in a url directly so there will be no referer, then I get the error message above.

Anyone have any idea what I missed?

Jerry


Quote Reply
Re: check referer mod help needed In reply to
Why don't you simply use the built-in referer check codes???

Like the following:

Code:

# Check the referer.
if (@{$LINKS{db_referers}} and $ENV{'HTTP_REFERER'}) {
$found = 0;
foreach (@{$LINKS{db_referers}}) { $ENV{'HTTP_REFERER'} =~ /\Q$_\E/i and $found++ and last; }
if (!$found) {
&site_html_error ({error => "Auto Submission of this Form is not allowed"}, $dynamic);
}
}


in the sub main routine.

Don't forget to define $found as a global variable towards the top of the sub, like the following:

Code:

my ($found);


Regards,

Eliot Lee

Quote Reply
Re: check referer mod help needed In reply to
I think mainly I didn't use that one because it has all the code built into each script that wants to use it, right now it's only in add.cgi. What I figured would be easier would be to create a routine for it in HTML_Templates that I can call from each script that requires it with a simple call to the check_referer sub, especially in case I ever need to change the code. And there are other scripts that really shouldn't be called directly from outside the site anyways, such as jump, lostpw, modify, etc..

Jerry


Quote Reply
Re: check referer mod help needed In reply to
Almost forgot, when I try to plug in that code to say jump.cgi, right at the beginning of sub main, I still get the same malformed header error because it hasn't got to a print $in->header statement yet, which doesn't come into place until it starts going through some if statements about attachments, and then I would have to add it in a bunch of places. And I don't want to add a new print header statement right before the call to the check referer sub because then if it passes and the referer is accepted, it will print the header twice.

I have tried adding
print $in->header;
right before my line in the sub that starts with &site_html_error, but then I get this error message

HTML_Templates.pm: Global symbol "$in" requires explicit package name at admin/Links/HTML_Templates.pm

Jerry


Quote Reply
Re: check referer mod help needed In reply to
Just figured out an easy fix... fwiw I added
print "Content-type: text/html\n\n";
just before the line that starts with
&site_html_error
in HTML_Templates.pm

Not sure if this whole routine is the most efficient, but it works.

Jerry


Quote Reply
Re: check referer mod help needed In reply to
The most efficient is using the embedded referer codes that I already posted and comes with LINKS SQL. Wink

Regards,

Eliot