I have a script for a program running on a separate domain from my members area. I want my members to only be allowed to access this script only if they are coming from inside my members area. The scripts are written in perl and I was trying to modify this code that I received. I put this code in the beginning part of the script. It didn't work. I was still able to get in from outside the members area. Any suggestions would be greatly appreciated.
@AllowedDomains = (ip.ip.ip.ip,'anysite.com');
@TestDomains = map { my $revdomain = reverse $_;
$revdomain =~ s/\.*$/./; $revdomain; } @AllowedDomains;
#$referrer = 'http://anysite.com';
#$referrer = $ENV{HTTP_REFERER};
($type, $nothing, $host) = split m{/}, $referrer;
$revhost = reverse $host;
$revhost =~ s/\.*$/./;
@matched = grep { 0 == index $revhost, $_ } @TestDomains;
if(! @matched ) {
# here's where you send the error message, without the
# list of allowed strings, and quit
print "Content-type: text/html\n\n";
print qq¦
<html>
<center>
<br><br><br><br><br><br><br><br>
<font color="red" size=5>
<b>Access Denied. This page is reserved exclusively for Members.</b>
</font></center>
</html>¦;
exit 0;
}
# if the user is authorized the script will begin here
like this:
if ($ENV{'HTTP_REFERER'} eq "your_domain_name")
{ print "welcome"; }
else
{ print "go away!"; }
Obviously, you will need to do more than just print a message but it should give you the basic idea...
C.
I´d suggest reading Marcia`s WebmasterWorld Welcome and Guide to the Basics [webmasterworld.com] post which contains a lot of useful information.
Use whatever login mechanism you use for your members area for this script as well.
Andreas
