Opera and cgi.HTTP_REFERER
I have a page which allows access only if a user is coming from a specific page, and I use http_referer to grant or deny access. But I don't think Opera gives this variable. can anyone else verify that? And how do you get around it? The situation is people buy access to an article or series of articles through an online shop, and I am reasoning that if they have got as far as page 101625, they must have paid or been given appropriate access. (that means I can leave it to the guy who looks after page 101625 to make sure he restricts access appropriately. The code I'm using is as follows: cfif isdefined(HTTP_REFERER) AND ( ! if he's coming from the article page - (#HTTP_REFERER# contains #articleID#) OR ! or he is coming back from the results page for another go round --- (#HTTP_REFERER# contains #calcfilename#) ) ! if that's the case do nothing, i.e. let him in cfelse !--- Otherwise send him to the head page of the article, where the user will be bounced if not logged in --- cflocation url=http://www.mydomain.com/goArticle.asp?ID=#articleID#p=01; cfabort /cfif Can anyone see the flaw in this snippet that lets it work for IE and NN but not for Opera? Cheers Mike Kear AFP Webworks Windsor, NSW, Australia __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Opera and cgi.HTTP_REFERER
Hi Michael, I've checked out Opera for you and yup, cgi.HTTP_REFERER exists. In regards to your code all i would do is rewrite it like this, but that doesn't affect how it works in the browser: Cfif isdefined(cgi.HTTP_REFERER) and (cgi.HTTP_REFERER CONTAINS #articleID# OR cgi.HTTP_REFERER CONTAINS #calcfilename#).../cfif Rgds Dave A. -Original Message- From: Michael Kear [mailto:[EMAIL PROTECTED]] Sent: Monday, May 13, 2002 9:14 AM To: CF-Talk Subject: Opera and cgi.HTTP_REFERER I have a page which allows access only if a user is coming from a specific page, and I use http_referer to grant or deny access. But I don't think Opera gives this variable. can anyone else verify that? And how do you get around it? The situation is people buy access to an article or series of articles through an online shop, and I am reasoning that if they have got as far as page 101625, they must have paid or been given appropriate access. (that means I can leave it to the guy who looks after page 101625 to make sure he restricts access appropriately. The code I'm using is as follows: cfif isdefined(HTTP_REFERER) AND ( ! if he's coming from the article page - (#HTTP_REFERER# contains #articleID#) OR ! or he is coming back from the results page for another go round --- (#HTTP_REFERER# contains #calcfilename#) ) ! if that's the case do nothing, i.e. let him in cfelse !--- Otherwise send him to the head page of the article, where the user will be bounced if not logged in --- cflocation url=http://www.mydomain.com/goArticle.asp?ID=#articleID#p=01; cfabort /cfif Can anyone see the flaw in this snippet that lets it work for IE and NN but not for Opera? Cheers Mike Kear AFP Webworks Windsor, NSW, Australia __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Opera and cgi.HTTP_REFERER
I have a page which allows access only if a user is coming from a specific page, and I use http_referer to grant or deny access. But I don't think Opera gives this variable. can anyone else verify that? And how do you get around it? The situation is people buy access to an article or series of articles through an online shop, and I am reasoning that if they have got as far as page 101625, they must have paid or been given appropriate access. (that means I can leave it to the guy who looks after page 101625 to make sure he restricts access appropriately. The code I'm using is as follows: cfif isdefined(HTTP_REFERER) AND ... I don't know how Opera behaves, offhand, but would like to point out a couple of things anyway. First, you don't have to check for the existence of CGI variables, as long as you use the CGI scope prefix. CF will always create such variables if they don't exist. So, for example, this code would work: cfif CGI.FOO_BAR is not baz even though there's no variable called CGI.FOO_BAR. Second, and more important, you can't rely on CGI.HTTP_REFERER for any serious security anyway, since it's sent by the browser, and can easily be set to whatever value the end user wants it to be (typically, they'd set it to the value that you're expecting, I suppose). Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists