Docthorn

Ok so I got a

PHP

  referer cloaking script but it is failing to parse the referer after a

javascript

  redirect.

The cloaking script:


<?

php

 

$match = false;
$sites = array("website.com", "website.biz");

if(strlen($_SERVER['HTTP_REFERER']))
{
    $referer = parse_url($_SERVER['HTTP_REFERER']);
         
    $referer['host'] = str_replace("www.", "", strtolower($referer['host']));

    $match = in_array($referer['host'], $sites);
}


if($match)
{

?>

<html>

<head>
<title>Page 1</title>
</head>

<body>
CLOAKED
</body>

</html>

<?

php

 

}
else
{

?>

<html>

<head>
<title>Page 2</title>
</head>

<body>
UNCLOAKED
</body>

</html>

<?

php

 

}

?>



The visitor journey:

general site -> middle page with

javascript

  redirect (on the domain that should be cloaked) -> site with cloaking script

(general.com -> website.com -> othersite.com/cloakingscript.

php

 Applause

The problem is, the cloaking script is failing to parse the referer when the visitor gets redirected from website.com and he lands on the page for uncloaked visitors (and that's not good - not at all).

It doesn't work with other types of redirects either.

What could be a possible solution/s?

Thanks in advance,
Doc


ADDED: not sure if it is the correct section, if not please move it to the right place, my apologies.

perkiset

Hey Doc -

First off, I think you should do a print_r($_SERVER) and post the dump so we can see it (munge identifying info) - then I'd do a print_r($referrer) so that we can see what the parse_url function is doing. The logic of this little script assumes a lot about the inbound info - after you get that posted lets look at how to make this more robust.

/p

Docthorn

Thank you perkiset.

print_r($_SERVER):


Array ( [PATH] => /usr/local/bin:/usr/bin:/bin [DOCUMENT_ROOT] => /home/USERNAME/public_html/DOMAINNAME [HTTP_ACCEPT] => text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 [HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.7 [HTTP_ACCEPT_ENCODING] => gzip,deflate [HTTP_ACCEPT_LANGUAGE] => it-it,it;q=0.8,en-us;q=0.5,en;q=0.3 [HTTP_CONNECTION] => keep-alive [HTTP_COOKIE] => __utma=208964695.642870232.1178401496.1178460040.1178461147.7; __utmz=208964695.1178460040.6.5.utmccn=(organic)|utmcsr=google|utmctr=www.DOMAINNAME.com|utmcmd=organic [HTTP_HOST] => www.DOMAINNAME.com [HTTP_KEEP_ALIVE] => 300 [HTTP_USER_AGENT] => Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11 [REMOTE_ADDR] => 80.104.152.57 [REMOTE_PORT] => 2753 [SCRIPT_FILENAME] => /home/USERNAME/public_html/DOMAINNAME/magic/index.

php

  [SERVER_ADDR] => 74.220.202.16 [SERVER_ADMIN] => webmaster@DOMAINNAME.USERNAME.com [SERVER_NAME] => www.DOMAINNAME.com [SERVER_PORT] => 80 [SERVER_SOFTWARE] =>

Apache

 /1.3.37 (Unix) mod_fastcgi/2.4.2 mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a

PHP

 -CGI/0.1b [GATEWAY_INTERFACE] => CGI/1.1 [SERVER_PROTOCOL] => HTTP/1.1 [REQUEST_METHOD] => GET [QUERY_STRING] => [REQUEST_URI] => /magic/index.

php

  [SCRIPT_NAME] => /magic/index.

php

  [

PHP

 _SELF] => /magic/index.

php

  [argv] => Array ( ) [argc] => 0 )


(I replaced real domain name and username with DOMAINNAME and USERNAME)

The print_r($referrer) outputs a blank page.

perkiset

Here is a re-formatted version of the $_SERVER array:


Array (
[PATH] => /usr/local/bin:/usr/bin:/bin
[DOCUMENT_ROOT] => /home/USERNAME/public_html/DOMAINNAME
[HTTP_ACCEPT] => text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
[HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.7
[HTTP_ACCEPT_ENCODING] => gzip,deflate
[HTTP_ACCEPT_LANGUAGE] => it-it,it;q=0.8,en-us;q=0.5,en;q=0.3
[HTTP_CONNECTION] => keep-alive
[HTTP_COOKIE] => __utma=208964695.642870232.1178401496.1178460040.1178461147.7; __utmz=208964695.1178460040.6.5.utmccn=(organic)|utmcsr=google|utmctr=www.DOMAINNAME.com|utmcmd=organic
[HTTP_HOST] => www.DOMAINNAME.com
[HTTP_KEEP_ALIVE] => 300
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11
[REMOTE_ADDR] => 80.104.152.57 [REMOTE_PORT] => 2753
[SCRIPT_FILENAME] => /home/USERNAME/public_html/DOMAINNAME/magic/index.

php

 
[SERVER_ADDR] => 74.220.202.16
[SERVER_ADMIN] => webmaster@DOMAINNAME.USERNAME.com
[SERVER_NAME] => www.DOMAINNAME.com
[SERVER_PORT] => 80
[SERVER_SOFTWARE] =>

Apache

 /1.3.37 (Unix) mod_fastcgi/2.4.2 mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a

PHP

 -CGI/0.1b
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /magic/index.

php

 
[SCRIPT_NAME] => /magic/index.

php

 
[

PHP

 _SELF] => /magic/index.

php

  [argv] => Array ( )
[argc] => 0
)


... and that explains why your referrer is blank... there isn't one in the $_SERVER array ergo, no parseableness. The

PHP

  dox say,
quote

'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.


... so it's a bit sketchy, as here. My question - how did you get this info? Was it logged from an actual user or did you gin it up? My suggestion would be to go to Google and click through to your site and see what you get.

Sorry no help yet,
/p

thedarkness

Yeah, strange, I've already been talking to Doc about this and it ap

pear

 ed to me like the referrer wasn't there. Apparently this is happening with multiple clients. Weirdness.........

Cheers,
td


Perkiset's Place Home   Politics @ Perkiset's