|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
On Wed, May 15, 2002 at 01:12:14PM +0000, Andre McDowall wrote:
> Hi,
>
> I am have a problem with an \x93email this page to a friend\x94 script. Some u
> are able to access the email form just fine, while others receive an error
> message telling them they do not have access to the form. The .cgi script is
> set-up to allow all users to access the email form by clicking on a link
> from an HTML page. If a user tries to access the .cgi script directly, they
> are given an error message from within the .cgi script. However, the users
> that are currently having problems entering the email form are not trying to
> enter the .cgi script directly; the are accessing the script like everyone
> else (from an HTML page), yet they are being given the error message. Any
> idea why the script would let some people access the page and others not?
> Below, is the part of the .cgi script which gives the error message. Thanks!
>
> if (!$ENV{'HTTP_REFERER'}) {
>
> print "<html><head><title>Access denied</title></head>\n";
> print "<body>\n";
> print "You may not access this page.\n";
> print "Your attempt has been logged.\n";
> print "Your Ip address has been logged.\n\n";
>
> print "\n";
> print "\n\n";
> print "</body></html>\n";
>
> exit;
>
> }
Well, duh.
Generally, if you have a piece of code of the form:
if (!EXPR) {
BLOCK
}
and the BLOCK is executed, then EXPR is false.
So, in your case, you are denying people access to your page if their
browser doesn't send the optional Referer header in the HTTP request.
Why you require this header to be present is a question only
you can answer.
Abigail
**Majordomo list services provided by PANIX <URL:http://www.panix.com>**
**To Unsubscribe, send "unsubscribe phl" to majordomo@lists.pm.org**
|
|