Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?


Login with username, password and session length
February 09, 2012, 08:43:55 PM

Pages: 1 [2]   Go Down
« previous next »
  Print  
Author Topic: custom code for hot link protector?  (Read 3793 times)
MTR
Guest
« Reply #15 on: November 27, 2009, 04:26:37 PM »
I think it may have to do with the coding here (found on moshpittragedy.com/info-afterthebombs.shtml):

<form action="http://www.moshpittragedy.com/order.php" method="post">
<input type="hidden" name="album" value="AfterTheBombs;http://www.moshpittragedy.com/dl-afterthebombs.html" />

See the bold on the second line?   The band name is there before the URL because it tells me what download they paid for through my paypal notifications.  But since its attached to the URL that is being blocked, that could be it Huh

Wonder if theres a way to incorporate this into the htaccess code?

EDIT:  I took out the form code and just linked http://www.moshpittragedy.com/dl-afterthebombs.html normally, and it worked, was not blocked. So it is something in this code.
« Last Edit: November 27, 2009, 05:01:28 PM by MTR » Logged
MrPhil
Berserker Poster
*****
Offline Offline

Posts: 5083
« Reply #16 on: November 27, 2009, 05:55:25 PM »
Well, a value field in a form shouldn't be directly generating a link or URL. Have you checked that in order.php it is properly removing the name and semicolon before using that link? (from your EDIT, it sounds like maybe not -- have you printed out the name after processing to see what the link actually is?) That link isn't coming in from paypal.com, is it? (return link or whatever they call it) If it is, you could try adding paypal.com to the hotlink whitelist in both places. Can you tell just what the full link being used in your code is? Does the browser show the link URL on the status line, and it's something that shouldn't be blocked by the hotlink code?

Are you giving your doctor a cut of the business?
Logged
MTR
Guest
« Reply #17 on: November 27, 2009, 10:36:20 PM »
Quote from: MrPhil on November 27, 2009, 05:55:25 PM
Well, a value field in a form shouldn't be directly generating a link or URL. Have you checked that in order.php it is properly removing the name and semicolon before using that link?
No, I took a look but I really have no idea how to check for that.

Check this out, it sort of works... I just changed the bit at the end from what you made.  The last line is meant to forward a URL with that bit of code on the front to the proper URL without the code (talking about the Arrestum; thing)

RewriteEngine On

# whitelist my own site... restrictions don't apply to it
RewriteCond  %{HTTP_REFERER} !^http://(www\.)?moshpittragedy\.com(/)?.*$     [NC]
# *.zip file access send to moshpittragedy.com/index.html
RewriteRule  .*\.zip$  /index.html  [NC]

# whitelist my own site... restrictions don't apply to it. exempt /index.html
RewriteCond  %{HTTP_REFERER} !^http://(www\.)?moshpittragedy\.com(/)?.*$     [NC]
RewriteCond  %{REQUEST_URI}  !^/index\.html$  [NC]
RewriteRule  .*\.shtml$  /$1.shtml  [NC]  

I'm not sure how, but this seems to sort of work, only it gives a 500 error if you enter an shtml page into the browser (moshpittragedy.com/info-arrestum.shtml)
If  I went with this I think maybe I would have to rename some of my html pages to shtml to have them lumped in the same category.

Think this is ok?  Anything smoother I can do with it?
« Last Edit: November 27, 2009, 10:45:38 PM by MTR » Logged
MrPhil
Berserker Poster
*****
Offline Offline

Posts: 5083
« Reply #18 on: November 28, 2009, 06:11:00 AM »
Quote from: MTR on November 27, 2009, 10:36:20 PM
No, I took a look but I really have no idea how to check for that.
echo "value: $album<br>\n";
...do whatever you do to split $album into $name and $url...
echo "resulting name: $name<br>\n";
echo "resulting url: $url<br>\n";

Do name and url look proper?

By the way... since you're bringing in data from a form, you aren't relying on register global variables, are you? You would need to do a $album = $_REQUEST['album']; before using the value $album. Otherwise $album is undefined (empty).

Quote
Check this out, it sort of works... I just changed the bit at the end from what you made.  The last line is meant to forward a URL with that bit of code on the front to the proper URL without the code (talking about the Arrestum; thing)

RewriteRule  .*\.shtml$  /$1.shtml  [NC]  
Uh, no. You have no $1 value. You need to put ( ) around something to capture it into a $n variable. Even then, what's the point here? You have /xxxxx.shtml being sent to /xxxxx.shtml.

Please show the PHP code in order.php where you handle the incoming 'album' field, process it, and do a link or whatever with it. I suspect you're doing something wrong there.
Logged
MTR
Guest
« Reply #19 on: November 28, 2009, 07:49:10 AM »
Here's all the code for order.php
I didn't write it... I had a friend help who is now unavailable.
--
<?php
$str = $_POST['album'];
$album = strtok($str, ";");
$dl = strtok(";");
$price = $_POST['price'];
if($price == 0){?>
<META HTTP-EQUIV="Refresh" CONTENT="1;URL=<?php echo $dl ?>">


<html><head></head>




<body>
<centeR><P><BR><P><BR><P><BR><P><BR><P><BR><P><BR>
<FONT FACE=TAHOMA SIZE=2><H2><b>LOADING</B></center></body></html>


<?php
}else{
?>

<html>
<head>
</head>
<body>
<center><P><BR><P><BR><P><BR><P><BR><P><BR><P><BR>
<form target="paypal" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but22.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
<input type="hidden" name="add" value="1">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="business" value="mptrecords@hotmail.com">
<input type="hidden" name="item_name" value="<?php echo $album?>">
<input type="hidden" name="amount" value="<?php echo $price?>">
<input type="hidden" name="shipping" value="0.00">
<input type="hidden" name="page_style" value="PayPal">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="return" value="<?php echo $dl?>">
<input type="hidden" name="cancel_return" value="http://www.moshpittragedy.com">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="currency_code" value="CAD">
<input type="hidden" name="tax" value="0.00">
<input type="hidden" name="lc" value="CA">
<input type="hidden" name="bn" value="PP-ShopCartBF">
<!-- input type="submit" value="Place Order" -->
</form>
</body>
</html>
<?php } ?>
Logged
MrPhil
Berserker Poster
*****
Offline Offline

Posts: 5083
« Reply #20 on: November 28, 2009, 09:45:04 AM »
Yikes! I don't know where to begin. Well, try rewriting it like this:
Code:
<html><head>
<?php
$str $_POST['album'];
$price $_POST['price'];
list($album$dl) = explode(";"$str);
if ($price == 0) { 
?>
<meta http-equiv="Refresh" content="1; url=<?php echo $dl ?>">
<?php
}
?>
<title><?php echo $album?></title>
</head>
<body>
<center><p> <br> <br> <br> <br> <br> <br></p>
<?php 
if ($price == 0) { 
?>
<font face="Tahoma" size="2"><h2><b>LOADING</b></h2></font>
<?php
} else {
?>
<form target="paypal" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-but22.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
<input type="hidden" name="add" value="1">
<input type="hidden" name="cmd" value="_cart">
<input type="hidden" name="business" value="mptrecords@hotmail.com">
<input type="hidden" name="item_name" value="<?php echo $album?>">
<input type="hidden" name="amount" value="<?php echo $price?>">
<input type="hidden" name="shipping" value="0.00">
<input type="hidden" name="page_style" value="PayPal">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="return" value="<?php echo $dl?>">
<input type="hidden" name="cancel_return" value="http://www.moshpittragedy.com">
<input type="hidden" name="no_note" value="1">
<input type="hidden" name="currency_code" value="CAD">
<input type="hidden" name="tax" value="0.00">
<input type="hidden" name="lc" value="CA">
<input type="hidden" name="bn" value="PP-ShopCartBF">
<!-- input type="submit" value="Place Order" -->
</form>
<?php 

?>
</center>
</body></html>

That should at least get the meta tag, etc, in the right place, and make the HTML a bit more understandable.
Logged
MTR
Guest
« Reply #21 on: November 28, 2009, 10:30:00 AM »
I replaced the old order.php with what you said, and it works properly -thanks for that. However when I put your htaccess code back and try that again, the same problem persists (I have been leaving both .htaccess files empty unless testing your code in .htaccess in the public_html folder).

If there is no fix, would there be some other way to achieve the desired effect?  Possibly manually calling on each html or shtml page that needs to redirected (only when any other site tries to link to it or anyone tries to enter it manually into the browser bar, not when it is called from a php page in an iframe like it should be) and send it to its corresponding php page instead of index.html?  To clarify, I'm trying to make it so anyone else can't link directly to what is supposed to be iframe content and not displayed without its php 'parent'.

If the value name being called in bold below (as seen for example here: moshpittragedy.com/info-afterthebombs.shtml) is the problem, can we include something to tell it to include it?

<form action="http://www.moshpittragedy.com/order.php" method="post">
<input type="hidden" name="album" value="AfterTheBombs;http://www.moshpittragedy.com/dl-afterthebombs.html" />
« Last Edit: November 28, 2009, 10:44:46 AM by MTR » Logged
MrPhil
Berserker Poster
*****
Offline Offline

Posts: 5083
« Reply #22 on: November 28, 2009, 01:39:02 PM »
One more thing to try, before giving up, is to see what the HTTP_REFERER value coming in is. We assume it's either moshpittragedy.com or www.moshpittragedy.com, but maybe the iframe is doing something strange to the URL. This is a bit complicated because you can't put PHP code in plain .html files (unless you're handling .html as PHP). In that case, you could simply echo $HTTP_REFERER; in the PHP code. As it is, I think we'll have to play some games in .htaccess to display the referrer.
Code:
RewriteRule  .*\.s?html  /zork%{HTTP_REFERER}
I think that will work. You hopefully will get a NNN (404?) error code that will show /zorkmoshpittragedy.com/maybe-the-rest-of-it doesn't exist, and we can see what the referrer is. Change .htaccess back immediately. Too bad it's so painful to debug .htaccess files!

It shouldn't matter that you're passing the title and URL combined into one field, although it would have been cleaner to do it as two hidden variables instead of one. Still, it would be nice to know what value is going in the refresh meta tag. How about changing the time delay in the <meta> tag from 1; to 100; (just temporarily)? That should give you enough time to do a View > Page source and see if it shows url=http://moshpit....html. If that's OK, try commenting out the second URL rewrite (two RewriteConds and one RewriteRule) in .htaccess to make sure that's where we're going off the tracks.

If that doesn't work, you could try opening a support ticket asking why my .htaccess doesn't work, and does it have anything to do with iframes? At worst, they'll bounce you back to here and say that they don't support application debugging. If you want to pay me for more of my time, you could send me your site access information so I can get in and play with it and try to figure it out.
Logged
MTR
Guest
« Reply #23 on: November 28, 2009, 08:07:58 PM »
Quote from: MrPhil on November 28, 2009, 01:39:02 PM
How about changing the time delay in the <meta> tag from 1; to 100; (just temporarily)? That should give you enough time to do a View > Page source and see if it shows url=http://moshpit....html.

OK I did that and the source reads:

<html><head>
<meta http-equiv="Refresh" content="100; url=http://www.moshpittragedy.com/dl-afterthebombs.html">
<title>AfterTheBombs</title>

Is that what we want?

Also, I did what I think you meant and took out the second rewritecond line, so it looked like this:

RewriteEngine On

# whitelist my own site... restrictions don't apply to it
RewriteCond  %{HTTP_REFERER} !^http://(www\.)?moshpittragedy\.com(/)?.*$     [NC]
# *.zip file access send to moshpittragedy.com/index.html
RewriteRule  .*\.zip$  /index.html  [NC]

# whitelist my own site... restrictions don't apply to it. exempt /index.html
RewriteCond  %{HTTP_REFERER} !^http://(www\.)?moshpittragedy\.com(/)?.*$     [NC]
# all other *.html or *.shtml send to /index.html
RewriteRule  .*\.s?html$  /index.html  [NC]

When I did that, it gives a 500 error when you put a zip or any shtml or html files into the browser line. So that almost does it, but I'd like to either redirect to moshpittragedy.com when that happens, or to the corresponding php page. 
« Last Edit: November 28, 2009, 08:19:44 PM by MTR » Logged
Pages: 1 [2]   Go Up
  Print  
« previous next »
 
Jump to: