Snitz Forums 2000 - Redirect Script

Snitz Forums 2000

Username:	Password:
Save Password
Forgot your Password?

All Forums

Community Forums

Code Support: ASP (Non-Forum Related)

Redirect Script

New Topic

Topic Locked

Printer Friendly

Author

Topic

Page: of 4

leatherlips
Senior Member

USA
1838 Posts

Posted - 10 July 2007 : 13:07:53

I am using the following script to prevent anyone from accessing a private page unless they approach it from a certain previous page first:

<%
If Instr(Request.ServerVariables("http_Referer"),"mangionemagic.com/forum/topic.asp")<1 Then
Response.Redirect "no.htm"
End If
%>

It works fine, however, I'd like to make it have to come from a specific page from within the forum such as topic.asp?TOPIC_ID=300

I can't seem to get it to work. If I add the ?TOPIC_ID=300 it will not work at all. If I don't add that then they can end up going to the private page from any topic.asp page.

How can I add the topic id into the code?

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 10 July 2007 : 13:13:21

The the HTTP_REFERER will never give you querystring values, so you will need a new test, after that one,

if Request.QueryString("TOPIC_ID")="300" Then...

Snitz 3.4 Readme | Like the support? Support Snitz too

AnonJr
Moderator

United States
5768 Posts

Posted - 10 July 2007 : 13:14:02

Should work:

<%
If Request.QueryString("TOPIC_ID") = 300 And Instr(Request.ServerVariables("http_Referer"),"mangionemagic.com/forum/topic.asp")<1 Then
Response.Redirect "no.htm"
End If
%>

Edit: Dang, just a little too slow...

Edited by - AnonJr on 10 July 2007 13:14:42

leatherlips
Senior Member

USA
1838 Posts

Posted - 10 July 2007 : 15:35:57

I've tried both, but it will not work. What should the whole code look like? I'm probably not inserting it correctly.

AnonJr
Moderator

United States
5768 Posts

Posted - 10 July 2007 : 16:07:40

Are you getting any errors?

ILLHILL
Junior Member

Netherlands
341 Posts

Posted - 10 July 2007 : 16:24:33

quote:
Originally posted by leatherlips

I've tried both, but it will not work. What should the whole code look like? I'm probably not inserting it correctly.

Think it will look like this:

<%
If Instr(Request.ServerVariables("http_Referer"),
"mangionemagic.com/forum/topic.asp")<1 Then
If Request.QueryString("TOPIC_ID") <> "300" Then
Response.Redirect "no.htm"
End If
End If
%>

Greets, Dominic

Edited by - ILLHILL on 10 July 2007 16:29:29

leatherlips
Senior Member

USA
1838 Posts

Posted - 10 July 2007 : 17:15:49

There are no errors.

I just tried the one ILLHILL posted and it also does not work.

It will let me come from any topic.asp page, even if it isn't the one I have in the code, in this case TOPIC_ID=300.

What I have is a VIP Section with a topic in it that has a link to a special page. I only want this page to be accessed from within that post.

AnonJr
Moderator

United States
5768 Posts

Posted - 10 July 2007 : 17:24:44

Duh, I see... you may want to consider passing some extra variable in the query string to check for in place of the topic ID since its not getting passed as rui said earlier. Stupid me forgot that it wouldn't be a part of the QueryString unless you added it as part of the link - and then it wouldn't be hard to pass that around.

Is this VIP section a part of the site or a part of the forum? (assuming you haven't tightly integrated them... if you have I've got a couple ideas.)

leatherlips
Senior Member

USA
1838 Posts

Posted - 10 July 2007 : 17:28:57

quote:
Originally posted by AnonJr

Is this VIP section a part of the site or a part of the forum? (assuming you haven't tightly integrated them... if you have I've got a couple ideas.)

The VIP section is a part of the forum (Allow Members Hidden).

In there is a link to go to a page outside of the forum. The script I am using is in the page outside of the forum. I don't want this page to be accessible in any way other than from the link within the forum VIP section. Does all of this make sense? (I am NOT an ASP expert in case you haven't noticed.

)

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 10 July 2007 : 17:36:21

ILLHILL made a small mistake. Where he used "<>" you should use "=", in the 2nd If statement.
Try it.

Snitz 3.4 Readme | Like the support? Support Snitz too

leatherlips
Senior Member

USA
1838 Posts

Posted - 10 July 2007 : 17:45:30

Sorry, but it still doesn't care which topic page I come from. I changed the <> to a =

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 10 July 2007 : 18:15:54

Can you post the code you now have?

Snitz 3.4 Readme | Like the support? Support Snitz too

leatherlips
Senior Member

USA
1838 Posts

Posted - 10 July 2007 : 18:30:54

Here is the code I have:

<%
If Instr(Request.ServerVariables("http_Referer"), "mangionemagic.com/forum/topic.asp")<1 Then
If Request.QueryString("TOPIC_ID") = "300" Then
Response.Redirect "no.htm"
End If
End If
%>

It is in the head of the page I am trying to protect. It is an .asp page.

AnonJr
Moderator

United States
5768 Posts

Posted - 10 July 2007 : 18:51:11

You would have to have "linktosecurepage.asp?TOPIC_ID=300" as your link to get the topic ID on your page since its not passed in the HTTP_REFERER and you're not on the actual topic page when you are checking.

Just a thought - I'm on a short "mental break" at work right now so I don't have time to really hash it out - but:

Have the link in the forum post send them to a custom page in your forum that check's if they have permission - either via a UserGroup or checking if they came from that topic or if they have permission to view that topic's forum.

If they have permission, set a custom cookie and then re-direct them. On your target page check for the cookie.

Now this is assuming all pages are in the same domain...

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 10 July 2007 : 19:55:54

Try this:


scriptname = split(request.servervariables("SCRIPT_NAME"),"/")
if scriptname(ubound(scriptname))="topic.asp" then
  if Request.QueryString("TOPIC_ID")<>"300" then
     Response.Redirect "no.htm"
  end if
end if

Snitz 3.4 Readme | Like the support? Support Snitz too

AnonJr
Moderator

United States
5768 Posts

Posted - 10 July 2007 : 20:21:09

Unless I've really misunderstood leatherlips, the page this code is running on is not topic.asp, nor is it a forum page - custom or otherwise. Therefore the SCRIPT_NAME will hold the name of the .asp page that this is running on and it will also not hold the TOPIC_ID variable.

He wants the only way to get to the page outside the forum to be from a link inside a specific MembersOnly forum.

Page: of 4

Topic

New Topic

Topic Locked

Printer Friendly

Jump To:

Snitz Forums 2000

This page was generated in 0.27 seconds.