Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Latest Referrer Block for RN 2.5
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x
Author Message
Dawg
RavenNuke(tm) Development Team



Joined: Nov 07, 2003
Posts: 928
PostPosted: Sun Jan 22, 2012 7:29 am Reply with quote
Here is the Latest Referrer Block for RN2.5

If you have any problems let me know.

Code:



<?php





/************************************************************************/


/* PHP-NUKE: Web Portal System                                          */


/* ===========================                                          */


/*                                                                      */


/* Copyright (c) 2002 by Francisco Burzi                                */


/* http://phpnuke.org                                                   */


/* This program is free software. You can redistribute it and/or modify */


/* it under the terms of the GNU General Public License as published by */


/* the Free Software Foundation; either version 2 of the License.       */


/************************************************************************/


//Latest Referrer Block by Dawg with Help from the RN Staff


//Palbin


//Guardian2003


//Thank You for Your Time


//~~~~~~~~~~~~~RavenNuke ROCKS! ~~~~~~~~~~~~~~~~








if ( !defined('BLOCK_FILE') ) {


   Header('Location: ../index.php');


   die();


}





global $prefix, $db;





//$domain= ($_SERVER['HTTP_HOST']);


$domain= "YOURWEBSITE.com";


//Set $Showtime


//Set to 1 for for both Date/time


//Set to 2 for Date


// Set to 3 for  Off


$showtime= '3';


//How Many Referers to show?


$number= 30;


//No Edits needed below this line


$querystr = "SELECT refered_from,date FROM ".$prefix."_nsnst_tracked_ips  WHERE refered_from NOT LIKE 'local' AND refered_from NOT LIKE 'on site' AND refered_from NOT LIKE 'none' AND refered_from NOT LIKE '%$domain%' ORDER BY date DESC LIMIT $number" ;


   


   $result = $db->sql_query($querystr)  


   or die ('invalid query in towndisplay');


   $numrows = $db->sql_numrows($result); 


   for ($n=0; $n < $numrows; $n++) 


   {


      list ($refered_from,$date) = $db->sql_fetchrow($result); 


         if($refered_from !='on site' AND $refered_from !='none' AND $refered_from !='local') {


            if(strlen($refered_from) > 30) {


               $rfrom = substr($refered_from, 0, 30).'...';


            } else {


               $rfrom = $refered_from;


               }


            $content .= '<a href="' . $refered_from . '" title="' . $refered_from . '" target="_blank">' . $rfrom . '</a>'; 





            if ($showtime==1){


               $timestamp = strftime('%D - %r',$date);


               $content .= ' - ' . $timestamp; 


            }


            elseif($showtime==2){


               $timestamp = strftime('%D',$date);


               $content .= ' - ' . $timestamp; 


            }


            elseif($showtime==3){


               $content .= '';


            }


            $content .= '<br />';


         };


   };


?>


Dawg
 
View user's profile Send private message
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
PostPosted: Sun Jan 22, 2012 8:46 am Reply with quote
You might want to consider changing this line here:

Code:



$content .= '<a href="' . $refered_from . '" title="' . $refered_from . '" target="_blank">' . $rfrom . '</a>';


to this instead (just to be safe):

Code:



$content .= '<a href="' . htmlspecialchars($refered_from,ENT_QUOTES,_CHARSET) . '" title="' . $refered_from . '" target="_blank">' . htmlspecialchars($rfrom,ENT_QUOTES,_CHARSET) . '</a>';


Just concerned if there is any way that the referrer info could be "poisoned" somehow with XSS.

Just curious though if you block bad referrers somehow through .htaccess? I would hate to promote nefarious sites through this kind of block. Just a reason why I personally don't use such a block. Maybe you're only using it for Admin Only.

_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... 
View user's profile Send private message Visit poster's website
Dawg
PostPosted: Sun Jan 22, 2012 8:53 am Reply with quote
Thank You!

It is better to be safe than sorry....

Mine is set to ADMIN only. I would never show this to the public.

Here is the updated code....

Dawg


Code:



<?php 





/************************************************************************/ 


/* PHP-NUKE: Web Portal System                                          */ 


/* ===========================                                          */ 


/*                                                                      */ 


/* Copyright (c) 2002 by Francisco Burzi                                */ 


/* http://phpnuke.org                                                   */ 


/* This program is free software. You can redistribute it and/or modify */ 


/* it under the terms of the GNU General Public License as published by */ 


/* the Free Software Foundation; either version 2 of the License.       */ 


/************************************************************************/ 


//Latest Referrer Block by Dawg with Help from the RN Staff 


//Palbin 


//Guardian2003 


//montego


//Thank You for Your Time 


//~~~~~~~~~~~~~RavenNuke ROCKS! ~~~~~~~~~~~~~~~~ 


if ( !defined('BLOCK_FILE') ) { 


   Header('Location: ../index.php'); 


   die(); 


} 


global $prefix, $db; 


//$domain= ($_SERVER['HTTP_HOST']); 


$domain= "YOURWEBSITE.com"; 


//Set $Showtime 


//Set to 1 for for both Date/time 


//Set to 2 for Date 


// Set to 3 for  Off 


$showtime= '3'; 


//How Many Referers to show? 


$number= 30; 


//No Edits needed below this line 


$querystr = "SELECT refered_from,date FROM ".$prefix."_nsnst_tracked_ips  WHERE refered_from NOT LIKE 'local' AND refered_from NOT LIKE 'on site' AND refered_from NOT LIKE 'none' AND refered_from NOT LIKE '%$domain%' ORDER BY date DESC LIMIT $number" ; 


   $result = $db->sql_query($querystr)  


   or die ('invalid query in towndisplay'); 


   $numrows = $db->sql_numrows($result); 


   for ($n=0; $n < $numrows; $n++) 


   { 


      list ($refered_from,$date) = $db->sql_fetchrow($result); 


         if($refered_from !='on site' AND $refered_from !='none' AND $refered_from !='local') {


             if(strlen($refered_from) > 30) { 


               $rfrom = substr($refered_from, 0, 30).'...'; 


            } else { 


               $rfrom = $refered_from; 


               }


         $content .= '<a href="' . htmlspecialchars($refered_from,ENT_QUOTES,_CHARSET) . '" title="' . $refered_from . '" target="_blank">' . htmlspecialchars($rfrom,ENT_QUOTES,_CHARSET) . '</a>';


            if ($showtime==1){ 


               $timestamp = strftime('%D - %r',$date); 


               $content .= ' - ' . $timestamp; 


            } 


            elseif($showtime==2){ 


               $timestamp = strftime('%D',$date); 


               $content .= ' - ' . $timestamp; 


            } 


            elseif($showtime==3){ 


               $content .= ''; 


            } 


            $content .= '<br />'; 


         }; 


   }; 


?>
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©