patrickberkeley · February 1, 2010 01:51
diff --git a/check_referer_redirect.php b/check_referer_redirect.php
 # make sure referer is set
 if ((isset($_SERVER['HTTP_REFERER'])) and ($_SERVER['HTTP_REFERER']!= '')) {
 	$url = urldecode($_SERVER['HTTP_REFERER']);
 	$url_ary = parse_url($url);
 	
    # make sure referer matches our domain (hardcoded as WEB_ROOT global variable)
 	if (($url_ary[scheme].'://'.$url_ary[host]).'/' == WEB_ROOT) {
        # grab path, remove slash
 		$url_path = substr($url_ary[path], 1);
        # redirect with message and id
 		header("Location: ".WEB_ROOT.$url_path."?msg=".$message."&userID=".$_POST['userID']);
 	} else {
        # redirect and kill if we're being spoofed
 		header("Location: ".WEB_ROOT."index.php?msg=2");
 		die();
 	}
 }
	# make sure referer is set
	if ((isset($_SERVER['HTTP_REFERER'])) and ($_SERVER['HTTP_REFERER']!= '')) {
	$url = urldecode($_SERVER['HTTP_REFERER']);
	$url_ary = parse_url($url);

	# make sure referer matches our domain (hardcoded as WEB_ROOT global variable)
	if (($url_ary[scheme].'://'.$url_ary[host]).'/' == WEB_ROOT) {
	# grab path, remove slash
	$url_path = substr($url_ary[path], 1);
	# redirect with message and id
	header("Location: ".WEB_ROOT.$url_path."?msg=".$message."&userID=".$_POST['userID']);
	} else {
	# redirect and kill if we're being spoofed
	header("Location: ".WEB_ROOT."index.php?msg=2");
	die();
	}
	}