Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- Template Name: Check Referer
- */
- /*
- http://www.gravityhelp.com/forums/topic/lock-down-a-page-unless-you-complete-a-form
- */
- // if the current user cannot edit posts, they might not be logged in, or might be logged in as subscriber
- // which is the only role which does not have edit_posts capability. This is so editors and administrators
- // can directly access the page to make edits, without having to submit the form to set the HTTP_REFERER
- if(!current_user_can('edit_posts')) {
- // define the URL where we want to send people instead of showing them the page they requested
- $url = trailingslashit(get_bloginfo('url')); // can be any URL. This is the URL for the home page of the site
- // define the URL you want to make sure people come from before gaining access to this protected page
- $check_url = 'http://www.example.com/page-on-your-site/that-people-must-come-from/';
- // if the current user is not logged in with more than a subscriber role, check to see if HTTP_REFERER is set
- // make sure HTTP_REFERER is set before trying to read the value; avoid PHP warnings and notices
- if(isset($_SERVER['HTTP_REFERER'])) {
- $referring = $_SERVER['HTTP_REFERER'];
- if ($check_url <> $referring) {
- header("Location: $url");
- // don't process any more code
- exit;
- }
- }
- // if HTTP_REFERER is not set, redirect to $url as well. This may be overly aggressive
- else {
- header("Location: $url");
- // don't process any more code
- exit;
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement