Hi all

I have made a sharepoint for a school, and we have this application that requires you to put a login to access the web. My problem is that the sharepoint can be accessed without logging onto the web, and theres data on there that are on the web on different servers, which reqiure you to log onto the internet, I've put some text at the bottom of these features saying you have to log on to the net to see it, with a link to do so. But i only want this text when you access the sharepoint when you connect to it directly (when you type in the server address when your in the school buliding) and i don't want it to appear when you access the sharepoint online.

So for loads of you who have lost me earlier in that description, what i want is a script that does this process:

Is user accessing sharepoint via address www.school.com??
if yes, dont display the text
if no, display the text

If this is too complicated or it cannot be done please email me at ictbtec04techteam@hotmail.co.uk

Thanks

Joe

Hi, Joe.

This isn't hard and can be done quite easily. However, it simply won't always work.

This requires the REFERER_URI [ie, referring url, named that in PHP] to be sent and be accurate.
Possibilities:
1. The browser sends this and accurately. [good]
2. The browser changes it for some reason or the user changes it [perhaps to hack]. [bad]
3. The browser just doesn't send it. [bad]

Since it's a client side feature, the user or browser can change/customize this arbitrarily, so you have no idea whether it will be sent or if it will be accurate.

Considering that you're just issuing a warning if it DOESN'T match, then I think that's just fine. Occasionally, someone might have logged in and they will get the warning. But it doesn't actually block anything, so I don't see much trouble with that.

Using PHP you can do this:

<?php
if (strpos($_SERVER['REFERER_URI'],'school.com')!==FALSE)) {
echo '<p>Warning: you should access this through the proper site.</p>';
}
?>

Note that searches for "school.com" in the referrer, so you will allow any matches, like http://school.com, http://www.school.com and http://school.com/a/b/c.htm. It will also allow something like http://another.com/fake=school.com, but that is unlikely and it's possible to fake the referrer anyway, so you shouldn't worry about that. At worst, they'll find a way to not get the message. It's not a secure system, anyway, right?

PHP requires the page end in .php (or your server configured to send .htm as php) and that PHP is installed/enabled.

This would also work in other server side programming languages, such as ASP.

thanks for your help, really greatful, but does this display the text as an alert or does it display this as normal text?

Thanks

Joe

I'm sory to dissapoint you, but it didnt work :-( Thanks anyway, you have been a real help

Joe

echo simply outputs text. You could play the php/echo at the right location for an alert and it would do that.
I'm not sure why it isn't working, but the code is extremely simple. I would guess that php isn't setup. Does your page end with .php?

Better would be:
$pap = array(
'192.168.',
'10.',
'172.' // this is actually only between (172.16, 172.31), but we'll be optimistic.
);

function address_starts_with($pre) {
return strpos($_SERVER['HTTP_REMOTE_ADDR'], $pre) === 0;
}

define('LAN_ACCESS', !!array_filter($pap, 'address_starts_with'));

if(LAN_ACCESS) {
// do stuff
}