function checkDomainAuthorization()
{
global $mosConfig_live_site, $_DOCMAN;
if (!$_DOCMAN->getCfg('security_anti_leech')) {
return true;
}
$this_url = parse_url($mosConfig_live_site);
$this_host = trim($this_url['host']);
if (isset($_SERVER['HTTP_REFERER'])) {
$from_url = parse_url($_SERVER['HTTP_REFERER']);
$from_host = trim($from_url['host']);
} else {
$from_host = "";
}
// Determine if they are local. They must:
// 1. match the defined server string
// 2. match the local address or have 'localhost' as their hostname.
// The last one is unlikely, but this will catch any case at all.
// If $from_host (remote) is empty, it's considered local, too.
if (empty($from_host) || strcasecmp($this_host, $from_host) == 0 || strcasecmp('127.0.0.1', $from_host) == 0 || strcasecmp('localhost', $from_host) == 0) {
$localhost = true;
} else {
$localhost = false;
}
$allowed = false;
// If the connection is NOT local, check if the remote host is allowed.
if (!$localhost) {
$allowed_hosts = explode('|', $_DOCMAN->getCfg('security_allowed_hosts'));
// If the $allowed_hosts list is empty, the remote host is not allowed by default.
if (count($allowed_hosts > 0)) {
foreach ($allowed_hosts as $allowed_host) {
$allowed_host = DOCMAN_Utils::wild2regular(trim($allowed_host));
if (strlen($allowed_host) == 0) {
continue;
}
$allowed_host .= 'i';
// make pattern case-insensitive
if (preg_match($allowed_host, $from_host)) {
$allowed = true;
break;
}
}
}
}
return $localhost || $allowed;
}
