function checkDomainAuthorization() { global $mosConfig_live_site, $_DOCMAN; if (!$_DOCMAN->getCfg('security_anti_leech')) { return true; } $this_url = parse_url($mosConfig_live_site); $this_host = trim($this_url['host']); if (isset($_SERVER['HTTP_REFERER'])) { $from_url = parse_url($_SERVER['HTTP_REFERER']); $from_host = trim($from_url['host']); } else { $from_host = ""; } // Determine if they are local. They must: // 1. match the defined server string // 2. match the local address or have 'localhost' as their hostname. // The last one is unlikely, but this will catch any case at all. // If $from_host (remote) is empty, it's considered local, too. if (empty($from_host) || strcasecmp($this_host, $from_host) == 0 || strcasecmp('127.0.0.1', $from_host) == 0 || strcasecmp('localhost', $from_host) == 0) { $localhost = true; } else { $localhost = false; } $allowed = false; // If the connection is NOT local, check if the remote host is allowed. if (!$localhost) { $allowed_hosts = explode('|', $_DOCMAN->getCfg('security_allowed_hosts')); // If the $allowed_hosts list is empty, the remote host is not allowed by default. if (count($allowed_hosts > 0)) { foreach ($allowed_hosts as $allowed_host) { $allowed_host = DOCMAN_Utils::wild2regular(trim($allowed_host)); if (strlen($allowed_host) == 0) { continue; } $allowed_host .= 'i'; // make pattern case-insensitive if (preg_match($allowed_host, $from_host)) { $allowed = true; break; } } } } return $localhost || $allowed; }