> Here's my site structure (with names changed appropriately):

> ROOT
> Root/Folder1/Processor.asp
> Root/Folder2/Folder3/game.asp
> Root/Folder2/Folder3/Folder4/game.swf

> Game.swf is embedded in game.asp
> Game.swf calls Processor.asp to set and retrieve high scores.

> I *thought* that the http_referer would therefore be
> http://www.sitename/folder1/folder2/folder3/game.swf

> If it's not that, then it would be
> http://www.sitename/folder1/folder2/folder3/game.asp - right?

> The problem is that this chunk of code fails everytime ... and it's
> confusing me. The whole .swf has thrown me into a loop.
> ------------------------------
>  strReferer = Request.ServerVariables("HTTP_REFERER")

>  If Instr(1, strReferer, http://www.sitename/folder1/folder2/folder3/, 1)
<>
> 1 Then
>   intScore = -1
>  End If
> ------------------------------

> Is the logic behind this wrong? I figured that the strReferer will have
the
> entire URL and all I'm doing is checking to see if the first part of it
> matches the correct site/folder structure.

> I have validated the path by placing a test.asp in folder 4 which called
> processor.asp and had it response.write the referer ... everything looked
> normal.

> I've also taken the same code and put it in another page (no .swf) and it
> seems to work okay.

> So, what am I overlooking here? Probably something very straight forward.
At
> the moment, the above code NEVER equals one and is there rejecting all
> scores.

> Anyone please respond if I am wrong!

> //Micke

> > I'm trying to verify that a particular script was called from a valid
> > location and not anywhere else (to add a level of protection from kids
> > running their own calls against the script).

> > Here's my site structure (with names changed appropriately):

> > ROOT
> > Root/Folder1/Processor.asp
> > Root/Folder2/Folder3/game.asp
> > Root/Folder2/Folder3/Folder4/game.swf

> > Game.swf is embedded in game.asp
> > Game.swf calls Processor.asp to set and retrieve high scores.

> > I *thought* that the http_referer would therefore be
> > http://www.sitename/folder1/folder2/folder3/game.swf

> > If it's not that, then it would be
> > http://www.sitename/folder1/folder2/folder3/game.asp - right?

> > The problem is that this chunk of code fails everytime ... and it's
> > confusing me. The whole .swf has thrown me into a loop.
> > ------------------------------
> >  strReferer = Request.ServerVariables("HTTP_REFERER")

> >  If Instr(1, strReferer, http://www.sitename/folder1/folder2/folder3/,
1)
> <>
> > 1 Then
> >   intScore = -1
> >  End If
> > ------------------------------

> > Is the logic behind this wrong? I figured that the strReferer will have
> the
> > entire URL and all I'm doing is checking to see if the first part of it
> > matches the correct site/folder structure.

> > I have validated the path by placing a test.asp in folder 4 which called
> > processor.asp and had it response.write the referer ... everything
looked
> > normal.

> > I've also taken the same code and put it in another page (no .swf) and
it
> > seems to work okay.

> > So, what am I overlooking here? Probably something very straight
forward.
> At
> > the moment, the above code NEVER equals one and is there rejecting all
> > scores.

> BUM FLUFF!

> Now that's going to prove interesting trying to figure out a way around
> that. Any suggestions?

> > If you write out the HTTP_REFERER I guess you get nothing and that means
> you
> > dont have any HTTP_REFERER. To get one you need to submit a form or
have
> > your user click a link on the refering page. As far as I know the
> > response.redirect doesnt qualfy as a referer.

> > Anyone please respond if I am wrong!

> > //Micke

> > > I'm trying to verify that a particular script was called from a valid
> > > location and not anywhere else (to add a level of protection from kids
> > > running their own calls against the script).

> > > Here's my site structure (with names changed appropriately):

> > > ROOT
> > > Root/Folder1/Processor.asp
> > > Root/Folder2/Folder3/game.asp
> > > Root/Folder2/Folder3/Folder4/game.swf

> > > Game.swf is embedded in game.asp
> > > Game.swf calls Processor.asp to set and retrieve high scores.

> > > I *thought* that the http_referer would therefore be
> > > http://www.sitename/folder1/folder2/folder3/game.swf

> > > If it's not that, then it would be
> > > http://www.sitename/folder1/folder2/folder3/game.asp - right?

> > > The problem is that this chunk of code fails everytime ... and it's
> > > confusing me. The whole .swf has thrown me into a loop.
> > > ------------------------------
> > >  strReferer = Request.ServerVariables("HTTP_REFERER")

> > >  If Instr(1, strReferer, http://www.sitename/folder1/folder2/folder3/,
> 1)
> > <>
> > > 1 Then
> > >   intScore = -1
> > >  End If
> > > ------------------------------

> > > Is the logic behind this wrong? I figured that the strReferer will
have
> > the
> > > entire URL and all I'm doing is checking to see if the first part of
it
> > > matches the correct site/folder structure.

> > > I have validated the path by placing a test.asp in folder 4 which
called
> > > processor.asp and had it response.write the referer ... everything
> looked
> > > normal.

> > > I've also taken the same code and put it in another page (no .swf) and
> it
> > > seems to work okay.

> > > So, what am I overlooking here? Probably something very straight
> forward.
> > At
> > > the moment, the above code NEVER equals one and is there rejecting all
> > > scores.

> > Well, you know ... you're probably right for all the wrong reasons. It's
> > coming from a flash file, so - yes - that's not a link or form
submission.

> > BUM FLUFF!

> > Now that's going to prove interesting trying to figure out a way around
> > that. Any suggestions?

> > > If you write out the HTTP_REFERER I guess you get nothing and that
means
> > you
> > > dont have any HTTP_REFERER. To get one you need to submit a form or
> have
> > > your user click a link on the refering page. As far as I know the
> > > response.redirect doesnt qualfy as a referer.

> > > Anyone please respond if I am wrong!

> > > //Micke

> > > > I'm trying to verify that a particular script was called from a
valid
> > > > location and not anywhere else (to add a level of protection from
kids
> > > > running their own calls against the script).

> > > > Here's my site structure (with names changed appropriately):

> > > > ROOT
> > > > Root/Folder1/Processor.asp
> > > > Root/Folder2/Folder3/game.asp
> > > > Root/Folder2/Folder3/Folder4/game.swf

> > > > Game.swf is embedded in game.asp
> > > > Game.swf calls Processor.asp to set and retrieve high scores.

> > > > I *thought* that the http_referer would therefore be
> > > > http://www.sitename/folder1/folder2/folder3/game.swf

> > > > If it's not that, then it would be
> > > > http://www.sitename/folder1/folder2/folder3/game.asp - right?

> > > > The problem is that this chunk of code fails everytime ... and it's
> > > > confusing me. The whole .swf has thrown me into a loop.
> > > > ------------------------------
> > > >  strReferer = Request.ServerVariables("HTTP_REFERER")

> > > >  If Instr(1, strReferer,

> > > > Is the logic behind this wrong? I figured that the strReferer will
> have
> > > the
> > > > entire URL and all I'm doing is checking to see if the first part of
> it
> > > > matches the correct site/folder structure.

> > > > I have validated the path by placing a test.asp in folder 4 which
> called
> > > > processor.asp and had it response.write the referer ... everything
> > looked
> > > > normal.

> > > > I've also taken the same code and put it in another page (no .swf)
and
> > it
> > > > seems to work okay.

> > > > So, what am I overlooking here? Probably something very straight
> > forward.
> > > At
> > > > the moment, the above code NEVER equals one and is there rejecting
all
> > > > scores.

>  If Instr(1, strReferer, http://www.sitename/folder1/folder2/folder3/, 1)
<>
> 1 Then
>   intScore = -1
>  End If
> ------------------------------