I have the board as a subdomain, and when I try to log out from a page which isn't at the subdomain, it gives me the smf306 error
"Unable to verify referring site. Please go back and try again. "
Is there an easy way I can fix this?
Don't use multiple urls to access one install of SMF. Only use one.
-[Unknown]
okay, but now just having it on a page without the www. makes it not work!!
that's no good... I can't control whether my visitors put in the www. or not.
Well, if you set your forum url properly, it should fix it for them anyway, so it wouldn't be a problem.
Notice here, everything is fine. Whether you go to www. or not doesn't matter.
-[Unknown]
GD thanks alot
I changed it from http://www.circlesarefun.com/forum/
to http://circlesarefun.com/forum/
to http://www.circlesarefun.com/forum
to http://circlesarefun.com/forum
and it didnt work
AND THEN i tried circlesarefun.com/forum and it totally messed up.
Now I can't even change the url in the settings, I tried reduplicating the doc. but it says invalid referer bla bla, where can I change the stupid $boardurl????
Never mind, I worked it out myself.
However, my original problem still holds.
It's not like it says anywhere how I'm supposed to enter my domain name, and if it did I would have followed the advise.
And you're not using anything outside of your forum to logout, so how can you say you're not having any problems??
Well, see, you don't want to logout from off the subdomain. Let me 'splain.
Here, there are things you do not even know about that handle all kinds of fun things. And, they work across subdomains you may not even ever see.
However, the reason this check is made is because of, frankly, hackers.
It's possible to do this [ img ] link-to-logout [ /img ] on other forum softwares, which means... moderators can't delete the topic! As soon as they view it, they are logged out.
That's why the session check is there. The referer is also checked to make sure you didn't come from a different domain.
If you're sure you want referer checks off, try this... find, Sources/Security.php
// Produce an error if the host was found, but isn't correct.
if (!empty($referer['host']) && !empty($rhost) && strtolower($referer['host']) != strtolower($rhost))
fatal_lang_error('smf306');
And simply remove it. Please note that this will slightly reduce the security of your forum, although the session checks should be enough for most cases.
I recommend you use a simple script to set the cookie independent of SMF to logout, since this will work.
-[Unknown]
Yeah, I already found that and put /* */ around it :P:P
I'd perfer security, but whatever, I understand the need for it and all for other sites and people, and hacks and stuff; but I dunno for me, if I care, or if it's even a threat.
As for these seperate cookies, what do you mean exactly?
You can set cookies yourself.... setLoginCookie() in Subs-Auth.php may be your friend ;).
-[Unknown]