/* REFERRER CHECKING SCRIPT - JohnC - 2 Oct 2000
Checks the document.referrer, so all users MUST come to the page
only from specific URL(s) - therefore stops direct linking to the page.		*/


/* ######## USAGE AND SETTING UP - HERE'S HOW YOU USE THE SCRIPT !

FIRST - PUT A LINK TO THIS SCRIPT right at the top of your HTML page,
 immediately after the <HEAD> tag and **before** <TITLE or <META> etc :

 <SCRIPT SRC="../check.js"></SCRIPT>

SECOND - TO STOP NON-JAVASCRIPT BROWSERS beating the system, place the
 following META tag immediately below that, and set the URL to kick them to.
 - note the wierd way the " are used in this - don't change their positions !

 <NOSCRIPT><META HTTP-EQUIV="REFRESH" CONTENT="0; URL=kick_to.htm"></NOSCRIPT>

THIRD - TO STOP BROWSERS CACHING THE PAGE, put these 2 lines immediately below
 <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
 <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">

LASTLY - CONFIGURE THE SCRIPT by following the instructions below...		*/


/* -----------------
STEP 1. WHAT SITES/PAGES ARE ALLOWED TO ACCESS THIS PAGE ?
	Put the specific hostnames that you want to allow into the
	MYSITES Array below. Put ' ' around each, commas between them...
	You can be very specific and include path and page URL if you want.
	- I recommend you do NOT include http:// or www at the start !		*/

var MYSITES=new Array('gclubnet.com','warezslutz.com','site.com/path/page.htm');


/* ------------------
STEP 2. SET UP THE METHODS TO USE... for each one, set to one of the following :
	'allow'   -> do nothing, page will load normally
	'kick'    -> redirect immediately to a specific webpage
	'message' -> show full screen message (as specified in BF_message below)
	'fake404' -> makes a page that looks just like a "404 Not Found"		*/

// 2a.	WHAT TO DO IF THE REFERRING PAGE IS *NOT* ONE OF THE ALLOWED ONES ?
var BANNED_REF_METHOD = 'fake404';

// 2b.	WHAT TO DO IF THE REFERRER IS BLANK or NOT KNOWN ?
	// eg: surfer is using proxy, OR a browser that strips referrer field, OR
	// if they type the URL directly OR load page from a bookmark or history
var BLANK_REF_METHOD = 'message';

// 2c. WHAT TO DO IF THE BROWSER DOES NOT HANDLE REFERRER PROPERLY ?
	// IE3 (and perhaps others too) return *this* page's URL rather than
	// the referring page's - this would normally cause the script to fail
	// Note if you set this to other than 'allow' then IE3 will be ALWAYS be banned !
var FALSE_REF_METHOD = 'message';

// 2d. WHAT TO DO IF THE PAGE IS OPENED FROM A FILE ?
	// eg: If a lamer saves page to hard-drive then opens from there
	// Note: If this is NOT set to 'allow' you will NOT be able to view page offline either
	// - It's not much of a 'security' threat to leave this as 'allow', it's fun to
	// let them edit/view offline but get an error when they publish the pages online :-)
	// Also note even if set to 'allow' you will not be able to open page directly
	//  if  BLANK_REF_METHOD is not also set to 'allow' (not recommended) !
var FILE_OPEN_METHOD = 'message';

/* -----------------
STEP 3. SET UP YOUR MESSAGES and/or KICK URLs (if you are using these methods)...
	Note the way I add extra lines in the message fields below, you can
	add extra lines by using a + and continuing on like I have done.
	Each line must have ' ' around & variable must end with a ; character.
	You can use HTML in messages, but you CANNOT use ' or ; characters	*/

//  3a.	"BAD REFERRER" Redirect URL and/or MESSAGE...
var BAN_KickURL = 'http://www.elitetoplist.com/cgi-bin/topsites.cgi?wslutzz';
var BAN_Message = '<CENTER><H1>Sorry, Access Denied !</H1>'
		+ 'Sorry, access via the previous site is not allowed !'
		+ '<P>Please visit from legitimate source';

//  3b.	"BLANK REFERRER" Redirect URL and/or MESSAGE...
var BLK_KickURL = 'http://www.elitetoplist.com/cgi-bin/topsites.cgi?wslutzz';
var BLK_Message = '<CENTER><H1>Sorry, Access Denied !</H1>'
		+ 'You cannot open this page directly or from a bookmark'
		+ '<P>Nor can you access using a browser or proxy server'
		+ ' that strips out the referer field.'
		+ '<P>Please use a normal web browser and/or'
                + ' access from a legitimate source';

//  3c.	"FALSE REFERRER" Redirect URL and/or MESSAGE...
var FAL_KickURL = 'http://www.elitetoplist.com/cgi-bin/topsites.cgi?wslutzz';
var FAL_Message = '<CENTER><H1>Sorry, Access Denied !</H1>'
		+ 'You cannot access this webpage because your browser'
		+ ' is falsely reporting the referer field.'
		+ '<P>Please update your web browser !';

//  3d.	"FILE OPEN" Redirect URL and/or MESSAGE...
var FIL_KickURL = 'http://www.elitetoplist.com/cgi-bin/topsites.cgi?wslutzz';
var FIL_Message = '<CENTER><H1>Sorry, Access Denied !</H1>'
		+ 'You cannot access this webpage offline !';

/* -----------------
STEP 4. IF YOU ARE USING ANY 'FAKE 404' MESSAGES - SET WHICH TYPE TO SHOW...
	'apache' -> like used on Apache (most Unix) servers
	'nt'	 -> like used on Microsoft PWS and IIS servers			*/
var Style_404	= 'apache';

/* -----------------
STEP 5. IF YOU ARE USING ANY 'CUSTOM' MESSAGES - SET UP HOW PAGE WILL LOOK...	*/
var Page_Color	= '#000000';
var Font_Face	= 'Arial';
var Font_Color	= '#FFFFFF';
var Font_Size	= '4';

// ######## END OF MAIN SET UP - LEAVE THE REST ALONE UNLESS YOU UNDERSTAND IT

function DW(it){document.write(it);}

var REF=document.referrer;
var SITE_OK;
var ERRORS_FOUND;

function KickThem(where) {
DW(" ");
if(document.images){top.location.replace(where);}
else{top.location.href=where;}
DW("</HEAD><BODY></BODY></HTML><NOSCRIPT>");
}

function MsgThem(what) {
var TheTitle = 'ACCESS DENIED !';
DW('<TITLE>' +TheTitle+ '</TITLE></HEAD>');
DW('\n<BODY BGCOLOR="' +Page_Color+ '" TEXT="' +Font_Color+ '"><BR><BR><BR>');
DW('\n<FONT FACE="' +Font_Face+ '" SIZE="' +Font_Size+ '">');
DW(what);
DW('\n</BODY></HTML>\n<NOSCRIPT>');
document.title=TheTitle;
}

function Fake404() {	// First gotta set up the "Fake 404" pages...
var LC=location, Port=LC.port; if(!Port){Port=80;}
var apache404	= "<TITLE>404 Not Found</TITLE>\n</HEAD><BODY>\n<H1>Not Found</H1>\n"
		+ "The requested URL " + LC.pathname + " was not found on this server.<P>\n"
		+ "<HR><ADDRESS>Apache/1.3.9 Server at " + LC.hostname + " Port " + Port + "</ADDRESS>\n"
		+ "</BODY></HTML>";
var nt404	= "<title>Error 404</title>\n<meta name=\"robots\" content=\"noindex\"></head>\n\n"
		+ "<body>\n\n<h2>HTTP Error 404</h2>\n\n<p><strong>404 Not Found</strong></p>\n\n"
		+ "<p>The Web server cannot find the file or script you asked for."
		+ "Please check the URL to ensure that the path is correct.</p>\n\n"
		+ "<p>Please contact the server's administrator if this problem persists.</p>\n\n"
		+ "</body></html>";
if	(Style_404=='apache')	{ DW(apache404);	document.title="404 Not Found";	}
else if	(Style_404=='nt')	{ DW(nt404);		document.title="Error 404";	}
else				{ DW(apache404);	document.title="404 Not Found";	}
DW("<NOSCRIPT>");
}

//////TESTING STUFF
// REF="http://warezslutz.com";
// var OWN_URL=self.location.href;
// REF = OWN_URL;
//////TESTING STUFF
// DW("<P>document.referrer = " + REF);

// alert(location.protocol);

// FIRST, CHECK IF PAGE IS BEING OPENED FROM FILE :
if ((FILE_OPEN_METHOD != 'allow')&&(self.location.protocol=='file:')) {
	ERRORS_FOUND=true;
	if	(FILE_OPEN_METHOD=='kick')		{ KickThem(FIL_KickURL); }
	else if	(FILE_OPEN_METHOD=='message')		{ MsgThem(FIL_Message); }
	else if	(FILE_OPEN_METHOD=='fake404')		{ Fake404(); }
}


// NEXT, CHECK FOR FALSE_REFERRER :
if ((FALSE_REF_METHOD != 'allow')&&(!ERRORS_FOUND)) {
	if(REF==self.location.href) {
		ERRORS_FOUND=true;
		if	(FALSE_REF_METHOD=='kick')	{ KickThem(FAL_KickURL); }
		else if	(FALSE_REF_METHOD=='message')	{ MsgThem(FAL_Message); }
		else if	(FALSE_REF_METHOD=='fake404')	{ Fake404(); }
	}
}


// NOW, CHECK FOR BLANK REFERRER...
if ((BLANK_REF_METHOD != 'allow')&&(!ERRORS_FOUND)) {
	if(((!REF)||(REF=='')||(REF==' '))) {
		ERRORS_FOUND=true;
		if	(BLANK_REF_METHOD=='kick')	{ KickThem(BLK_KickURL); }
		else if	(BLANK_REF_METHOD=='message')	{ MsgThem(BLK_Message); }
		else if	(BLANK_REF_METHOD=='fake404')	{ Fake404(); }
	}
}


// FINALLY, CHECK THE "ALLOWED REFERRERS" ARRAY...
if ((BANNED_REF_METHOD != 'allow')&&(!ERRORS_FOUND)) {
	var REF_OK;
	for(var i=0;i<MYSITES.length;i++){if(REF.indexOf(MYSITES[i])!= -1){REF_OK="YES";}}
	if (REF_OK != "YES"){
		if	(BANNED_REF_METHOD=='kick')	{ KickThem(BAN_KickURL); }
		else if	(BANNED_REF_METHOD=='message')	{ MsgThem(BAN_Message); }
		else if	(BANNED_REF_METHOD=='fake404')	{ Fake404(); }
	}
}