Hi,

I was having some trouble as referrers were not being recorded. Happens that I am using https on *SOME* pages and so the codes wouldn't match.
I'm just reporting if someone rain into a similar problem.

My fixture was to hack the $base_url variable. I'm sure there may be better workarounds.

function _referral_hex_seed() {
  //global $base_url;
  $base_url = 'https://www.sntalent.com/referup';
  $seed = hexdec(_referral_asc2hex(substr($base_url, REFERRAL_HEX_START, REFERRAL_HEX_LENGTH)));
  return $seed;
}
CommentFileSizeAuthor
#10 778690-update-seed-parameter-D7.patch2.33 KBsocialnicheguru
#6 778690.patch2.24 KBjrust

Comments

kbahey’s picture

kbahey commented
Status: Active » Closed (works as designed)

The proper way is to set the $base_url in the settings.php for the site.

josepvalls’s picture

josepvalls commented
Status: Closed (works as designed) » Active

There are modules that overwrite the $base_url parameter in order to enable sites to serve content from both http and https.
I.e. My user profiles (editing) are sent in HTTPS, therefore the $base_url is https://www... but the public profiles are sent in HTTP.

I can't tell you exactly how I came to this (currently I have secure pages disabled) but take a look at:

http://drupal.org/node/61099
http://crackingdrupal.com/blog/greggles/drupal-and-ssl-multiple-recipes-...
http://success.grownupgeek.com/index.php/2009/07/12/drupal-ssl/
http://drupal.org/node/629578
http://drupal.org/project/securepages

chadhester’s picture

chadhester commented

I just ran into this as well. I set my $base_url value and the issue went away. It might be a better idea, however, to add an administrative configuration value to force HTTP or HTTPS for all the referral links.

IRuslan’s picture

IRuslan commented

I'm also had this problem, but in my case because referral code was different on http://www.example.com and http://example.com pages, or on site which uses other sub-domains.

Why module creator rely on $base_url?

josepvalls’s picture

josepvalls commented
Priority: Normal » Minor

My guess is to obfuscate the tokens. Use a string of your own or set your base url.
If the developer doesn't see the need on replacing it I think this can be closed.

jrust’s picture

jrust commented
Priority: Minor » Major
StatusFileSize
new 778690.patch2.24 KB

Using base_url definitely makes this module incompatible with secure_pages(). secure_pages has this code:

// Correct the base_url so that everything comes from https.
if (securepages_is_secure()) {
   $base_url = securepages_baseurl();
}

Moreover, as the function name, _referral_hex_seed(), implies the point is to provide some security so that referral urls can't be spoofed. However, given that this code is all open source this really provides no security as anyone can look at the code for this module and figure out the encryption scheme. One option is to get rid of this additional security, the other is to have the module use a random unique seed that it generates upon installation. Given that this causes the module to not work for sites that use https or have multiple subdomains it seems a major bug.

The attached patch makes it an admin setting. It maintains backwards compatibility by setting the variable to a substring of $base_url, but for new installations sets it to a random string.

jrust’s picture

jrust commented
Status: Active » Needs review
ArtActivator.com’s picture

ArtActivator.com commented
Version: 6.x-1.x-dev » 7.x-1.0-beta4
Priority: Major » Critical

And not only incompatible with securepages!!!!
Also with languguage subdomains!!!
I switched all users to SSL and now I lost 1500 referrals, because after switching to ssl, it also about 1600 referrals registered!
Very bad idea........... :(

---------------------------
www.ArtActivator.com - Order your success

kaizerking’s picture

kaizerking commented
Issue summary: View changes

I am also looking for this fix for 7.x-

socialnicheguru’s picture

socialnicheguru commented
StatusFileSize
new 778690-update-seed-parameter-D7.patch2.33 KB

Updated the patch for Drupal 7. Please test