Thread: php & form submission control
View Single Post
Old 05-25-2004, 03:50 AM  
boyw_utr
Confirmed User
 
Join Date: Oct 2003
Location: The Netherlands
Posts: 310
Quote:
Originally posted by bawdy
how can i make it so that a form will only be accepted if its been submitted from the domain that it is hosted on?

could check refering url etc but was wondering if someone knows a more secure way

You can only use the referring check like this:

Check the refer var stored in:
$HTTP_SERVER_VARS['HTTP_REFERER'];

$findme = 'www.domain.com';


$pos1 = stripos($HTTP_SERVER_VARS['HTTP_REFERER'], $findme);

// Nope,
if ($pos1 hahahaha= false) {
echo "The string '$findme' was not found in the string '$HTTP_SERVER_VARS['HTTP_REFERER']'";
}
// Yes it there
Else{
echo "We found '$findme' in '$HTTP_SERVER_VARS['HTTP_REFERER']'";
}

replace the echo's after testing by or a new header or the add to db routine...


Good Luck

__________________
SIG TOO BIG! Maximum 120x60 button and no more than 3 text lines of DEFAULT SIZE and COLOR. Unless your sig is for a GFY top banner sponsor, then you may use a 624x80 instead of a 120x60.
boyw_utr is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote