Referring URL's protection - how to in PHP?

[SexySarah]

The following code works pretty well, but spoofing easily gets past it. Is there a stronger way to protect certain pages short of using passwords? Free, preferably.

Thanks!!!


$Referer = getenv("HTTP_REFERER");

if (strchr($Referer, "URL"))
{
echo "text";
}
elseif (strchr($Referer, "URL2"))
{
echo "text";
}
else
{
echo "[script];window.location='http://www.redirectURL.com';[/script]";
}


Obviously < changed to [ and > changed to ]

[SexySarah]

Anyone?

[foe]

what error does it give you

[SexySarah]

It actually works fine.

But I've been playing around and it just isn't secure against spoofers.

I used zspoof and I got around it very easily.

I was just wondered if there's anyway to make it a little more secure against spoofing?


(sorry about using the word spoof quite so many times).

[neighborhood_bob]

A fair security measure is to insist that your members have
cookies enabled to view the site. Use a combo of .htaccess and
cookies to verify members on login. As far as I know, there isn't
really a way to stop spoofers when your only validation is through
reading the Referrer. Not an expert, just my experiences.

[SexySarah]

Quote:

Originally posted by neighborhood_bob
A fair secirotu measure is to insist that your members have
cookies enabled to view the site. Use a combo of .htaccess and
cookies to verify members on login. As far as I know, there isn't
really a way to stop spoofers when your only validation is through
reading the Referrer. Not an expert, just my experiences.

Interesting.

I'll search phpbuilder.com to see how I can integrate cookies as a security measure too.