Let' say we have a form mailer script, which takes any form ( whose
action is directed to it ) and goes thru the submitting form's fields
list ( programmatically) , to build a nice email on the fly and email
the build up string to the email address that's coming in the hidden
field. Let's say that's the case...

And you do not want everyone to use this form mailier functionality.
What's the best way to protect it?

I currently use captcha to prevent robotic submissions but that won't
prevent the issue I'm talked about above.

I see no other way then the http_referer to test if the submitting
form resides in one of the accepted domains that mailer.php has been
hardcoded to work with and give privileges  to, But then it's known
fact that http_referer can be spoofed.

What would be your way of protecting your script from being taken
advantage of email functionality - without the http_referer?

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to