Using sessions, $HTTP_HOST, form keys, $HTTP_REFERER, ip address,

  On a session you can record the user_agent on the first page, the ip, the
host, and check on the form's action page. Form keys are some number you
come up and pass either via url or post, and check on the action page.

  The thing is to find out whetever you can check that should be fixed
between page transitions or things that you can invent.

  Not 100%, but the more, the best.


Julio Nobrega.

Um dia eu chego lá:

Ajudei? Salvei? Que tal um presentinho?

"Chris Boget" <[EMAIL PROTECTED]> wrote in message
000701c1dccb$8b911ee0$[EMAIL PROTECTED]">news:000701c1dccb$8b911ee0$[EMAIL PROTECTED]...
> For security, you can modify your code so that you check
> the $_POST elements instead of using the magic globals.
> That's all well and good.
> However, someone copy and save your HTML to their local
> machine, change some values, change the "Action" page of the
> form to be instead of
> "form_page.php".  You'll be checking the $_POST elements
> but you won't have any idea that they were changed and posted
> from the user's local machine.
> Is there any way to determine from where the post request came
> from w/o using http_referer?
> Chris

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to