Bob wrote:
> Hi,
> I'm looking for a way to stop spoofed forms, in general.
> Nothing sensitive, so I don't want to use passwords, just stop idiots messing.
>
> I saw Brian's last post, and this may be a solution.
>
> if (!$_SERVER[HTTP_REFERRER]) = 'enter.php'
> {echo "Access Refused";}
>
> but I've heard that not all browsers pass the referrer, anyone know for
> certain?
> Bob.
>
its true. opera even has a setting to change it to whatever you want.
its far from secure...
honestly, i would use a hidden form variable.
index.php:
<input type="hidden" name="checkthrough" value="1" />
protectedpage.php:
<?
if (!($_POST['checktrhough']) = "1")
{
echo "denied";
}
else
// show page
?>
Community email addresses:
Post message: [email protected]
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
List owner: [EMAIL PROTECTED]
Shortcut URL to this page:
http://groups.yahoo.com/group/php-list
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-list/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
