>> I'm looking for a way to stop spoofed forms, in general. >> Nothing sensitive, so I don't want to use passwords, just stop idiots >> messing.
> honestly, i would use a hidden form variable. ain't workin' - easy forkin'. Maybe you should add an md5 hash based on information the user sends to the site. I don't mean form data, take ip and date or stuff like that. Lock an ip for 3 minutes after submitting a page. Write semaphores with the md5 of the ip into the file system and delete semaphores older 3 minutes. If md5 mismatches just throw him back. You can also store a session which gets generated on another page. If the session does not contain a special value you can be quite sure tha the page gets accessed directly from outside. The semaphore might also be stored in session. (But don't thust it) Community email addresses: Post message: [email protected] Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] List owner: [EMAIL PROTECTED] Shortcut URL to this page: http://groups.yahoo.com/group/php-list Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-list/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
