> In light that everyone pointed out how insecure the HTTP_REFERER value is > since it can be spoofed > by the right browser and user... > > Why not write a small PHP function and include it in the top of every > critical page. When the page > is loaded your routine will check required credentials. If the user need > to login to see the page > then display another include. Do not refer them to another page or URL. > Then you do not have to > worry about where they came from to be able to send them back. Then once > they have posted the sign > on form it posted back to itself see PHP_SELF. > > This is all along the line of have a form page that when submitted sends > the information to itself > and not another form processing page. You can check the PHP variable to > see if the form was > submitted or if the user just landed on the given page.
Again I point to my application structure example. It's really useful. http://bierans.de/shared Community email addresses: Post message: [email protected] Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] List owner: [EMAIL PROTECTED] Shortcut URL to this page: http://groups.yahoo.com/group/php-list Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-list/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
