[PHP] forms and IP numbers
A friend of mine found a bug in my messageboard code, this way he can post with other (than in my database) nicknames from a local form. Now I want to have the formhandler do a check from where the form is sent. If it is not sent from my own webserver it has to display an error message. Thanks, Marc van Duivenvoorde -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] forms and IP numbers
This would be just as bad, as he could open up a socket faking a referer. What you really need are data integrity checks inside the script which posts to the message board on your server. /* Chris Lambert, CTO - [EMAIL PROTECTED] WhiteCrown Networks - More Than White Hats Web Application Security - www.whitecrown.net */ - Original Message - From: Marc van Duivenvoorde [EMAIL PROTECTED] To: Php general lijst [EMAIL PROTECTED] Sent: Friday, July 13, 2001 6:09 AM Subject: [PHP] forms and IP numbers | A friend of mine found a bug in my messageboard code, this way he can post | with other (than in my database) nicknames from a local form. Now I want to | have the formhandler do a check from where the form is sent. If it is not | sent from my own webserver it has to display an error message. | | Thanks, | | Marc van Duivenvoorde | | | -- | PHP General Mailing List (http://www.php.net/) | To unsubscribe, e-mail: [EMAIL PROTECTED] | For additional commands, e-mail: [EMAIL PROTECTED] | To contact the list administrators, e-mail: [EMAIL PROTECTED] | | | -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] forms and IP numbers
no offense, but that's a bad kludge for the problem. however, if you really want to do that, you could try checking $SERVER_NAME and $HTTP_REFERER and other enviornment variables like that... what would be easier (and better practise) to do is to verify that the incoming username is valid... -Original Message- From: Marc van Duivenvoorde [mailto:[EMAIL PROTECTED]] Sent: Friday, July 13, 2001 6:10 AM To: Php general lijst Subject: [PHP] forms and IP numbers A friend of mine found a bug in my messageboard code, this way he can post with other (than in my database) nicknames from a local form. Now I want to have the formhandler do a check from where the form is sent. If it is not sent from my own webserver it has to display an error message. Thanks, Marc van Duivenvoorde -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] forms and IP numbers
I would like to pull the date and time of the creation of a file via a php script and compare it to the current time. How do I do this? TIA Randy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] forms and IP numbers
stat() -Original Message- From: Randy Johnson [mailto:[EMAIL PROTECTED]] Sent: Friday, July 13, 2001 4:09 PM To: scott [gts]; php Subject: RE: [PHP] forms and IP numbers I would like to pull the date and time of the creation of a file via a php script and compare it to the current time. How do I do this? TIA Randy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]