Hi Sonja, thanks for looking at this.
Here (I think) is the referer section, from "Jack's Formail". I've used
another form in ASP on a windows server that has a similar system, which of
course Norton's Firewall slams into. I could just chop it out, but I
hesitate since it's supposed to be in there for a reason, isn't it? Driving
me nuts. ;)
// function to check the referer for security reasons.
// contributed by some one who's name got lost.. Thanks
// goes out to him any way.
function check_referer($referers) {
if (count($referers)) {
$found = false;
$temp = explode("/",getenv("HTTP_REFERER"));
$referer = $temp[2];
for ($x=0; $x < count($referers); $x++) {
if (eregi ($referers[$x], $referer)) {
$found = true;
}
}
if (!getenv("HTTP_REFERER"))
$found = false;
if (!$found){
print_error("You are coming from an <b>unauthorized domain</b>");
error_log("[FormMail.php] Illegal Referer.
(".getenv("HTTP_REFERER").")", 0);
}
return $found;
} else {
return true; // not a good idea, if empty, it will allow it.
}
}
if ($referers)
check_referer($referers);
----- Original Message -----
From: "Van Der Westhuizen, Sonja" <[EMAIL PROTECTED]>
> Hi Ali,
>
> Could you please post your code (the referer section), we don't do it and
Im
> quite curious what it looks like. Im not sure how spammers can highjack a
> form. If they use automated processes you can ask a fields in a form to be
> validated before it gets submitted (ie, look that emails are well formed,
if
> there is text fields it should only be a certain length, all required
fields
> filled in etc), that should curtail their process. Also make it once the
> form is submitted by an individual it cant be submitted again. Is the form
> emailed to you or is it submitted to a db? If your email is there they can
> pick it up and use it for spam.
>
> :)
> Sonja
>
> -----Original Message-----
> From: Alida Saxon [mailto:[EMAIL PROTECTED]
> Sent: 05 June 2003 04:01 PM
> To: [EMAIL PROTECTED]
> Subject: [wdvltalk] RE: Is there a form out there that doesn't use
> refers for security?
>
>
> Hi Sonja, thanks for replying.
>
> I'm really not sure what to do with this. Cookies are possible but it's,
as
> you mentioned, still something the visitor controls... which is where the
> problems are coming from to begin with. I'd like to avoid logins,
especially
> since I've never set one up before and it's becoming something of a rush.
I
> wish I was more of a programmer.
>
> What I'd like to do is chop out the whole referring "security" bit of
code,
> but then I'm told it opens the form up to spamming and such. As I vaguely
> understand it, the refer feature makes sure that the form passing through
> are from your allowed domains, and not somewhere else. At this point, I
> almost don't care if I get spammed, so long as I don't have to look at
this
> problem any longer. ;)
>
> There must be some some sort of form that doesn't use referrs as the
means
> of making sure the form wasn't being hijacked.
>
____ � The WDVL Discussion List from WDVL.COM � ____
To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED]
Send Your Posts To: [EMAIL PROTECTED]
To change subscription settings to the wdvltalk digest version:
http://wdvl.internet.com/WDVL/Forum/#sub
________________ http://www.wdvl.com _______________________
You are currently subscribed to wdvltalk as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
