How do you figure out who sends the POST information?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
SashaSlutsker
Forum Newbie
Posts: 18
Joined: Sat Mar 20, 2004 11:24 am

How do you figure out who sends the POST information?

Post by SashaSlutsker »

What's the easiest way in PHP to find out who sent POST information? (If this is impossible, I could just use an Apache thing to block all sites except my own from sending POST information, assuming it is possible to do that. If so, just tell me.) Anyway, can someone please help me out here?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

session id's would probably be easiest..
SashaSlutsker
Forum Newbie
Posts: 18
Joined: Sat Mar 20, 2004 11:24 am

Post by SashaSlutsker »

Yes, I do use sessions. However, someone could log in, be in the session, and then send POST information from their own script or whatever. I want to stop this. Sometimes, I see something like "You do not have permission to send POST data on this site" or something when I try to access a site, I am thinking I can do this somehow.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

what's so important to absolutely need a post from your form? validation should be able to pick up any problems with the posted data. just consider anything coming from a visitor to the site as tainted and verify it all.
SashaSlutsker
Forum Newbie
Posts: 18
Joined: Sat Mar 20, 2004 11:24 am

Post by SashaSlutsker »

Yes, I do all that. But some people are simplifying the proccess in an online game by creating a script to do stuff every day. I'd like this to, er, not be possible.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

no sympathy for cheaters. banhammer.
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

$_SERVER['HTTP_REFERER'];
php.net wrote:'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
Post Reply