Page 1 of 1

How do you figure out who sends the POST information?

Posted: Wed Apr 21, 2004 8:24 pm
by SashaSlutsker
What's the easiest way in PHP to find out who sent POST information? (If this is impossible, I could just use an Apache thing to block all sites except my own from sending POST information, assuming it is possible to do that. If so, just tell me.) Anyway, can someone please help me out here?

Posted: Wed Apr 21, 2004 8:33 pm
by feyd
session id's would probably be easiest..

Posted: Wed Apr 21, 2004 9:02 pm
by SashaSlutsker
Yes, I do use sessions. However, someone could log in, be in the session, and then send POST information from their own script or whatever. I want to stop this. Sometimes, I see something like "You do not have permission to send POST data on this site" or something when I try to access a site, I am thinking I can do this somehow.

Posted: Wed Apr 21, 2004 9:15 pm
by feyd
what's so important to absolutely need a post from your form? validation should be able to pick up any problems with the posted data. just consider anything coming from a visitor to the site as tainted and verify it all.

Posted: Wed Apr 21, 2004 9:24 pm
by SashaSlutsker
Yes, I do all that. But some people are simplifying the proccess in an online game by creating a script to do stuff every day. I'd like this to, er, not be possible.

Posted: Wed Apr 21, 2004 11:01 pm
by feyd
no sympathy for cheaters. banhammer.

Posted: Wed Apr 21, 2004 11:14 pm
by d3ad1ysp0rk
$_SERVER['HTTP_REFERER'];
php.net wrote:'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.