Page 1 of 1

Restrict form submission to files from my site only

Posted: Fri May 24, 2002 3:18 am
by jack_wayne
I am looking to "SECURELY" restrict form submissions to my site. ie I don't want someone to have the file on their machine and submit the form to my site.

Thanks

Posted: Fri May 24, 2002 3:38 am
by Benjamin
You could use some code to check the refering url to make sure that it's approved. Not sure what the exact statement is to do that, but it shouldn't be to hard to find.

<?

//some code here which gets the refering url and puts it into the variable $referingurl

$approvedurl = "http://www.postfromonlyhere.com";
if ($referingurl !$approvedurl)
{
echo "To hell with your submission";
}
else
{
echo "Thank you for your submission";
echo "You can put more code here";
}
?>

You would also want to make $approvedurl a constant in the case that global variables are turned on. That way someone could not type in,

http://www.immahackyouputz.com/index.ph ... youlol.com

And change the variable like that. Not that they would know what that variable name was anyway, but hey it could happen.

Posted: Fri May 24, 2002 3:54 am
by jack_wayne
Unfortunately the $_SERVER{REQUEST_URI} only offers the relative path, There seems to be nothing within the server generated environment variables to specify the complete URL.

Posted: Fri May 24, 2002 6:04 am
by volka
you may use the same approach as supposed in A php frames solution?

here is a tutorial how to prevent hot linking with .htaccess