Also, speaking of detection, I made a small script that can protect against
people downloading your site's forms, modifying their new local copy (and
putting an absolute URL in the form's ACTION attribute), and then posting
data using the botched form. If it's bulletproof, then I figured this could
help some of you out. If not, I welcome comments (I'm a little bit hesitant
of calling things 'bulletproof'). $http_referer (lowercase) is the
parse_url() of $_SERVER["HTTP_REFERER"]. Some local mucking up can give you
the format you want for it.
if((count($_POST) > 0) && (!stristr($_SERVER["HTTP_REFERER"],
$http_referer))) {
unset($_POST);
$evil = "postedfromoutsidepage";
}
Then, you can test for $evil when you need to print an error message or
decide whether or not the data is proper.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
