Posting only from my page

Discussion in 'PHP' started by Giber, Oct 7, 2009.

0
  1. #1
    Hi, how can I secure posting only from my page?

    I use FORM POST method and I want to be sure that no one can POST
    the same parameters from a third party call (site).

    Is it possible? How can I hide parameters to post in my source?

    Thanks for any help...
     
    Giber, Oct 7, 2009 IP
  2. premiumscripts

    premiumscripts Peon

    Messages:
    1,062
    Likes Received:
    48
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Typically this is done via CSRF protection. A hidden token field in the form that is then compared to a session value. The token is only valid for one page load. Google for examples.
     
    premiumscripts, Oct 7, 2009 IP
  3. silotka

    silotka Peon

    Messages:
    70
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    You must check refer and you can use cookies or sessions for security also captcha can help you!
     
    silotka, Oct 7, 2009 IP
  4. Giber

    Giber Well-Known Member

    Messages:
    106
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    101
    #4
    Thanks to your suggestion I have combined the following code, it works perfectly for me, what do you think about? Did you encounter any empty referrer situation?

    if (substr($_SERVER['HTTP_REFERER'],0,24) == 'http://www.hotbounce.com')
    { echo 'ok'; }
    else
    { echo 'block'; }
     
    Giber, Oct 7, 2009 IP
  5. premiumscripts

    premiumscripts Peon

    Messages:
    1,062
    Likes Received:
    48
    Best Answers:
    0
    Trophy Points:
    0
    #5
    You should also allow empty referrers, some firewalls block referrer data. At least they used to.
     
    premiumscripts, Oct 7, 2009 IP
  6. w47w47

    w47w47 Peon

    Messages:
    255
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #6
    make a captcha.
     
    w47w47, Oct 7, 2009 IP