Hey guys I'm running a download site where user put in the link in the form field. I've found another third party site that make use of my site - which means, they added a field on their site but the download will be processed using my server. Anyway to prevent this? It's costing me bandwidth
If you are using PHP - you check the referrer for a match - but that is a little outdated as it can be spoofed. Try one these methods : http://www.hockinson.com/index.php?s=182
You should use referer check. you should use cookies. You should use authorization for your users and check it before handling out the file.
You can do 1 thing, to prevent this. Simply generate random string, and add that at the end of submit button's name (encode if you want).For example: <?php if(!isset($_SESSION["rand_str"]){ $_SESSION["rand_str"]=randString();//i can provide this function if you want } if(isset($_POST[md5('form_submit_button_'.$_SESSION["rand_str"])]){ unset($_SESSION["rand_str"]);// you dont need it anymore //process form } ?> ..... <input type="submit" value="submit" name="<?=md5('form_submit_button_'.$_SESSION["rand_str"])?>" /> ...... Code (markup): Here you go after each submit button's name will change (also after loading page for first time). You will also avoid double submits.