from a securit point of view how is it possible to make sure that any post data only comes from one site (that you define) for instance if I had a example/MyRegistrationForm.php, which posts to example/MyUserCreation.php How could I make sure that the data is only posted from example/MyRegistrationForm.php I dont want to send this in the post request (since post request can be manipulated), i need to find a way for example/MyUserCreation.php to know it come from example/MyRegistrationForm.php Any ideas?
well, you can check the http_referer ($_SERVER['HTTP_REFERER']) though this can be manipulated as well. try setting a session or something on regform.php and use a captcha of some sort like e39m5 had suggested. then on create.php check the http_referer, the session, and the captcha input. it's likely that it wont be automated if you just take a few steps to make it a bit more difficult.