Posted By

luizlopes on 01/21/09


Tagged

form remote post bot security spam access HTTPREFERER


Versions (?)

Who likes this?

3 people have marked this snippet as a favorite

umang_nine
vali29
BrianCoyDesign


Prevent Remote Form Submit


 / Published in: PHP
 

URL: http://www.namepros.com/2996502-post8.html

[quote]$SERVER['HTTPREFERRER']'s problem is that can be spoofed, but it's better than nothing if you really want that.[/quote]

  1. if ($_SERVER['REQUEST_METHOD'] == 'POST') // or possibly, count($_POST) > 0
  2. {
  3. $host = preg_replace('#^www\.#', '', $_SERVER['SERVER_NAME']);
  4.  
  5. if ($host AND $_SERVER['HTTP_REFERER'])
  6. {
  7. $refparts = @parse_url($_SERVER['HTTP_REFERER']);
  8. $refhost = $refparts['host'] . ((int)$refparts['port'] ? ':' . (int)$refparts['port'] : '');
  9.  
  10. if (strpos($refhost, $host) === false)
  11. {
  12. die('POST requests are not permitted from "foreign" domains.');
  13. }
  14. }
  15. }

Report this snippet  

Comments

RSS Icon Subscribe to comments
Posted By: MMDeveloper on January 22, 2009

or you could also implement a captcha or my personal favorite re-captcha

Posted By: MMDeveloper on February 20, 2009

http_referer can be spoofed too

You need to login to post a comment.