advanced code snippet search

Posted By

luizlopes on 01/21/09


Tagged

form remote post bot security spam access HTTPREFERER


Versions (?)

Who likes this?

3 people have marked this snippet as a favorite

umang_nine
vali29
BrianCoyDesign


Prevent Remote Form Submit

 / Published in: PHP
 

URL: http://www.namepros.com/2996502-post8.html

[quote]$SERVER['HTTPREFERRER']'s problem is that can be spoofed, but it's better than nothing if you really want that.[/quote]

Expand | Embed | Plain Text 
  1. if ($_SERVER['REQUEST_METHOD'] == 'POST') // or possibly,  count($_POST) > 0
  2. {
  3.     $host = preg_replace('#^www\.#', '', $_SERVER['SERVER_NAME']);
  4.  
  5.     if ($host AND $_SERVER['HTTP_REFERER'])
  6.     {
  7.         $refparts = @parse_url($_SERVER['HTTP_REFERER']);
  8.         $refhost  = $refparts['host'] . ((int)$refparts['port'] ? ':' . (int)$refparts['port'] : '');
  9.  
  10.         if (strpos($refhost, $host) === false)
  11.         {
  12.             die('POST requests are not permitted from "foreign" domains.');
  13.         }
  14.     }
  15. }

Report this snippet  

Comments

RSS Icon Subscribe to comments
Posted By: MMDeveloper on January 22, 2009

or you could also implement a captcha or my personal favorite re-captcha

Posted By: MMDeveloper on February 20, 2009

http_referer can be spoofed too

You need to login to post a comment.