Advanced Search

Prevent Remote Form Submit

/ Published in: PHP
Save to your folder(s)
[quote]$_SERVER['HTTP_REFERRER']'s problem is that can be spoofed, but it's better than nothing if you really want that.[/quote]

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. if ($_SERVER['REQUEST_METHOD'] == 'POST') // or possibly,  count($_POST) > 0
  2. {
  3.     $host = preg_replace('#^www\.#', '', $_SERVER['SERVER_NAME']);
  4.  
  5.     if ($host AND $_SERVER['HTTP_REFERER'])
  6.     {
  7.         $refparts = @parse_url($_SERVER['HTTP_REFERER']);
  8.         $refhost  = $refparts['host'] . ((int)$refparts['port'] ? ':' . (int)$refparts['port'] : '');
  9.  
  10.         if (strpos($refhost, $host) === false)
  11.         {
  12.             die('POST requests are not permitted from "foreign" domains.');
  13.         }
  14.     }
  15. }

URL: http://www.namepros.com/2996502-post8.html

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.