Prevent Remote Form Submit


/ Published in: PHP
Save to your folder(s)

[quote]$_SERVER['HTTP_REFERRER']'s problem is that can be spoofed, but it's better than nothing if you really want that.[/quote]


Copy this code and paste it in your HTML
  1. if ($_SERVER['REQUEST_METHOD'] == 'POST') // or possibly, count($_POST) > 0
  2. {
  3. $host = preg_replace('#^www\.#', '', $_SERVER['SERVER_NAME']);
  4.  
  5. if ($host AND $_SERVER['HTTP_REFERER'])
  6. {
  7. $refparts = @parse_url($_SERVER['HTTP_REFERER']);
  8. $refhost = $refparts['host'] . ((int)$refparts['port'] ? ':' . (int)$refparts['port'] : '');
  9.  
  10. if (strpos($refhost, $host) === false)
  11. {
  12. die('POST requests are not permitted from "foreign" domains.');
  13. }
  14. }
  15. }

URL: http://www.namepros.com/2996502-post8.html

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.