I believe that http_refer can be easily faked and some fire walls stop it being sent.
(to avoid click tracking)I believe also that is something that the browser sent and the server.
If this is so has any one any idears/comments on how I could check to make sure that a from is being posted from the correct website and not from a saved file on the users machine or another website.
this also happend is you are moving from a secure site to an insecure site http_refer is null or empty.
