action.php only accept the info from form.php

searain

i have a form.php, the action page of this form will be action.php.

i want to make sure that action,php only accept the form information sent from form.php.

i don't want the action.php to accept the same form information but from other pages of other http locations.

how to do it? i think i can use some built in function to check if the previous page of action.php is the form.php?

does any one has the simple codes?

thanks

nightowl

dunno why you would want to do it. It is even pretty much impossible to be completely sure afaik. But you can check the http_referer. This would rule out most people, though it is possible to fake the http_referer too.

otherwise, you could define a secure hash on the first form and pass that one too.

on the form:
$time= time();
$hash = md5($time."secretvar");
store both in the form as hidden var.

on the action.php:
$current_time = time();
if ($current_time - 5*60 > $time) {
// too long ago
echo "form timed out";
}
else {
// check if hash is correct
$current_hash = md5($time."secretvar");
if ($current_hash == $hash) {
echo "ok";
}
else {
echo "false time or hash";
}
}