I'm basically trying to stop people from posting information to my php file from another domain. The script i have so far is below. Whats happening now is that no information is getting through at all. I suspect it's something to do with the positioning of the "die()" function; (i have other lines of code under these lines which i need to execute).
Can someone please correct me on this.
//GET THE HOSTNAME VALUE
$ref = $_SERVER['HTTP_REFERER'];
preg_match("/^(http:\/\/)?([^\/]+)/i",
$ref, $matches);
$host = $matches[2];
//CHECK ITS POSTED FROM THE CORRECT LOCATION
echo "referer=$host&";
if($host=="www.myActualDomain.com"){
echo "valid=1";
}else{
echo "valid=0";
die("you are trying to submit information from an invalid location.");
}
By the way i tried this to try and combat the problem...
ini_set("allow_url_fopen", "off");
This seemed to switch off the allow fpoen stuff in the phpinfo() window but didnt stop people from submitting from elsewhere 🙁
