Preventing form submissions from other URL's

sametch

I have created a script which takes the fields posted from an enquiry form on our server and sends them as an email.

The problem I have is that I think its possible for someone to use a form from another server to post the same variables to my processing script and hence bombard me with spam mail.

Is there any easy methods I can use to minimise this risk?

FoxhoundX

The best way would probably be to check the HTTP Referer and match it to your domain.

However, this is still bypassable, so it's not foolproof in any way. I'm not really sure how you could make it impossible to alter.

cosminb

use

$_SERVER['HTTP_REFERER']; //for http referer

sametch

I tried

$temp = $_SERVER['HTTP_REFERER'];
echo "$temp";

but I get nothing.

Any ideas😕

gersh

first thing is make sure to change echo "$temp"; to echo $temp;

FoxhoundX

Originally posted by sametch
I tried

$temp = $_SERVER['HTTP_REFERER'];
echo "$temp";

but I get nothing.

Any ideas😕

Make sure you are clicking a link in order to go to the page. If you just copy and paste the URL into your Internet Browser, it is no referer.

A referer is basically 'which page' you were directed from. So if I clicked a link on here to google, the referer would be 'http://www.phpbuilder.com/board/newreply.php?s=&action=newreply&postid=10490310'.

sametch

I'm not pasting the URI directly into the browser window.

I am "posting" a form and then trying to pick up the referer info in the page it posts to.

It still doesn't work.