posting from outside my website

chakytito

Hi, i have a website with a form in it for my guestbook, one problem am having is that some evil users are posting their comments from outside my website saving a copy of the from locally then altering the values of maximun characters so i would want a piece of code that would block all the users that are not posting from my website, this is an idea:

if($_SERVER['HTTP_REFERER'] != 'http://www.mywebsite.com') {
echo "error page";
exit;
}

but i had a lot of errors implementing this example in particular with a lot of users, any more ideas? thanks.

drew010

insted of using != try using [man]strstr[/man] or [man]strpos[/man] because if they post from a page on your site like http://yoursite.com/page.php != will be true, even though they are coming from your site, its not an exact match.

if (strpos($_SERVER['HTTP_REFERER'], "yoursite.com") === FALSE) //bad referer

this will check if yourdomain.com is contained in the http referer. they can still use sockets and formulate their own http post requests and spoof the referer (if they are more than just kiddies copying your form). if it gets that bad, you may need to implement an image verification feature where they have to type the text from a randomly generated image.