Linked sites

DigitalExpl0it

I have the following script

if (strstr($_SERVER['HTTP_REFERER'],"mysite.com")) {
	echo "access granted";
} else {
     echo "Sorry you dont have access";
}

now this seems to work fine, but is there a way around this. Like can someone spoof the REFERER url?

Note: this is on a page with a submit form. So no outside script can excute the form.

example: <form action="mysite.com/form.php">

Drakla

Yup, spoofed really easily. And some clients don't even send the referrer, so they'd be totally stopped from using the form.

DigitalExpl0it

Originally posted by Drakla
Yup, spoofed really easily. And some clients don't even send the referrer, so they'd be totally stopped from using the form.

so can someone spoof the referer using php?

Drakla

You could do it with php if you wanted, as it's just something passed in the header. Some browsers, can't remember which, have options for what info to send in the header.