Prevent POST form for flooding

c4l3m

Hi there,

i want to prevent someone with page on an other server to use my form cause i have a form sending message to internal user, but the web site is public so anybody could get an account.

my page validate if user is login, but like i said it could be internal user with bad idea in mind.

Exemple :

www.myserv.com/register.php

and i want to make sure the POST information come from this page or my server and not from www.otherserv.com/fakeregister.php per exemple.

Any idea or suggestion ?

thorpe

check the $_SERVER['http_referer'] variable.

Sayian

... And even that isnt 100% certian. All someone would have to do is fake the headers.