Using Wildcards

lupus2k5

OK, I'm just trying to get a referral. The form must be submitted from a certain domain or it will not work is the goal.
My domain/HTTP_REFERER is http://z7.invisionfree.com/New_Slang/
However, I want it to work on
http://z7.invisionfree.com/New_Slang/index.php
http://z7.invisionfree.com/New_Slang/index.php?act=x
http://z7.invisionfree.com/New_Slang/index.php?act=x&showforum=1#last
Basically, everything on the http://z7.invisionfree.com/New_Slang/ domain.
I've got this far:

<?php
function checkdomain($referer) // $referer = $_SERVER["HTTP_REFERER"];
{
 if($referer != "http://z7.invisionfree.com/New_Slang/")
 {
  echo "You didn't submit from a valid domain.";
  exit;
 }
}
?>

matt72

//find 'http://z7.invisionfree.com/New_Slang/' in the referer string.
if(strpos($referer,'http://z7.invisionfree.com/New_Slang/') !== false)
{
//valid referer
}
else
{
//invalid
}

Of course, some browers / antivirus programs don't send referers... So those people won't be able to submit. And it's easy to spoof referers, but that's a different matter.

Hope this helps 🙂

lupus2k5

See, it's not a major threat, I don't care if it's spoofed.