Preventing manipulation of input string

ElArZ

Hi,

Let me explain the idea first:

There is a site that contains a lot of pages that have info in them which i need to extract.
I made an html code with 2 frames: the top one has the form and the send button, the other frame opens the site.

While members are browsing the site and come to a page that they wish to submit then they click the button, which retrieves the html of the site and sends it through the form to the php script which extracts the info and adds them to the database.

The problem is that people can fake the form, and send false info.

My question is: Is there a way to make sure that the data being entered is original?
Including something like a hidden/uncopyable signature maybe?

Thank you.

etully

When the user clicks the button, instead of sending the HTML through, just send the URL through the form. Then the PHP script can obtain the HTML on its own (using fopen). This way, the only thing the user could manipulate is the URL which of course, would defeat the manipulation that they were trying to do.

ElArZ

To view some pages, you will need to be logged in so i can't send the url, i need the code.

Is there a way to hash the html code and send the hash along with the entire code and then check if they match? or that wouldn't work?

etully

It's a timing issue.

When would you calculate the hash on the original HTML? If the user obtains the HTML from the site and puts it into the form... and then modifies the HTML... and then passes it to your PHP script, when would you "see" the original HTML to calculate the hash?

It could easily work IF the owner of the original web site (the source of the HTML) would put a hash value in the HTML. Then when you get the HTML, you could calculate the hash and see if it matches the hash that the original author put on it. That is a way to make sure a message doesn't get modified by a middleman in transit. But I get the sense from your post that the original author of the HTML doesn't even know that you are scraping the HTML.

Since you can't get the original author of the HTML to put a hash on it... you don't even SEE the HTML until after the middleman had the opportunity to modify it. So what would you be checking? You could check to see if the middleman modified his modified HTML?!?! That doesn't help 🙂

So this isn't a limitation on the capabilities of PHP or HTML. It's a limitation imposed by your system. Since the middleman is reporting the HTML to you and you have no way of seeing the original HTML to verify, you just have to trust what the middleman is passing on.