Useing sessions to verify form submissions instead of checking referers

Go down

Useing sessions to verify form submissions instead of checking referers

Post by jamied_uk on 17th January 2014, 23:07

This is page0.php that you use to start an example test!


Code:



<title>J~Net</title>
<?php
// test0.php is the start page for a page that holds a submit form for example!

// test.php is the page that will test to see if is correct code matches and weather or not to trust the referrer page!

// this will make sure no forgeries occoure so change the $test var and dont make it random
// if you change it then always change on the parse page aswell else it wont match and will fail!

session_start();
$test = '_CODE_01001011010101100';
$_SESSION['ALLOW_SUBMIT'] = $test;
header("location: test.php");
?>







This test.php file is the result of the test example for a parsing file with checking code!


Code:

<title>J~Net</title>
<?php
// test0.php is the start page for a page that holds a submit form for example!

// test.php is the page that will test to see if is correct code matches and weather or not to trust the referrer page!

// this will make sure no forgeries occur so change the $test var and dont make it random
// if you change it then always change on the parse page as well else it wont match and will fail!

session_start();
$ref = $_SERVER['HTTP_REFERER'];
$test = $_SESSION['ALLOW_SUBMIT'];
?>


<?php
//
if($test !== '_CODE_01001011010101100') {
die("Remote Posting Not Permitted");
// do something
}
//unset sessions for checker here!
$_SESSION['ALLOW_SUBMIT'] = '';
echo "Safe To Execute";
// do something else like execute code here
?>





Files For This Script!
Code:
https://app.box.com/s/hrowy0uppymdwor9p3xu
avatar
jamied_uk
Admin

Posts : 2320
Join date : 2010-05-09
Age : 35
Location : UK

http://address-shortner.co.uk

Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum