Many legitimate users will have their referrer blocked by proxies or by
browser preference so you'll also have false negatives.
Arpad
cajbecu wrote:
<?
if($_POST && eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
// This is a safe POST
} elseif(!eregi(getenv("SERVER_NAME"),getenv("HTTP_REFERER"))) {
die("Illegal access. Your IP has been logged.\n");
}
?>
it is not safe. i can use curl (www.php.net/curl) and modify the referer
of my script to pass this security check. i advise you to add image code
to the form and check that in your script. that will stop the attackers
insert lot of data in your database.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
