Let' say we have a form mailer script, which takes any form ( whose action is directed to it ) and goes thru the submitting form's fields list ( programmatically) , to build a nice email on the fly and email the build up string to the email address that's coming in the hidden field. Let's say that's the case... And you do not want everyone to use this form mailier functionality. What's the best way to protect it? I currently use captcha to prevent robotic submissions but that won't prevent the issue I'm talked about above. I see no other way then the http_referer to test if the submitting form resides in one of the accepted domains that mailer.php has been hardcoded to work with and give privileges to, But then it's known fact that http_referer can be spoofed. What would be your way of protecting your script from being taken advantage of email functionality - without the http_referer? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
