Jump to content

Check where POST data came from?


Prismatic

Recommended Posts

On my forums i'm developing I dont want to allow anyone to send any POST data from any off-site sources. What would be the best method to thwart this?

If it helps to check against these, my config holds the following information

[code]
//Cookie Settings
$CookieDomain =".mysite.com";

//Board Header Information.
$SiteName = "MySite"; //Appears at the start of top links, IE. [Site Name] Board Name >> ...
$SiteURL = "http://www.mysite.com"; //Link for SiteName

$BoardName = "My Boards"; //Appears at the start of top links, IE. [Site Name] Board Name >> ...
$BoardURL = "http://www.MySite.com/Boards/"; //Link for BoardName
[/code]
Link to comment
Share on other sites

I do that anyway, I just want to make sure they arn't sending a modified post from their own server.


And when I say post, I mean $_POST[''], not post as in a message to the forums, as I might have implied in the origonal post. Modified origonal post to clarify.
Link to comment
Share on other sites

When you generate the form, INSERT a row with a Unique MD5 Hash, their Member ID and the date. Put the MD5 Hash in a hidden field, aswell as the date.
Then, on the receiving page, check that the Hash is valid, that it matches the User_id that created it and that too much time has not elapsed.
Link to comment
Share on other sites

If this is scripts where people are going to be posting a topic/reply, you'll want to make sure that the time limit is quite long. Also, i would make sure you dont just give an error, make sure you return their orginal text incase someone was typing something long and loses it.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.