Jump to content

validate form submission source


Hailwood

Recommended Posts

Hi guys,

 

 

I have a page which submits a form via ajax

the form submits to add a new user

users can only access this page if they are logged in,

 

 

so my question is how do we validate to make sure that the requests are coming only from that page?

 

 

we thought about validating via the request ip but if the form is submitted via ajax would that not just be the clients ip?

 

 

Regards,

Hailwood

Link to comment
Share on other sites

I'm not sure I understand the problem 100%

 

You're saying you have a page (example.php) which contains a form that is submitted via ajax - and you want to make sure that the form is only ever submitted from example.php on your server?

 

When you show the form, add a hidden field with a random token in it that is also stored in the user's session.  Then in the code handling the ajax post, compare the token posted with the form to the token stored in the user's session.  If they're not the same or one is missing etc. then you know that the post was not made from your page.

 

Sorry if I misunderstood...

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.