source of form submit

[cody7]

Hi

 

What is the best way to detect the URL where the form has been submitted, here’s an example

 

"www.domain.com/page1.php" has a form that will be submitted to "www.domain.com/page2.php". I need to be sure that all variables that will be submitted to page2.php are from page1.php of the same domain or else I have to deny the request.

 

Thanks you for your help

 

[kritical]

Unfortunately this is not a simple task...

 

Basically the there is a simple way to ask the client what domain they posted from however this is not trust worthy information as it is easily changed by a cleaver client.  (This is called the referral address)

 

I would suggest you setup authentication if you need to be certain the post is originating from the right place, alternatively you could use session management.  It really depends on what you are trying to do?

[jlr2k8]

I had to edit this post because I read it wrong. I know what you're saying now.

 

Sorry, kritical is right. It is complicated... but u can try making the form page set a URL cookie like this:

 

setcookie("url", $_SERVER['SERVER_NAME'], time()+3600, "/directory_of_your_form_and_form_processor/", ".domain.of.your.site.com");

 

And then on the page which processes your form info, write this:

 

if ($_COOKIE["url"]=="")

{

echo "You did not use the correct page";

exit;

}

else

{

//...rest of form goes here

}

[AndyB]

set a session variable on page1.php and verify its value exists on page2.php