Jump to content

Preventing manipulation of input string


ElArZ

Recommended Posts

Hi,

 

Let me explain the idea first:

 

There is a site that contains a lot of pages that have info in them which i need to extract.

I made an html code with 2 frames: the top one has the form and the send button, the other frame opens the site.

 

While members are browsing the site and come to a page that they wish to submit then they click the button, which retrieves the html of the site and sends it through the form to the php script which extracts the info and adds them to the database.

 

The problem is that people can fake the form, and send false info.

 

My question is: Is there a way to make sure that the data being entered is original?

Including something like a hidden/uncopyable signature maybe?

 

Thank you.

Link to comment
Share on other sites

you could generate a MD5 hash and store it in a session, and also in a hidden input field. when the form is posted, simply check this hidden hash against the one in the session var, and only accept the input if there's a match. the hash would be generated each time just before the form is displayed.

Link to comment
Share on other sites

well it solves the issue that the form is being posted from the correct place, which generally removes a good high percentage of false data. after that, it's up to you to check the results with proper validation. dont do any "automated" scripts to generate SQL based on the form inputs. dont assume that SELECT/checkboxes etc are preset values - treat them also as freetext input fields. Firebug is a good tool to install to play with all these form manipulation loopholes.

Link to comment
Share on other sites

I forgot to mention that the form uses SMF permissions and the problem isn't with user validation as much as it is with the data.

 

Example:

 

The site contains this info:

X number = 56

Y number = 185

etc...

 

That would be included in HTML tags, but someone (a registered member) can take the source, change the values from 56 to 59 and 185 to 184 for example, and submit the form with all the params.

 

I might be asking for something that can't be done but i just wanted to try my luck.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.