ElArZ Posted September 12, 2007 Share Posted September 12, 2007 Hi, Let me explain the idea first: There is a site that contains a lot of pages that have info in them which i need to extract. I made an html code with 2 frames: the top one has the form and the send button, the other frame opens the site. While members are browsing the site and come to a page that they wish to submit then they click the button, which retrieves the html of the site and sends it through the form to the php script which extracts the info and adds them to the database. The problem is that people can fake the form, and send false info. My question is: Is there a way to make sure that the data being entered is original? Including something like a hidden/uncopyable signature maybe? Thank you. Quote Link to comment https://forums.phpfreaks.com/topic/69087-preventing-manipulation-of-input-string/ Share on other sites More sharing options...
redbullmarky Posted September 12, 2007 Share Posted September 12, 2007 you could generate a MD5 hash and store it in a session, and also in a hidden input field. when the form is posted, simply check this hidden hash against the one in the session var, and only accept the input if there's a match. the hash would be generated each time just before the form is displayed. Quote Link to comment https://forums.phpfreaks.com/topic/69087-preventing-manipulation-of-input-string/#findComment-347279 Share on other sites More sharing options...
ElArZ Posted September 12, 2007 Author Share Posted September 12, 2007 But if you look at the source code, you can view the hash and include it in the form along with the false data, can't you? Quote Link to comment https://forums.phpfreaks.com/topic/69087-preventing-manipulation-of-input-string/#findComment-347288 Share on other sites More sharing options...
redbullmarky Posted September 12, 2007 Share Posted September 12, 2007 well it solves the issue that the form is being posted from the correct place, which generally removes a good high percentage of false data. after that, it's up to you to check the results with proper validation. dont do any "automated" scripts to generate SQL based on the form inputs. dont assume that SELECT/checkboxes etc are preset values - treat them also as freetext input fields. Firebug is a good tool to install to play with all these form manipulation loopholes. Quote Link to comment https://forums.phpfreaks.com/topic/69087-preventing-manipulation-of-input-string/#findComment-347299 Share on other sites More sharing options...
ElArZ Posted September 12, 2007 Author Share Posted September 12, 2007 I forgot to mention that the form uses SMF permissions and the problem isn't with user validation as much as it is with the data. Example: The site contains this info: X number = 56 Y number = 185 etc... That would be included in HTML tags, but someone (a registered member) can take the source, change the values from 56 to 59 and 185 to 184 for example, and submit the form with all the params. I might be asking for something that can't be done but i just wanted to try my luck. Quote Link to comment https://forums.phpfreaks.com/topic/69087-preventing-manipulation-of-input-string/#findComment-347309 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.