Useing sessions to verify form submissions instead of checking referers

by jamied_uk 17th January 2014, 23:07

This is page0.php that you use to start an example test!

Code:: <title>J~Net</title> <?php // test0.php is the start page for a page that holds a submit form for example! // test.php is the page that will test to see if is correct code matches and weather or not to trust the referrer page! // this will make sure no forgeries occoure so change the $test var and dont make it random // if you change it then always change on the parse page aswell else it wont match and will fail! session_start(); $test = '_CODE_01001011010101100'; $_SESSION['ALLOW_SUBMIT'] = $test; header("location: test.php"); ?>

This test.php file is the result of the test example for a parsing file with checking code!

Code:: <title>J~Net</title> <?php // test0.php is the start page for a page that holds a submit form for example! // test.php is the page that will test to see if is correct code matches and weather or not to trust the referrer page! // this will make sure no forgeries occur so change the $test var and dont make it random // if you change it then always change on the parse page as well else it wont match and will fail! session_start(); $ref = $_SERVER['HTTP_REFERER']; $test = $_SESSION['ALLOW_SUBMIT']; ?> <?php // if($test !== '_CODE_01001011010101100') { die("Remote Posting Not Permitted"); // do something } //unset sessions for checker here! $_SESSION['ALLOW_SUBMIT'] = ''; echo "Safe To Execute"; // do something else like execute code here ?>

Files For This Script!