Useing sessions to verify form submissions instead of checking referers

Go down

Useing sessions to verify form submissions instead of checking referers Empty Useing sessions to verify form submissions instead of checking referers

Post by jamied_uk on 17th January 2014, 23:07

This is page0.php that you use to start an example test!


Code:



<title>J~Net</title>
<?php
// test0.php is the start page for a page that holds a submit form for example!

// test.php is the page that will test to see if is correct code matches and weather or not to trust the referrer page!

// this will make sure no forgeries occoure so change the $test var and dont make it random
// if you change it then always change on the parse page aswell else it wont match and will fail!

session_start();
$test = '_CODE_01001011010101100';
$_SESSION['ALLOW_SUBMIT'] = $test;
header("location: test.php");
?>







This test.php file is the result of the test example for a parsing file with checking code!


Code:

<title>J~Net</title>
<?php
// test0.php is the start page for a page that holds a submit form for example!

// test.php is the page that will test to see if is correct code matches and weather or not to trust the referrer page!

// this will make sure no forgeries occur so change the $test var and dont make it random
// if you change it then always change on the parse page as well else it wont match and will fail!

session_start();
$ref = $_SERVER['HTTP_REFERER'];
$test = $_SESSION['ALLOW_SUBMIT'];
?>


<?php
//
if($test !== '_CODE_01001011010101100') {
die("Remote Posting Not Permitted");
// do something
}
//unset sessions for checker here!
$_SESSION['ALLOW_SUBMIT'] = '';
echo "Safe To Execute";
// do something else like execute code here
?>





Files For This Script!
Code:
https://app.box.com/s/hrowy0uppymdwor9p3xu
jamied_uk
jamied_uk
Admin

Posts : 2471
Join date : 2010-05-09
Age : 36
Location : UK

http://address-shortner.co.uk

Back to top Go down

Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum