1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HTML forms and PHP.

Discussion in 'Web Design & Development' started by lumentec, Oct 12, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. lumentec

    lumentec Thread Starter

    Joined:
    Mar 23, 2008
    Messages:
    103
    If have a PHP script that decides what will happen based upon data sent with a hidden input in HTML. My question is... If someone on a different website uses an HTML form with an action of (mywebsite.com/script.php), will the PHP script accept that data?
    If so, how can I get around this?
     
  2. maneetpuri

    maneetpuri

    Joined:
    Oct 14, 2008
    Messages:
    135
    Yes, the PHP script will accept the data. To stop this on the PHP script you can put a referral check i.e. this script is called from some other domain then do not execute the script just show a error message and terminate the execution of redirect to the form on your website.


    Maneet Puri
    LeXolution IT Services
    Web Development Services
     
  3. MMJ

    MMJ Guest

    Joined:
    Oct 15, 2006
    Messages:
    3,625
    Not a reliable method at all.

    @OP: Check the cookie or some other method of auth.
     
  4. lumentec

    lumentec Thread Starter

    Joined:
    Mar 23, 2008
    Messages:
    103
    I don't have any cookies.


    I still need a solution.
     
  5. MMJ

    MMJ Guest

    Joined:
    Oct 15, 2006
    Messages:
    3,625
    So make some cookies?...
     
  6. lumentec

    lumentec Thread Starter

    Joined:
    Mar 23, 2008
    Messages:
    103
    Cookies are easily editable.
     
  7. Techmonkeys

    Techmonkeys

    Joined:
    Feb 10, 2005
    Messages:
    625
    Could you not just send a hidden input from the form and have the PHP check that the hidden input is correct before continuing with the script?

    PHP:
    if ($_POST['hidden_input'] != "BbAaCc") {
    exit();
    }
     
  8. MMJ

    MMJ Guest

    Joined:
    Oct 15, 2006
    Messages:
    3,625
    Indeed, but that could easily be replicated.
     
  9. K1nS

    K1nS

    Joined:
    Oct 17, 2008
    Messages:
    10
    I would suggest creating a cookie on the users system when they load the html form, output some kind of key in a hidden input on the form and also store that key in the session, when you proccess the form, make sure these two match, also make the session time out fairly quickly so that anyone trying to hijack it will have their work cut out for them.
     
  10. MMJ

    MMJ Guest

    Joined:
    Oct 15, 2006
    Messages:
    3,625
    Ahh... perfect. :)

    +1
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/758594

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice