NYCPHP Meetup

[nycphp-talk] <a href> vs. <form> request

Pinyo Bhulipongsanon pinyo at nyc.rr.com
Wed Apr 16 19:51:23 EDT 2003


Hi,

New guy here.  This may help.  I use this too, so if you can point out any
weaknesses, please let me know.

<?php
$host = "www.yoururl.com";
if (!isset($HTTP_REFERRER) || ($HTTP_HOST != $host)) {
    # access denied message
}
?>

You may have to use the long-hand variable call.  Anyway, it basically say
that to load this page the request must come from another page on the same
host.  This way people cannot create form on their site and link to your
pages, nor can they type in the address directly.

Any comment is appreciated.

Thanks,

Pinyo


----- Original Message -----
From: "Jerry Kapron" <nyphp at newageweb.com>
To: "NYPHP Talk" <talk at nyphp.org>
Sent: Wednesday, April 16, 2003 6:42 PM
Subject: [nycphp-talk] <a href> vs. <form> request


> I'm trying to figure out how I can restrict people to using an <a href>
link
> to send a request to a script.
> To be more specific I don't want them to send requests by submitting a
form.
> In case they do the script would respond with '401 Unauthorized' header or
> something to that effect.  For a while I thought I had a solution.. by
> looking for an additional GET var which would reflect the presence of a
> 'Submit' button, but then I realized that a form may be easily submitted
> with JavaScript's submit() method == no additional GET vars.
> I know it may seem like I worry too much, but in this project security is
> *extremely* important.
> I hope someone comes up with some clever idea..  my brain needs a reboot
to
> maintenance mode for a few hours..
>
> cheers,
> Jerry
>
> --
> 42.7% of all statistics are made up on the spot.
>
> -----Original Message-----
> From: Jim Musil <jmusil at villagevoice.com>
> To: NYPHP Talk <talk at nyphp.org>
> Date: Wednesday, April 16, 2003 5:48 PM
> Subject: [nycphp-talk] Utf and latin 1
>
>
> >Hi,
> >
> >I have two different character encodings on my page. Is there anyway to
> >convert utf-8 characters into latin1 characters via php?
> >
> >
> >--
> >James Musil
> >Senior Developer
> >Village Voice Media
> >36 Cooper Square
> >New York, NY  10003
> >(212) 475-3300 ext 14003
> >JMusil at villagevoice.com
> >
> >
> >
> >
> >
> >
>
>
>
> --- Unsubscribe at http://nyphp.org/list/ ---
>
>




More information about the talk mailing list